Evolution of Location Permission in Android.

Photo by Muhammad Zaqy Al Fattah on Unsplash

Location permissions have come a long way since the early days of the Android platform, and today, they play a critical role in providing users with a tailored and personalized mobile experience. Android has made significant changes to its location permission model to enhance user privacy, security, and overall user experience.

Install -Time Permission

The list of an app’s install-time permissions, which appears in an app store.

Before Android 6.0 (Marshmallow), apps installed on Android devices had access to all requested permissions at the time of installation. This meant that users had to grant all requested permissions to an app before it could be installed on their device.

The problem with this approach was that users didn’t always know what permissions an app needed or why it needed them. This led to a lot of confusion and mistrust among users, as they were often asked to grant permissions that seemed unnecessary or invasive.

In addition, apps could potentially abuse the permissions they were granted, as there was no way for users to revoke or limit permissions after the app was installed.

To address these issues, Google introduced the concept of “runtime permissions” in Android 6.0. With runtime permissions, apps are no longer granted all requested permissions at the time of installation. Instead, they must request permissions as they are needed during app usage.

This gives users more control over their devices and allows them to make informed decisions about which permissions to grant to each app. For example, if a photo editing app wants to access the camera, it can prompt the user for permission at the time they want to take a photo, rather than requiring permission upfront.

Runtime Permission

Runtime permission is a significant feature that was introduced in Android 6.0 (Marshmallow) to enhance user privacy and security. This feature allows users to grant or deny app permissions on a case-by-case basis, rather than all at once during installation. The introduction of runtime permissions has transformed how Android apps request permissions, making the process more transparent and user-friendly.

With runtime permissions, app developers must request permissions at runtime, and users are prompted to grant permissions when they are needed by the app. Users can also revoke permissions at any time from the app settings menu, giving them more control over their devices and preventing apps from accessing sensitive data without their knowledge or consent.

Location Permission Prior to Android 10

Tristate Location Permissions (Android 10) : Foreground — background separation

Tristate permission

Prior to Android 10, Location permission for foreground/background are combined in a single request. Once user Allow the permission the app will be able to query them in the background as well as in foreground. This behavior changed in Android 10 with the introduction of tristate permission, location is now split between foreground and background.

Tristate location permissions refer to a feature in Android that allows users to grant location permissions to apps in one of three ways

1. “Allow all the time”,
2. “Allow only while in use”
3. “Deny”.

Allow All the time = Background and Foreground Access.

Allow only while in use = Foreground only Access.

Prior to Android 10, location permissions were binary — users could either grant or deny an app’s request to access their location. With the introduction of tristate location permissions in Android 10, users have more control over how and when an app can access their location data.

“Allow all the time” grants an app permission to access the device’s location even when the app is not in use (background access). This option is suitable for apps that require continuous location tracking, such as Geofence enabled app.

“Allow only while in use” grants an app permission to access the device’s location only when the app is in use. This option is suitable for apps that need location data for specific functionality, such as ride-hailing or delivery apps.

“Deny” blocks an app’s access to the device’s location entirely.

Tristate location permissions enhance user privacy and security by giving users more control over when and how apps can access their location data. Users can choose the level of access that they are comfortable with and can easily revoke permissions if necessary. This feature also helps to prevent apps from accessing location data without user consent, which is a significant privacy concern.

If an app only requests the background location permission, the user will be presented with only the tristate option.

background permission.

If you are using only the foreground location permission, then you will see a permission dialog with two options.

Foreground location access.

App developers must now handle tristate location permissions in their apps, ensuring that the appropriate permission level is requested and that the app functions correctly regardless of the permission level granted by the user. Overall, tristate location permissions are a valuable addition to Android’s privacy and security features, providing users with more control over their data and enhancing transparency and user trust in the Android platform.

On Android 11 (API level 30) and higher, user has to go to the settings sections to turn on the “Allow all the time” (background access).

The user won’t see a system dialog in the app to access the background permission in (Android 11 and above) before sending the user to the permission settings page, make sure to include the proper instructions on what to select from the settings.

Reminder of background location grant

In Android 10 and higher, when a feature in your app accesses device location in the background for the first time after the user grants background location access, the system schedules a notification to send to the user.

Location Accuracy

Android Location Accuracy Permission is a feature that allows apps to request the level of accuracy they need when accessing the device’s location data. This feature was introduced in Android 11 and provides users with more control over how their location data is accessed and used by apps.

The two levels of accuracy available are “Approximate” and “Precise”. “Approximate” location accuracy is a lower level of accuracy that provides a general idea of the user’s location, typically within a few kilometers. This level of accuracy is suitable for apps that do not require precise location data, such as weather or news apps. “Precise” location accuracy provides a higher level of accuracy, typically within a few meters. This level of accuracy is suitable for apps that require precise location data, such as navigation or ride-hailing apps.

Here is an example of how to request location accuracy in an Android app:

// Create a LocationRequest object
val locationRequest = LocationRequest.create().apply {
    interval = 5000 // 5 seconds
    priority = LocationRequest.PRIORITY_HIGH_ACCURACY // precise
}

// Request location updates
LocationServices.getFusedLocationProviderClient(this)
    .requestLocationUpdates(locationRequest, locationCallback, Looper.getMainLooper())

On Android 12 or higher, users can ask for approximate location instead of precise location even if an app requests for precise location permission. To handle this, when asking for location permission, apps should request both precise and approximate location permissions together instead of just requesting precise location permission. If an app only requests precise location permission, the system may ignore the request on some Android 12 releases.

When your app requests both ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION, the system permissions dialog includes the following options for the user:

• Precise: Allows your app to get precise location information.
• Approximate: Allows your app to get only approximate location information.

Conclusion

In summary, foreground and background location permissions are important features in Android that allow apps to access the device’s location data. These permissions are crucial for apps that require location data to function properly, but they can also be a significant privacy concern. Users must be aware of which apps have access to their location data and why, and app developers must be transparent about their use of this data. Regardless of the OS version your app runs on, you should always consider using only the permission accuracy and mode you need. When possible, offer alternatives to users by allowing them to input their location manually.

Thank you, Marcel Pintó and Enrique López-Mañas, for your valuable feedback and suggestions. Your input is greatly appreciated.