Hacker News new | ask | show | jobs
by magic_hamster 1347 days ago
This point came up in another comment, and it's definitely reasonable - but I still don't see why DJI would require your location when using products other than drones, which they do. And as I noted before, they are providing an app which has been axed from the official store. Aside from this, as I'm sure you're aware, any information that DJI collect has a nonzero chance of being handed over the the Chinese authorities for any reason whatsoever.
1 comments
photochemsyn 1347 days ago
This is a fairly broad problem across the whole phone app world, isn't it? For example, I bought an iOS app for LAN analysis, but then deleted it when it turned out it wouldn't work unless you gave it access to your physical location (I assume that was for their data marketing side business).

Also, any data information collected by a US company also has 'a nonzero chance of being handed over to the American authorities for any reason whatsoever'.

The only real solution is data protection laws that can be enforced not just by governmental authorities, but also by individual and class-action lawsuits against companies that violate those laws.

link
sofixa 1347 days ago
> This is a fairly broad problem across the whole phone app world, isn't it? For example, I bought an iOS app for LAN analysis, but then deleted it when it turned out it wouldn't work unless you gave it access to your physical location (I assume that was for their data marketing side business).

I don't know how iOS works, but on Android location data permissions are requested for anything involving networking (including Bluetooth, WiFi). Why? Because access to those could be used to estimate where the user is physically located, so gating it behind the location permission is a good way to ensure nobody exploits that. It's not necessarily obvious when you're presented with the permission screen though.

link
magic_hamster 1347 days ago
If it's really a case of gating permissions, I still don't like it.

I used a few apps that utilize Bluetooth without asking for location, even when they aren't the obvious use case (like headphones), although admittedly it's been a while since then.

Afair, I don't recall the Mimo app asking me to turn on wifi for the stabilizer. But maybe yes and I just turned it off after connecting to the device. The operation of the stabilizer is through Bluetooth.

link
squeaky-clean 1347 days ago
For the majority of smartphone's existence no permission was necessary, probably because no one ever considered it. Then it was learned stores, for example Target, were using their mobile app to broadcast Bluetooth signals in order to track shoppers movement around the store. So around 2019 Android added it to the general location permission to use Bluetooth for anything other than audio transmission to/from a paired device if device pairing is handled by the OS, hidden from the app.

In late 2021 Android changed it to a separate "ACCESS_FINE_LOCATION" permission, while Apple still keeps it under the general bluetooth permission (while the popup mentions it can be used to track your location).

link
autoexec 1347 days ago
> So around 2019 Android added it to the general location permission to use Bluetooth for anything other than audio transmission to/from a paired device if device pairing is handled by the OS, hidden from the app.

Stores don't need your permission or even their own app to be installed on your phone in order to use bluetooth to track people as they move around their stores. If you have bluetooth enabled on your device at all it can be used to track you.

The store just needs to place inexpensive low powered beacons around their store and they will record and log every device that passes within range.

link
sofixa 1346 days ago
I think the person you're responding to is misremembering the scandal. It was that Facebook, Google and similar (iirc it was mostly Facebook, Google were doing this with WiFi networks they had built an index of through Street View) would use Bluetooth on your phone to scan for nearby devices, and match them against known other devices and their location, thus deducing who you meet and where.

They even have a patent for that exact thing: https://www.wired.co.uk/article/facebook-phone-tracking-pate...

link
squeaky-clean 1346 days ago
But if they want to match it to your Target Circle account they need you to be using the app. Also iOS uses BLE address randomization to make tracking a specific individual more difficult. Having your app blast out a known ID bypasses this

https://techcrunch.com/2017/09/20/target-rolls-out-bluetooth...

link
magic_hamster 1347 days ago
> This is a fairly broad problem

Permission greed is definitely an issue but it's still the choice of every developer, and there are still plenty of apps that do not do this. You were right to refuse using the app if you don't trust it.

> Handed over to the American authorities

At least on paper they need to have a reason, unless the corporation is very accommodating which also happens. But some companies are more strict about this and at least in theory accessing private information is not as easy in western countries. Or so I'd like to believe. I'm not sure in China you can tell the government official to come back when they have a warrant in a meaningful way.

> The only real solution is data protection laws

Sign me up! Unfortunately, the current state of things makes a lot of money for some parties, and legislators don't really have an incentive to do anything about this. However, it sends a very clear message when the Pentagon closes the door on some companies or when certain vendors like Huawei or ZTE are banned altogether.

link
myself248 1347 days ago
> At least on paper they need to have a reason,

No they don't.

They need a reason to get a warrant. But if they simply buy the data from a broker, they don't need any reason at all, and there is utterly no oversight.

link
ryandrake 1347 days ago
> Permission greed is definitely an issue but it's still the choice of every developer, and there are still plenty of apps that do not do this. You were right to refuse using the app if you don't trust it.

In fact, at least for Apple, their app store guidelines have, for a long time, prohibited apps from refusing to work without permissions. The app is supposed to gracefully degrade if the user does not consent to any particular permission. Their language seems to have softened[1] a bit since I last looked at it, but the intent is pretty clear: The developer can't just kill the app or prevent it from being used just because someone denied a permission.

1: https://developer.apple.com/app-store/review/guidelines/

link
WrtCdEvrydy 1347 days ago
> but then deleted it when it turned out it wouldn't work unless you gave it access to your physical location (I assume that was for their data marketing side business).

In order to use bluetooth or internet access through wireless means you must request location access because it's assumed that you can match a person's location with the access points and bluetooth devices around them (BL beacons). It sucks but Android is semi-right on it. Something that doesn't use wireless means of communication doesn't need location access.

link
dTal 1347 days ago
That seems a bit broken. The permission to send data over the network should be distinct from the permission to know the name of the SSID.
link
happyopossum 1347 days ago
iOS handles this differently - there is a distinct permission for accessing local networks and devices, and another for location. Within location, you can choose precise or vague.
link
squeaky-clean 1347 days ago
Sort of off-topic complaint, but I wish Apple didn't make the Precise Location permission status viewable by apps. There's no reason they need to know if I'm obfuscating my location from them, and many apps look for this setting and refuse to work with Precise Location disabled.

For example the McDonald's app doesn't allow you to use coupons unless you enable the precise location permission.

link
WrtCdEvrydy 1347 days ago
Some of it comes down to whether the app should rely on that positional data... like for catching an uber or something.

I do think that's exploiting the ecosystem and I have a feeling one well placed complaint with Apple would cause a stern message to McDonald's... does the app tell you it's because of your location accuracy?

link
squeaky-clean 1346 days ago
It specifically says to turn on Precise Location

https://imgur.com/a/zrs0rQl

For reference, you can click any deal and get a 6 letter code to use in-store at the counter or on their touchscreen ordering booths. But you can't see the code unless you give them precise location.

link
WrtCdEvrydy 1347 days ago
So android provides "coarse" or "precise" which maps to "wireless" or "gps" but the prompt tells you the app can get your location for either one.
link
petre 1347 days ago
That's just Google muddying the waters and claiming they respect user privacy, but then the phone asks for precise location every single time.
link
LeifCarrotson 1347 days ago
> I assume that was for their data marketing side business

You're confused: Their primary business is data marketing. LAN analysis or anything useful the apps might do are a side business at best.

link