Why does SmartRace need permissions to use location services on Android?
This question has been asked a lot of times already and has also been the reason for bad reviews of SmartRace. Since I was also not sure why the permission to use location services was needed, I started to dig a bit deeper into the topic and here is what I found. First off, SmartRace is no “native” app but is wrapped into a container framework which is called “Cordova”. This framework utilizes a lot of different plug-ins to be able to use the hardware of the device which runs the app (SmartRace in this case) – for example to use Bluetooth. In the particular case of my app, I use an open sourced plug-in which is called “BLE Central” (which happens to be the same one that’s also being used by Open Lap and the Carrera Race App. Luckily the developer of this plugin added an explanation to his github page about why the permission to use location services is required:
With Android SDK >= 23 (6.0), additional permissions are required for Bluetooth low energy scanning. The location permission ACCESS_COARSE_LOCATION is required because Bluetooth beacons can be used to determine a user’s location. If necessary, the plugin will prompt the user to allow the app to access to device’s location. If the user denies permission, the scan failure callback will receive the error “Location permission not granted”.
“Bluetooth beacons” mentioned in this explanation are little bluetooth devices which can be attached to e.g. key rings or wallets in order to be able to track them down if they get lost. What this explanation means is that Android requires the user to give the permissions to use location services if the app is making use of Bluetooth Low Energy scanning (which SmartRace does in order to be able to communicate with the Carrera Control Unit). It doesn’t matter whether the app actually uses any location data – you have to give the permission, otherwise the app will not be able to talk to the Control Unit. This means that even though SmartRace does not collect, use or store any location data (which I guarantee), the permission is still required. There is nothing I can do about this – it is something that is built into Android (iOS does not require this by the way).