18 Aug 2016

Finer-grained location permissions

Android has two types of location permissions: fine and coarse. Fine is as accurate as a few meters, while coarse is around 100 meters.

But I often find even coarse to be too fine. Sometimes, the app doesn't need a finer location than the neighborhood (like Koramangala), city, state, or country. Another possible granularity is the PIN code.

Android, and iOS for that matter, should have permissions [1] for all these, so that app developers can request only what they need, and I don't unnecessarily share private information with an app. Instead of "This app wants to access your location", Android can prompt, "This app wants to access your city". This provides more privacy without a more complex UI [2].

Here are some examples of when that would be useful: neighborhood is useful for apps like Quikr that let you sell things and mention the neighborhood so that buyers know where they need to go if they want to buy the item being sold. Instead of manually entering the location, you can be geolocated. City is useful in many situations, like an e-commerce store that delivers only in some cities, and wants to quickly check if you're staying in a supported city. State is useful for mobile networks, who have a different tariff in different states. Country is useful to tailor content appropriately. An app that lets you invest in Indian mutual funds could warn you if you're not in India. PIN code is useful in an e-commerce store like Flipkart, where some items like washing machines are available only in specific PIN codes. Or a courier company where the availability of service and the price depends on the PIN code you're sending the courier to. There seem to be many uses of location that need less granularity than 100 meters.

In addition to safeguarding users' privacy, not giving apps unnecessary information is also better for developers, because if the app suffers a security breach, less private data is available to steal.

In summary, OSs should offer more coarse-grained location permissions like neighborhood, city, state, country and PIN code, to safeguard users' privacy.

[1] Android does have APIs that let developers specify the accuracy of data they want, trading it off with power consumption. But those aren't mapped to a specific permission, so there's no way I as a user can grant city-level access to an app.

[2] The UI becomes complex if the app first asks for state access, and then later city. It would be irritating to have multiple prompts. Apps shouldn't do that. In this example, the app should just ask for city access to begin with.

Another UI complication would arise if users are allowed to respond to "Can this app access your city?" with "No, but it can access my state". We shouldn't have such complexity. Users should be allowed to respond to permissions only with "yes" or "no".

No comments:

Post a Comment