Background geolocation and user privacy issues

[FluorescentHallucinogen]

One of the problems with background geolocation is that the user gives access to it once, and then the app can use it (in service worker) if it's minimized or even closed (see the use cases), and the user may not know about it. This is a user privacy issue. Therefore, some kind of visual indicator is needed.

Native Android apps shows an icon in the status bar (when geolocation is accessed):

But this approach has a few drawbacks:

• The icon is small and may not be noticeable enough.
• It's not clear which app uses geolocation.

That's why I propose persistent notification:

This approach is already used for accessing audio and video input:

[tomayac]

Thanks for filing this issue. It's well on our mind, yet no spec text has landed yet.

One idea we're exploring in parallel is whether Wake Locks can be used to make background geolocation happen, please see the related issue over in the Wake Lock repo.

Coincidentally, I've written an article where in the Closing Thoughts paragraph I bring up exactly the point you bring up.

[FluorescentHallucinogen]

Another idea that came to my mind is to revoke permissions if the user didn't run the app for a long time. Generally speaking, this approach can be applied not only to geolocation, but to any permissions. This can be used as additional protection e.g. if the user has forgotten that once grant the permission.

[tomayac]

Another idea that came to my mind is to revoke permissions if the user didn't run the app for a long time. Generally speaking, this approach can be applied not only to geolocation, but to any permissions. This can be used as additional protection e.g. if the user has forgotten that once grant the permission.

Fully agree this is an issue, and also fully agree it is a bigger question not just limited to the context of this spec. It seems the generic issue where questions like this are discussed is now w3c/permissions#124.

[FluorescentHallucinogen]

On the other hand, if the user has already installed the web app (WebAPK, TWA), then it could grant some permissions by default even without a prompt, since it's already in some sense trusted (e.g. accessing motion sensors for VR/AR apps).

[tomayac]

All great points. From the W3C Permission Workshop report:

• On the "installation ceremony" (the installed web): https://www.w3.org/Privacy/permissions-ws-2018/report.html#scary-permissions.
• On persistent permissions: https://www.w3.org/Privacy/permissions-ws-2018/report.html#persistence.

These points deserve thorough discussion (much of which has happened already), but over in the Permissions repo :-)

Let's keep this Issue focused on background geolocation indication.

[hadriann]

Any updates on this?

In the meantime, the System Wake Lock API was dropped and we ended up with a Screen Wake Lock API that's pretty useless in this regard.

IMO this is a non-issue and I think things got a little mixed up here. The background geotracking should be no different in web apps than in native apps. No special treatment is required. Operating systems are already showing some sort of status notification when the GPS is in use, regardless what app uses it. The type of notification (be it icon, text, persistent or otherwise) is of no concern for this spec. At most, an issue (or feature request) can be raised with a specific OS if someone feels the need for changing the system notification.

I would suggest not trying to solve all platform-related issues with this spec, but rather focus on getting the background geolocation on par with the native apps, as imperfect as that may be.