5

BLE scanning faced a remarkable difference Marshmallow onwards with the requirement of location of device to be ON. Technically, I don't see a valid reason why location would be required to scan for BLE devices. Why has this been done by Google?

Avinash Gupta
  • 389
  • 4
  • 16
  • Related: http://stackoverflow.com/questions/33043582/bluetooth-low-energy-startscan-on-android-6-0-does-not-find-devices and https://code.google.com/p/android/issues/detail?id=189090 and https://developer.android.com/about/versions/marshmallow/android-6.0-changes.html#behavior-hardware-id – Morrison Chang Oct 21 '16 at 23:12
  • Thanks @MorrisonChang! I've already been through these threads. – Avinash Gupta Oct 22 '16 at 07:16

1 Answers1

5

Q: Why has this been done by Google?

A: Because BLE scanning is commonly used to determine a user's location with Bluetooth LE beacons.

I discussed this with Google engineers at a Q&A session at Google I/O 2015 when the change was still not released. At the time, my concern was having to ask for Bluetooth LE Admin permissions to scan for location beacons. For me, this was a problem because users understood that my app needed to find a user's location, but did not understand why it needed to administer Bluetooth.

The engineers' response was that location permission (and location on) would be needed to do this in Android M to make this clearer to users. Unfortunately, from my perspective Bluetooth Admin permission is still required for historical reasons.

You can certainly disagree with Google's decision. But the reasoning is clear. If an app can scan for Bluetooth devices and can read their MAC addresses or other identifiers, it can also determine a user's location if the app developer knows where some of these scanned devices are located.

Why the same location permission logic does not apply to scanning WiFi or Bluetooth Classic (both of which would allow the same thing) is less clear. Perhaps it is just that Google was preparing to join the Bluetooth LE beacon game with their Eddystone standard.

Correction: Location permission is required for WiFi scans.

davidgyoung
  • 63,876
  • 14
  • 121
  • 204
  • I could find this:To access the hardware identifiers of nearby external devices via Bluetooth and Wi-Fi scans, your app must now have the ACCESS_FINE_LOCATION or ACCESS_COARSE_LOCATION permissions: – Avinash Gupta Oct 22 '16 at 07:17
  • 1
    This is the link to above statement: https://developer.android.com/about/versions/marshmallow/android-6.0-changes.html This means that same permission logic has been applied to wifi scans as well. What I feel is, it would be difficult for users to explain the requirement of both location and bluetooth for such use cases. Either of the two permissions would be revoked by users initially. Moreover, since app developer has installed his own devices to track the location of users, it makes sense for him to leverage them. – Avinash Gupta Oct 22 '16 at 07:21
  • 1
    I completely agree to your view point that it is Google's step towards their beacon game. Infact, I believe, Google plans to know each and every beacon installed by the developers and use them for its own benefit (across its chain of products). It's like we the developers are working for Google's fine location tracking project. – Avinash Gupta Oct 22 '16 at 07:25