My app is not compliant with Google Play Policies - is the background permission mandatory required and how to remove it from manifest

[jbfrequence]

Your Environment

• Plugin version: 3.9.1
• Platform: Android
• OS version: Android 10
• Device manufacturer / model: Samsumg A40
• Cordova version (cordova -v):9.0.0
• Cordova platform version (cordova platform ls): android 9.0.0

• Plugin config provided to #ready:

  
  var configOptions = {
          // Geolocation config
          desiredAccuracy: 0, // HIGHEST ACCURACY , not an accuracy in meters !
  
          // IOS : The iOS CLLocationManager API is strictly distance-based. Thus, it does not make sense to think in terms of time
          // ANDROID : only locationUpdateInterval is important
          distanceFilter: (ionic.Platform.isAndroid()? 0 : 5),
  
          stationaryRadius: 10, // to not have false positive change of positions
          locationUpdateInterval: 1000,
          fastestLocationUpdateInterval: 1000,
  
          // Activity Recognition config
          activityType: 'Fitness',
          activityRecognitionInterval: 1000,
          stopTimeout: 5,
  
          preventSuspend : true, // IOS only, allows to make the app not sleeping
  
          // PRODUCTION CONFIG
          persist : false, // do not persit in SQLite database, it may consume..
          logMaxDays: 0,
  
          // Application config
          debug: false,
          stopOnTerminate: true,
          startOnBoot: false,
          foregroundService: true,
          notificationTitle:  "FREQUENCE live Tracking",
          notificationText:   "Train hard, run easy"
      };

configOptions["logLevel"] = bgGeo.LOG_LEVEL_OFF; // DEBUG <-> LOG_LEVEL_VERBOSE configOptions["desiredAccuracy"] = bgGeo.DESIRED_ACCURACY_HIGH; // -1 bgGeo.configure(configOptions, function(state) { // This callback is executed when the plugin is ready to use. log('BG ready'); configured = true; if (!state.enabled) { log('BG starting...'); bgGeo.start(watching); } else { watching(); } }, function(err){ $log.error("BG config error", err); geolocationError("BG config error: " + err); });

## Expected Behavior
When I build a debug APK, the generated AndroidManifest.xml under platforms/android/app/scr/main/ does not contain the ACCESS_BACKGROUND_LOCATION permission. I expected that the AndroidManifest.xml file inside the generated apk(s) (debug/release or even bundle) would not contain any declaration on this permission.

## Actual Behavior
When I unzip the debug / release apk, the AndroidManifest.xml inside contains declarations on permission "ACCESS_BACKGROUND_LOCATION"

## Steps to Reproduce
<!--- reproduce this issue; include code to reproduce, if relevant -->
1. cordova platform rm android
2. cordova platform add android@9.0.0
3. cordova build android

## Context
<!--- What were you trying to do? -->
Just trying to know if the permission ACCESS_BACKGROUND_LOCATION is MANDATORY required to use your plugin on Android.
Since we are using a "foreground service" with a persistent notification, should this permission be required and how to remove it from the manifest ?
In my project, none of the cordova plugins declares the ACCESS_BACKGROUND_LOCATION permission in plugin.xml

