Recent Changes to Permissions Requirements in SensorPush for Android

A number of users have communicated concerns, frustration and even anger about recent changes to required permissions in the SensorPush app for Android. A new permissions interface was added to the app in an attempt to clarify the situation, but it has become apparent that more detail is needed than would logically fit within the app’s interface.

TL;DR: While the SensorPush app for Android needs location permissions to function, we NEVER collect, store, read, view, sell, share, use, or otherwise access your data about your actual physical location.

“Why then does SensorPush request access to location data? The app worked fine before.”

Each new major version of Android (Oreo, Pie, Android 10, etc.) also marks the release of a new SDK, or Software Development Kit. This is a large package of software and tools provided by Android that is used to build applications for Android devices. Over time, the functionality and design decisions made by the Android development team change and evolve. The latest SDK represents the current state of the sum of all of these decisions.

Since many users use older versions of Android on their devices and updating to a new SDK can involve substantial effort, app developers are generally allowed to use older SDK versions, as the applications continue to operate on newer operating systems. However, periodically, Google leverages the Play Store to enforce restrictions forcing apps to update to a certain SDK level.

Starting in November 2020, Google increased the minimum SDK requirement to 29 (a.k.a. Android 10) for all app updates submitted to Google Play. Because of this requirement, version 4 of the SensorPush app (released in January 2021) was forced to use SDK level 29 in order to be submitted to and distributed by Google Play.

Android 10, and by extension SDK level 29, introduced sweeping changes to a range of privacy-related features. A comprehensive list is available here. The change which directly led to the new permissions requirements is described under the heading “Some telephony, Bluetooth, Wi-Fi APIs require FINE location permission.” In short, the Android team made the decision to treat Bluetooth LE scanning as equivalent to location access. Therefore, in order to scan for Bluetooth LE devices, which is necessary to receive data from SensorPush sensors, the app needs location permission. Similarly, in order to scan while the app is in the background to receive data updates and provide alerts, background location permission is required. We really wish this functionality was separated out because it’s the only reason that we have to ask for location permissions and yet it’s easy to understand how it can cause concerns among users. We can very easily relate to this ourselves.

“Why would the Android team make this decision?”

It is possible to devise a Bluetooth LE based system that provides location information. With a deployment of Bluetooth devices with known locations and IDs, signal strength information can be used to approximate your location, so long as you are within Bluetooth range of at least one of the known devices. This possibility exists now, and it existed before Android bundled location with Bluetooth scanning. Some companies and projects use this type of positioning for use cases such as indoor navigation (e.g. in a museum).

However, the SensorPush app does not operate in this way. It never accesses your geographic location, whether via correlation of located Bluetooth devices or direct access of GPS, cellular, WiFi or other location services provided by your device.

The only semi-related exception to this is that the iOS app uses -- only at the user’s direct request -- the phone’s location services to provide the app with the user’s altitude for the sole purpose of configuring barometric pressure sensors in meteorological mode. Once that altitude information is set, it is not requested again unless the user wants to reset their altitude. This feature has not been built for Android at this time, as the Android location SDK does not provide accurate altitude readings suitable for these calculations. Even in the iOS app where this feature exists, the app never reads the latitude or longitude values, only the altitude and only uses this to pre-populate a form field for the user’s convenience to make it easier to provide necessary setup information. The Android app never accesses any aspect of your location data, ever.

While we certainly appreciate and support the Android team’s attempts to improve privacy, and while this particular design decision on their part does have its justification in protecting users from certain kinds of privacy violations, it unfortunately paints with such a broad brush that it makes it impossible to tell based on requested permissions what we are and are not doing with respect to your location data.

Ultimately, this leaves us in a position where we depend upon your trust in us to respect your privacy. We hope that this explanation as well as our privacy policy help to assure you that this trust is warranted. Our privacy policy outlines the limited information collected by the products and the conditions for this collection. To quote a key passage:

“Under no circumstance do we share personal information (including information about your physical location) for any purpose unrelated to the activation and delivery of the Products, the Software, the Services and SensorPush Content without asking you first. Period.”

Our business is providing you with the best environmental monitoring experience possible, not collecting, mining, or selling your information. You are our customer, not the product, as is all too often the case with tech companies these days.

Hopefully this helps clarify the situation and alleviate any related concerns you may have. If you have any further questions, please feel free to reach out to us at support@sensorpush.com. We are happy to continue the conversation.