[esprehn]

It can request with a JS call. It can't passively collect it without you approving first. The article is written like calling that JS function will turn on location tracking without consent.

[mattdeboard]

He explicitly says he can't determine it, but that the location tracking as configured will turn on once the user grants consent. All true statements.

How would you have written it differently

[logifail]

"If the user chooses to opt-in and grants location-tracking permission, the app is then, and only then, able to track the user's location?"

[mattdeboard]

You would be lying if you wrote that because you do not know if that is true.

[ceejayoz]

But that's not true; it could easily fallback to other forms of geolocation like using the current IP.

[rerdavies]

That would allow you to see the local network IP (not actually sure you even get that, tbh). To get more detailed information about IP configuration, you need Location permission. Been there, done that. Most Android network information calls provide degraded information if you have not been granted Location permissions.

[quesera]

If an app can make an HTTP request, the app can know the user's public IP address and the geolocation derived from that.

This data has well-known limitations, but I think it is the fallback people are talking about here.

[buzzerbetrayed]

Good lord. So could literally any app on the planet