[i_am_jl]

I haven't been keeping up with the legislation updates, but the FAA's proposal for positional reporting required the drone to report the location of the drone and the pilot. It seems to still be their objective under "Why do we need RemoteID" https://www.faa.gov/uas/getting_started/remote_id/drone_pilo...

>Remote ID helps the FAA, law enforcement, and other federal agencies find the control station when a drone appears to be flying in an unsafe manner...

To be clear, I don't support this implementation of RemoteID proposed by the FAA, and I don't like that the DJI app doesn't allow granular control over permissions. I fully support the Feds' efforts in sanctioning DJI. However, I think it's important that we level reasonable criticisms at DJI for behavior that they're capable of changing.

[Rebelgecko]

Some of DJIs drones are small enough that they wouldn't have to follow that rule (the pilot GPS requirement is only for drones that are required to be registered with the FAA, aka those heavier than 250g. DJI very intentionally has a line of drones that weigh something like 248g)

[i_am_jl]

Yep, the Spark and the Mavic Mini series are all exempt from registration and RemoteID as they're 249g on the nose.

I'm just pointing out why the DJI app may need the capabilities that it does, but you're right, for many users who will never own a >250g DJI drone, that permission will never, ever be necessary.

[magic_hamster]

This point came up in another comment, and it's definitely reasonable - but I still don't see why DJI would require your location when using products other than drones, which they do. And as I noted before, they are providing an app which has been axed from the official store. Aside from this, as I'm sure you're aware, any information that DJI collect has a nonzero chance of being handed over the the Chinese authorities for any reason whatsoever.

[photochemsyn]

This is a fairly broad problem across the whole phone app world, isn't it? For example, I bought an iOS app for LAN analysis, but then deleted it when it turned out it wouldn't work unless you gave it access to your physical location (I assume that was for their data marketing side business).

Also, any data information collected by a US company also has 'a nonzero chance of being handed over to the American authorities for any reason whatsoever'.

The only real solution is data protection laws that can be enforced not just by governmental authorities, but also by individual and class-action lawsuits against companies that violate those laws.

[sofixa]

> This is a fairly broad problem across the whole phone app world, isn't it? For example, I bought an iOS app for LAN analysis, but then deleted it when it turned out it wouldn't work unless you gave it access to your physical location (I assume that was for their data marketing side business).

I don't know how iOS works, but on Android location data permissions are requested for anything involving networking (including Bluetooth, WiFi). Why? Because access to those could be used to estimate where the user is physically located, so gating it behind the location permission is a good way to ensure nobody exploits that. It's not necessarily obvious when you're presented with the permission screen though.

[magic_hamster]

If it's really a case of gating permissions, I still don't like it.

I used a few apps that utilize Bluetooth without asking for location, even when they aren't the obvious use case (like headphones), although admittedly it's been a while since then.

Afair, I don't recall the Mimo app asking me to turn on wifi for the stabilizer. But maybe yes and I just turned it off after connecting to the device. The operation of the stabilizer is through Bluetooth.

[squeaky-clean]

For the majority of smartphone's existence no permission was necessary, probably because no one ever considered it. Then it was learned stores, for example Target, were using their mobile app to broadcast Bluetooth signals in order to track shoppers movement around the store. So around 2019 Android added it to the general location permission to use Bluetooth for anything other than audio transmission to/from a paired device if device pairing is handled by the OS, hidden from the app.

In late 2021 Android changed it to a separate "ACCESS_FINE_LOCATION" permission, while Apple still keeps it under the general bluetooth permission (while the popup mentions it can be used to track your location).

[autoexec]

> So around 2019 Android added it to the general location permission to use Bluetooth for anything other than audio transmission to/from a paired device if device pairing is handled by the OS, hidden from the app.

Stores don't need your permission or even their own app to be installed on your phone in order to use bluetooth to track people as they move around their stores. If you have bluetooth enabled on your device at all it can be used to track you.

The store just needs to place inexpensive low powered beacons around their store and they will record and log every device that passes within range.

[magic_hamster]

> This is a fairly broad problem

Permission greed is definitely an issue but it's still the choice of every developer, and there are still plenty of apps that do not do this. You were right to refuse using the app if you don't trust it.

> Handed over to the American authorities

At least on paper they need to have a reason, unless the corporation is very accommodating which also happens. But some companies are more strict about this and at least in theory accessing private information is not as easy in western countries. Or so I'd like to believe. I'm not sure in China you can tell the government official to come back when they have a warrant in a meaningful way.

> The only real solution is data protection laws

Sign me up! Unfortunately, the current state of things makes a lot of money for some parties, and legislators don't really have an incentive to do anything about this. However, it sends a very clear message when the Pentagon closes the door on some companies or when certain vendors like Huawei or ZTE are banned altogether.

[myself248]

> At least on paper they need to have a reason,

No they don't.

They need a reason to get a warrant. But if they simply buy the data from a broker, they don't need any reason at all, and there is utterly no oversight.

[ryandrake]

> Permission greed is definitely an issue but it's still the choice of every developer, and there are still plenty of apps that do not do this. You were right to refuse using the app if you don't trust it.

In fact, at least for Apple, their app store guidelines have, for a long time, prohibited apps from refusing to work without permissions. The app is supposed to gracefully degrade if the user does not consent to any particular permission. Their language seems to have softened[1] a bit since I last looked at it, but the intent is pretty clear: The developer can't just kill the app or prevent it from being used just because someone denied a permission.

1: https://developer.apple.com/app-store/review/guidelines/

[WrtCdEvrydy]

> but then deleted it when it turned out it wouldn't work unless you gave it access to your physical location (I assume that was for their data marketing side business).

In order to use bluetooth or internet access through wireless means you must request location access because it's assumed that you can match a person's location with the access points and bluetooth devices around them (BL beacons). It sucks but Android is semi-right on it. Something that doesn't use wireless means of communication doesn't need location access.

[dTal]

That seems a bit broken. The permission to send data over the network should be distinct from the permission to know the name of the SSID.

[happyopossum]

iOS handles this differently - there is a distinct permission for accessing local networks and devices, and another for location. Within location, you can choose precise or vague.

[squeaky-clean]

Sort of off-topic complaint, but I wish Apple didn't make the Precise Location permission status viewable by apps. There's no reason they need to know if I'm obfuscating my location from them, and many apps look for this setting and refuse to work with Precise Location disabled.

For example the McDonald's app doesn't allow you to use coupons unless you enable the precise location permission.

[WrtCdEvrydy]

Some of it comes down to whether the app should rely on that positional data... like for catching an uber or something.

I do think that's exploiting the ecosystem and I have a feeling one well placed complaint with Apple would cause a stern message to McDonald's... does the app tell you it's because of your location accuracy?

[WrtCdEvrydy]

So android provides "coarse" or "precise" which maps to "wireless" or "gps" but the prompt tells you the app can get your location for either one.

[petre]

That's just Google muddying the waters and claiming they respect user privacy, but then the phone asks for precise location every single time.

[LeifCarrotson]

> I assume that was for their data marketing side business

You're confused: Their primary business is data marketing. LAN analysis or anything useful the apps might do are a side business at best.

[petre]

If one wants to fly a drone in an unsafe manner they build a FPV drone themselves as opposed to buying an off the shelf regulated product with builtin geofencing.