Some of the requirements are to my knowledge not possible on Android.

[acooley]

If you use BLE you have to get permission for location on Android (probably iOS, but I'm not sure). This makes sense. BLE beacons were meant to have a location associated with them, thus scanning for one will reveal the user's location. I get that contact tracing does not necessarily reveal a users location to an application. If you are using this specification at an OS level (e.g. the Apple/Google implementation) then the application is not tracking location. If you are implementing something on top of that, OR you are implementing something that leverages this spec, but might also be doing something else then you will need to ask for location permission from the user because you COULD be getting location information. Please let me know if I'm misunderstanding the READ.me. Stars for the implementation.

[scottleibrand]

I believe you are correct. Is there something specific you'd change in the README to more accurately reflect the permissions we'll be getting from Android? (If so, a PR to start that discussion would be most welcome.)

[hdevalence]

Hmm, I'm not sure I understand the concern. Is there part of the README that says that the application won't need location permissions? The point of the protocol is that it shouldn't reveal a users' location, not that the application won't need to have location permissions (indeed, it's probably helpful for an application to keep a local location history to provide users with context once they are alerted).

[acooley]

So I think the language that was problematic is now gone, but OK, I understand what you are saying. The requirement for the protocol is that it not depend on location, as in GPS data. If it depends on any information from BLE the implementation will depend on location permissions (with good reason) even if the protocol does not.