## Debug logs
<!-- include iOS / Android logs
- ios XCode logs,
- use #getLog #emailLog methods (@see docs)
- Android: $ adb logcat
-->
<details>
    <summary>Logs</summary>

```<!-- Syntax highlighting:  DO NOT REMOVE -->
After investigation, I found these lines in the manifest merger report debug log :
`android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />                                                                                                                                                                                          41-->[com.transistorsoft:tslocationmanager:3.1.17] C:\Users\USER\.gradle\caches\transforms-2\files-2.1\ad9c32f67a54fb54f911bfc03f7f5666\jetified-tslocationmanager-3.1.17\AndroidManifest.xml:5:5-84                                                                            41-->[com.transistorsoft:tslocationmanager:3.1.17] C:\Users\USER\.gradle\caches\transforms-2\files-2.1\ad9c32f67a54fb54f911bfc03f7f5666\jetified-tslocationmanager-3.1.17\AndroidManifest.xml:5:22-82

[christocracy]

Just trying to know if the permission ACCESS_BACKGROUND_LOCATION is MANDATORY required to use your plugin on Android.

Do you want to do long-term location-tracking in the background? Then yes, it's required and you need to follow the new Play Store guidelines for accessing "Sensitive Permissions".

I have successfully had my 3 demo apps for Cordova, React Native and Flutter all accepted by the new Play Store submission guidelines. It's not that hard.

This thread is from the Flutter version but is relevant.

I will be compiling my experience into a new blog post soon.

[christocracy]

See also Privacy Changes

[jbfrequence]

Thanks for your reply, Chris. Do I want to do long-term location-tracking ? Yes, if we are talking about run durations (some of my runners can run up to 3 hours with the app main activity not visible) But the fact is that I do not use the geofence feature on Android. My app is displaying a persistent notification (foreground service). Location tracking is just required while my app is in use and its stopwatch running. If the app is closed or killed by the user, there is no need to keep tracking his location in background. So why should background location permission be required/mandatory in my use-case ?

My latest video posted to google did not show the backgroundPermissionRationale while requesting "Always" mode. I will do it (post a new video), sure ! but as far as my runner user experience is concerned, I am wondering WHY my app should suggest to runner to accept a permission that will allow tracking their position "even if the app is closed". It does not make sense for the purpose of my app.

I think, a good solution would be to remove the declaration of "ACCESS_BACKGROUND_LOCATION" from the AndroidManifest inside the TSLocationManager aar and let the developer decide if it is really required. If so, they MUST declare this permission in cordova config.xml.

[christocracy]

You're free to override permissions in your AndroidManifest.xml. See here

[jbfrequence]

OK, thanks ! the location permission can be removed from the generated apk(s) be adding this lines to the config.xml (before adding the platform android) :

<platform name="android">
        ...
        <config-file parent="/manifest" target="app/src/main/AndroidManifest.xml" >
            <uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" tools:node="remove" />
        </config-file>
        <edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest">
            <manifest xmlns:tools="http://schemas.android.com/tools" />
        </edit-config>

I did some tests on Android Studio simulator (with an Android 10 virtual device), no more "Always" option is displayed in the native android popup while requesting the user authorization location request. Now , my app will comply to the Google privacy policies

Thanks a lot for your help

[christocracy]

It's not hard to configure your app in Play Store to accept the BACKGROUND_LOCATION permission. You just have to follow the steps in this thread

[jbfrequence]

Yes, but that's the message of Google Play in their latest rejection (with location background permission in manifest)

Your app must display a prominent disclosure through a pop-up alert before your app’s location runtime permission. Based on our review, a prominent disclosure did not appear before the runtime permission.

Please add a prominent disclosure before the runtime permission.

Remember, your prominent disclosure must:
Appear before your app’s location runtime permission.
Include at least the following sentence, adapted to include all the relevant features requesting access to location in the background in the app that are readily visible to the user: “This app collects location data to enable ["feature"], ["feature"], & ["feature"] even when the app is closed or not in use.” If you extend permitted usage to ads, please also include: “This data is also used to provide ads/support advertising/support ads.”
Include any other details necessary to make it clear to the user how and why you are using location in the background. While additional content is permitted, it should not cause the required content to not be immediately visible.

For my app, displaying the following message (that should be required if background location permission is added) to the user is just not appropriate. If app is closed or not in used, my app JUST do not require to collect data. "This app collects location data to enable ["feature"], ["feature"], & ["feature"] even when the app is closed or not in use"

