The only one I found so far demands location permission, according to F-Droid. Why…
The location permission is needed to activate BLE and scan for other devices using low energy. Android things…
The location permission is because in dense cities there are enough unique, stationary bluetooth endpoint that you can guesstimate a location.
And sometimes actual BT beacons made specifically for that reason. It’s one of the ways shopping centres and their apps keep track what shops people visit.
Well then, learned something new today.
But hey, if the app can be verified not to do anything stupid with that permission, that’s more than you can say about the closed-source offerings on the Play Store
Insert Padme Anakin Meme here:
You did verify it, didn’t you?
Gotta sometimes depend on some other people in your life. I also depend on people not mixing toxic stuff into my groceries. The people from F-Droid are generally nice and have proven themselves. And there is more than one pair of eyes on most of the code. And automatic checks.
(I got this one, but it’s for Linux and USB, not Android & Bluetooth: https://github.com/jnweiger/led-name-badge-ls32/ )
deleted by creator
Honestly, I sometimes do. I contribute to free software, file bugreports and most of the time have a look at the code to see if I can fix it myself and hand in a patch. I tinker around with brand-new niche ideas. More often than not my (larger) contributions are to small projects and not the large ones. It’s not my hobby to fix Firefox. I think there are a lot of people like me.
And for Linux distributions and something like the F-Droid you have some maintainers on top, who often review every patch and new version.
deleted by creator
And that’s the issue. I totally understand that one does not want to look through tens of thousands of lines of code just to use a silly little app. Even if you can understand the programming language and even if you took your time to look into it, its really unlikely that one would find either malicious code or simply security relevant bugs just from skimming through it.
However, if everyone just relys on others no one actually checked it. Yes it is possible to look into OS code but that alone doesn’t make it better. There has to be at least someone to check it. The open source community is such a small one already.
It’s like buying a ticket for the train. There might be controls so almost everyone does it. But as soon as it gets common knowledge that there are never any checks some will start to not do so. And in case of software even if something gets spotted eventually it might have had enough time to cause serious damage
deleted by creator
Well, it’s one of those things where I have to trust other people to do it. But at least people are actually able to do it
Afaik it’s not “Android things”. Apple devices also use location to use some BT functions if I correctly recall.
The problem is many more apps abuse Bluetooth for location tracking than use it for any legitimate purpose.
Ideally they would isolate the process and allow users to do managed individual scans in an app for the purpose of handling Bluetooth devices, and only allow persistent permissions to communicate with specific devices. I’m not sure enough of the underlying protocols to know how much hoop jumping it would take to do that though.
One could also just allow the permission but revoke network permissions
There are cases where that would work (including possibly here), but I was speaking more generally to how I’d like to see the abuse of Bluetooth beacons prevented.
I don’t think most non-technical people recognize how pervasive that shit is.
deleted by creator
What app did you find?
Badge Magic on F-Droid, though I’m not sure if it would actually work with any device
