lostzen / lost

A drop-in replacement for Google Play services location APIs for Android
http://mapzen.github.io/lost/
Other
352 stars 70 forks source link

getLastLocation() throws SecurityException on API 23+ #68

Closed amayatsky closed 8 years ago

amayatsky commented 8 years ago

Unfortunately we need to check if the ACCESS_FINE_LOCATION permission is granted every time we call this function. Is this an intended behavior or some improvement is possible?

Process: com.amayatsky.test, PID: 5948 java.lang.SecurityException: "passive" location provider requires ACCESS_FINE_LOCATION permission.

ecgreb commented 8 years ago

Nice catch. FusionEngine#getLastLocation() should be updated to respect runtime permissions and fallback to network provider only if ACCESS_FINE_LOCATION has not been granted.

This also begs the question what should getLastLocation() return if no location permissions have been granted? I guess our only option in this case is to return null.

amayatsky commented 8 years ago

Same exception for requestLocationUpdates by the way. Maybe this should be tracked as a separate issue.

3 Авг 2016 г. 23:54 пользователь "Chuck Greb" notifications@github.com написал:

Nice catch. FusionEngine#getLastLocation() should be updated to respect runtime permissions and fallback to network provider only if ACCESS_FINE_LOCATION has not been granted.

This also begs the question what should getLastLocation() return if no location permissions have been granted? I guess our only option in this case is to return null.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mapzen/LOST/issues/68#issuecomment-237264284, or mute the thread https://github.com/notifications/unsubscribe-auth/AObC8f2x4sTmt8RHSqIc5wHwqZ2s_1-cks5qcLxKgaJpZM4JbBU1 .

ecgreb commented 8 years ago

Yeah a lot of this stuff was written before Android M permissions were a thing so there are some questions that need to be answered around this stuff.

However in this case if a client application requests location updates with PRIORITY_HIGH_ACCURACY without checking permissions and the ACCESS_FINE_LOCATION has not been granted then throwing a SecurityException is probably the correct behavior.

msmollin commented 8 years ago

I guess a good question would be: what does play services do?

ecgreb commented 8 years ago

Ok so I put together a quick sample app based on this tutorial and verified the following regarding the behavior of Google Play services (version 9.4.0):

  1. Calling LocationServices.FusedLocationApi.getLastLocation(mGoogleApiClient) when no location permissions have been granted does indeed return null and no exception is thrown.
  2. Calling LocationServices.FusedLocationApi.requestLocationUpdates(mGoogleApiClient, LocationRequest.create(), this) when no location permissions have been granted throws a SecurityException with the following message.
java.lang.SecurityException: Client must have ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION permission to perform any location operations.