[christocracy]

App "not in use" = in the background, where the jogger has their phone in their pocket.

"This app collects location data to enable tracking your run even when the app is not in use"

Just produce a simple Alert that shows once for the lifetime of your app.

[jbfrequence]

OK, I will try it and let you know

[jbfrequence]

I followed the guidelines of the thread (configured the rationale hook in backgroundGeo), published an update in alpha test and submitted this new video (recorded with Android Studio emulator Android 11)

https://drive.google.com/file/d/1Yed6-BIy-aqNH8Kqho-Sa-Le3yEzqjTC/view?usp=sharing

but Google still rejects my app for the following reason

Unable to verify background feature in app In our review, we were unable to verify that the app offers the declared background feature. Our review team must be able to verify the feature’s functionality in your app. If your feature is not visible to the user then you must demonstrate its functionality in your submitted video. Your video should show the in-app feature’s functionality using location in the background and how a user would trigger the prominent disclosure, runtime permission (with user consent), and the declared feature. If your feature’s functionality is not directly visible to the user, then you will need to show us its functionality in a video showing the in-app experience (e.g. notifying the user of a fraud alert). Please modify your video to demonstrate the declared feature for which you are requesting access to location in the background, and resubmit your declaration form via the Play Console

When you said "Just produce a simple Alert that shows once for the lifetime of your app.", what king of alert were you talking about (my app do not require geofencing) ?

[christocracy]

What's wrong with your video? It's constantly flashing.

[jbfrequence]

I know ;-) , this is coming from the screen recorder of Android Studio emulator (I downloaded one of the latest preview to get Android 11 working). I already sent report feedback to Google for this bug. Since I don't have a real device compliant to Android 11 , I should use an android virtual device instead.

[christocracy]

You're not going to get your app successfully reviewed with a video like that.

Have you seen my video? https://www.dropbox.com/s/9velqx2cmp152sq/cordova-background-geolocation.mp4?dl=0

[jbfrequence]

Hi @christocracy

My miss, I forgot to fullfill the App access > Device registration form with a custom account dedicated to the Google Review team and the instruction details. After submission of this form, my app was ... successfully reviewed! I am not a video maker (sure), just a poor lonesome developper ;-)

Thanks for all Chris, you encouraged me to not leave the backgroup permission away

[CodeWithOz]

@christocracy thanks for the guidance you provided here. I've tried your suggestions earlier in the thread for overriding permissions in the AndroidManifest.xml file, but the ACCESS_BACKGROUND_LOCATION permission still makes it into the final APK. Is there something else I should be aware of or do? Thanks in advance.

[christocracy]

I don't know. Google "android manifest override remove permission"

[maxymczech]

It's not hard to configure your app in Play Store to accept the BACKGROUND_LOCATION permission. You just have to follow the steps in this thread

It is hard, you probably just got lucky :(

[christocracy]

you probably just got lucky :(

Lucky three times?

[maxymczech]

Well. maybe we were just unlucky to get a reviewer who doesn't see that "feature delivers clear value" regardless of the fact that our client clearly thinks this feature will bring him business value :)

[maxymczech]

@christocracy Got another rejection. App purpose:

The main purpose of the app is to provide information about real estate offers to app users, with intelligent suggestions based on recent user locations.

Location access:

Application uses Background Geolocation for custom user's advertisement list and new advertisement notifications based on user's recent location. User locations are saved and processed on backend server. User can disable this functionality in setting page within app. User can see his stored locations on a map in settings page, and they can erase any collected data with a single click of a button within app settings page.

Video demonstrating usage is uploaded.

Rejection reason:

We were unable to identify the feature that requires access to location in the background based on the declaration you submitted. Please resubmit a declaration with a clear description or additional information regarding the one feature that requires access to location in the background. Even if your app has multiple features that require access to location in the background, please only select one feature and resubmit your declaration form.

I have no idea what to do here. Either you got lucky or we are extremely unlucky, but we just can't get past this point.

[christocracy]

It is not just me getting lucky (three time).

There are thousands of other users of this sdk, across Cordova, Capacitor, React Native and Flutter.

I am not responsible for app submission. I made a blog post to assist you.

[maxymczech]

Of course I am not saying you are responsible :)