I want to enable/disable location services for my app but not have to prompt the user to enable it if it's turned off. All the examples I have seen require some dialog to be shown. This seems kind of senseless given that the user has already granted permission to use location services.
I want to enable/disable location services for my app but not have to prompt the user to enable it if it's turned off.
Fortunately, that is not possible on ordinary devices, for obvious privacy reasons, barring some bug in Android (or specific device models). System apps might be able to do this, and this should be possible on rooted devices, though I do not have the details for either scenario.
This seems kind of senseless given that the user has already granted permission to use location services.
Prior to Android 6.0, users did not have the ability on ordinary Android devices to control permissions individually. As a result, they might disable location services, just to be able to use apps that happen to request locations.
Even on Android 6.0+, just because the user granted your app permission to use locations does not mean that the user wants location data to be available all the time. They might only want locations to be available to apps at certain times (e.g., while travelling and needing location-related information more). Or, as a commenter noted, the user might keep locations disabled for power reasons, more so than privacy.
if the app needs control of the location service and the user is made fully aware that the app needs to turn it on/off when it is running
That would need to be a separate capability with a separate permission (e.g., some MANAGE_LOCATION_PROVIDERS permission), or possibly be part of the device admin/device owner APIs. You are certainly welcome to file a feature request for this.
No prompt should be necessary if the permission has been granted
Permissions to access location data do not imply permission to override the user's enabled/disabled setting for location providers. If it did, there would be no point in having location providers be able to be disabled.
Related
Some surveys and analytics showed that users very often turn down Location Permission request appearing in the mobile app even if this permission is crucial for the app, e.g. the app performs automatic scan for devices in a venue that handle business logic and exchange data with the mobile app. The permission request turn down rate is so high that it becomes problematic for business. Is there any way in Android to avoid this, e.g. to declare some verified devices that can be scanned without permission request? I thought of https://developer.android.com/guide/topics/connectivity/companion-device-pairing but it also means popping up requests for manual work for the user. Is there any way today to do it behind the scenes?
Unfortunately this is not possible for privacy and security reasons. Enabling BLE on Android devices goes hand in hand with the location permission. The only possible workaround for this is potentially if you use classic Bluetooth instead of BLE. I am not 100% sure about this one, but it is mentioned in this article:-
No one can use BLE scan API without having Location Permissions, and,
on most devices, it is useless without active Location Services.
However, Bluetooth Low Energy is an extension to so-called Bluetooth
Classic and interestingly enough Google decided this API does not need
location permissions to be called.
This is an OS requirement which cannot be overcome. You might've already seen this on the Android developer page for BLE:-
In order to use Bluetooth features in your application, you must
declare two permissions. The first of these is BLUETOOTH. You need
this permission to perform any Bluetooth communication, such as
requesting a connection, accepting a connection, and transferring
data.
The other permission that you must declare is ACCESS_FINE_LOCATION.
Your app needs this permission because a Bluetooth scan can be used to
gather information about the location of the user. This information
may come from the user's own devices, as well as Bluetooth beacons in
use at locations such as shops and transit facilities.
You can find more info about this here:-
The Ultimate Guide to Android BLE Development
Location needs to be enabled for BLE on Android
Bluetooth versus Location Permission
I have survey some article on stackoverflow.
It seems android version above 4.0 is not able to turn on/off GPS programmatically.
Is there anything changed now? Or is this still not possible?
You can't turn it on/off programatically due to security reasons. According to Change location settings docs:
If your app needs to request location or receive permission updates, the device needs to enable the appropriate system settings, such as GPS or Wi-Fi scanning. Rather than directly enabling services such as the device's GPS, your app specifies the required level of accuracy/power consumption and desired update interval, and the device automatically makes the appropriate changes to system settings.
So, the best thing to do is, if the user has disabled the GPS, then for better UX you can show a prompt and redirect the user to the Location activity like this:
MainActivity.Instance.StartActivity(new Intent(ActionLocationSourceSettings));
Where MainActivity.Instance is your current Activity.
Question
Is it possible to grant Nearby API permissions from phone settings?
If so, how?
Does the answer vary by device API level?
Read on for more context if needed :)
General Background
When an app targeting API level 23 or higher is installed on a device running API level 23 or higher, access to actions that required dangerous permissions can be granted or revoked by the user in two different ways:
while the application is running in the foreground, where calls to requestPermissions result in the user being shown a prompt;
from the Settings -> Apps screen, where users can grant/revoke access to actions requiring dangerous permissions on a app-by-app or group-by-group basis.
