[nybble41]

> The app needs the geolocation permission to access the bluetooth radio and scan for devices.

Sure, but why does the app need to be able to scan for any and all Bluetooth devices? There should be an entry in the manifest describing the kind(s) of devices the app wants to interact with, and only those devices should appear in the scan. Naturally the list would need to be reviewed to verify that the selected devices are related to the app, and presented to the user in the app store along with all other requested permissions.

In this particular case the same company designed both the app and the device it's connecting to, so for all we know the device could have an embedded GPS receiver to provide the app with much more detailed location information than it could get from Bluetooth alone. It could also just relay its own Bluetooth scan results. However, the app at least couldn't easily get location data from Bluetooth scans when the device isn't in range.