The single Location permission needs to be replaced with 3 new location permissions for finer control over our location data.
One of the most important developments in privacy protection was the ability to more precisely grant and deny specific permissions requested by apps. It has helped us protect our privacy by preventing apps from unnecessarily accessing our personal data. It’s not perfect, but it’s a huge improvement.
The problem we have now is there are different types of location information that apps want. There’s our permanent location info, like postal code, city, state/province and country, which is usually not much of a risk to divulge. And then there’s our GPS location, which can be used to track us.
The GPS location info is the hot topic. Some apps do need your real-time GPS location in order to provide key functionality. e.g. mapping apps, AR apps like Air Messages, and Reminder Now. Some apps need your GPS location to provide nice-to-have functionality, which is convenient, but not necessary. And there are apps that have no reason to gather your real-time GPS location other than to mine your data for advertising purposes. And the problem with that is that you don’t know how well those apps, and the people who develop it, will protect your data.
A main reason why you don’t give your phone number out to strangers on the street is that you don’t know what they’ll do with your phone number and who they might give it to. The same reasoning applies to your to giving your personal data to apps and web services. Are they doing a lot to prevent hackers from breaking into their systems and stealing all your personal data that the company collected about you ? You usually have no way to determine if your data is safe with them or not. So the best strategy is to simply only give your data to apps and services you trust, just as you only give your phone number to people you trust.
With your location data, you not only want to grant location access to apps you trust, but you also want to provide access to only the type of location info they truly need. That’s not possible now because we only have one permission to grant or deny access to all types of location data. We need finer control over the location permissions we grant apps. We need to replace the single Location permission with three location permissions:
- Permanent Location — your town, state/province, country postal code
- GPS Location — your current GPS location
- GPS Tracking — permission to request your GPS location once every few seconds
The Permanent Location is handy for retailers’ apps, because it allows the apps to show prices and inventory levels of products that are offered in the store that’s closest to your home. It saves you from having to enter your postal code or city.
The GPS Location permission is needed for when you want an app to show you businesses near your current location. For instance, you’re in another town and you want go eat at a Thai restaurant, and you want to use an app to show you all the Thai restaurants near by. Such an app would only need your GPS location very few times, probably only once per day. It does not need to track you in real time.
GPS Tracking is the big one. It’s the high-value target of your data. It’s one of the most-highly-valued pieces of information, valued by law enforcement, spy agencies and advertisers. And don’t forget hackers. If a thief can track your location, then they’ll be able to tell when you’re not home and approximate how much time they have to break into your home and steal your stuff. Obviously, you want to be very careful who you give GPS-tracking permissions to.
There aren’t that many apps that genuinely need to track you in order to provide app functionality. Mapping apps, AR apps (e.g. Pokemon Go, Air Messages, etc.) and Reminder Now are examples of apps that need to track your GPS location. But lots of apps ask for access to your location even when they have no need for it. I once installed an Android paint app, and discovered that it would not run unless I granted it access to my location. WTH ?! Why does a paint app need my location ? It doesn’t. So, I deleted the app and posted a scathing review. And by the way, I strongly recommend everybody do the same thing when they encounter an app that asks for permissions they really don’t need.
Replacing the single location permissions with the three I propose would go a long way towards improving our ability to protect our privacy and safety. I hope all mobile platform developers are listening, and we get them soon.