In particular, a user who has denied a permission that has been requested (at least) twice via mechanism #1, and who has checked 'Never ask again' in the most recently-displayed prompt:
can still choose to grant that permission at a later time using mechanism #2.
Nearby API Background
When an app wishes to use the Nearby Messages API, a mechanism similar to (but distinct from) #1 can be used to request the necessary permissions at runtime. As far as I can tell, these permissions are not represented within any of the standard dangerous permissions groups.
Just like for typical dangerous permissions, it is possible for a user to instruct an application to 'Never ask again' for the Nearby API permission (example from Pocket Casts; device running API 23):
However, if a user selects this option it would appear to be totally permanent. Here are the listed permissions groups for Pocket Casts immediately after denying access to the Nearby APIs with 'Never ask again' checked:
The only dangerous permissions group present is Storage, and access is still granted. There's no sign of the Nearby API permissions, and I therefore don't see how it is possible to ever grant access to these permissions after reaching this state... (apart from uninstalling and reinstalling the application, which isn't ideal!)
Edit
In more recent testing I seem unable to permanently deny the Nearby permission. Even after the first denial, the "Never ask again" checkbox does not appear. I am guessing this was introduced by a change in the Google Play Services version running on my phone. Here's what the permissions dialog looks like now. Note that it includes specific instructions related to locating the Nearby permission setting!
As pointed out by Morrison Chang in the comments, Nearby API permissions control is located under Settings -> Google. Here's an animated gif showing how to grant access to the Nearby APIs on an app-by-app basis, starting from the settings screen of a Nexus 6 running Marshmallow:
As a developer, this makes sense to me in hindsight - it's the only way Nearby permissions management could be backported to pre-Marshmallow devices. As a user, though, I definitely found this confusing!
I'm working on a GPS game, similar to geocaching, which requires the devices accurate GPS cordinates.
I am using LocationClient and not LocationManager.
Early in testing, a friend pointed out that the location can be faked using free apps on the play store. A bit of research shows that without root, these apps require Mock Location to be enabled. So I started with a simple check to see if mock location was enabled, and if it was then the app would not allow the user to play until it is disabled.
This got me thinking though, users who are rooted could still fake their location without having mock location enabled, however most of these apps still have the MOCK_LOCATION permission regardless if the device is rooted or not. So I used a method that detects any apps that require Mock Location. The problem is, even on my non rooted Note 3, there appears to be several pre-installed apps that require Mock Location for some reason, which then prevents game play. So this solution wont work.
Is there any other way to check if a location might be faked using LocationClient?
In API 18+ you can use Location.isFromMockProvider to check if a particular location is mocked. This flag will be set to true if an app is providing mocked (fake) locations or if you are using a mock provider in your own app.
Of course, rooted phones can bypass this.
In your device, go to settings >> developer options >> allow mock locations
This option must be checked in you device that's why you are getting mock location updates. To stop receiving just uncheck it.
In your code, you can also set mLocationClinet.setMockMode(false); in your onCreate() method of Location tracking activity.
I hope it works :)
Is there any hidden (internal) API function for turning on/off the GPS? Is it a valid solution (legally and safely) to use android internal API's? If it is not valid, how can I obtain a license/signature for using those API's?
I have already tried the methods using SDK/NDK and I understood that it is not possible to turn GPS on with the SDK/NDK (I know that we can bring up the settings screen). I want to know whether there is any hidden/internal API's for doing that. Also I am not interested in using any vulnerabilities in Android as a solution.
You need root privileges. Mandatory. Period.
And yes there is API to enable/disable GPS. But the application must receive SuperAdmin privileges. To obtain it either root or custom ROM required.
Sample: https://github.com/sms2000/GPSToggler
There is no hidden API for controlling the GPS. There is no valid solution.
(Like you mentioned), the correct thing to do is ask the user to turn it on. If an app could override the users option, there would be no point in it being an option and this would be a huge security rick.
If the user chooses to keep the GPS off then your apps should do the same thing it would do if the GPS was on but couldn't get a lock. Not respecting their wished to keep it off would be malicious even if you don't plan on doing anything morally wrong with the data.
If you have some client that wants their employees to not be able to turn off the GPS, then you need to give them phones with custom roms.
If you are trying to make a security app that reports location you can use wifi location and last known location too in addition to GPS.