1

Google keeps telling me my app is accessing the location in the background. I'm targeting SDK 29, and I do not have the ACCESS_BACKGROUND_LOCATION permission. I do have ACCESS_FINE_LOCATION.

I'm starting to think that maybe an ad network is doing it in the background, but I would like to confirm this by looking at logs. Is there a way to do that?

Edit: The answer below about AppOps has been very useful however I've submitted an update fixing every issue found that way and I'm still having a problem with the Play Store rejecting the update due to background location. So is there some other way to figure this out? maybe something on older versions of Android?

casolorz
  • 8,486
  • 19
  • 93
  • 200

1 Answers1

1

If you have access to an Android 11 device, there are new data access APIs available that you can tap into to find out what in your app is using dangerous permissions like this.

In this sample project (profiled in this book), I have some code to record stack traces from all dangerous permission uses:

    getSystemService(AppOpsManager::class.java)
      ?.setOnOpNotedCallback(executor, object : AppOpsManager.OnOpNotedCallback() {
        override fun onNoted(op: SyncNotedAppOp) {
          Log.d(TAG, "onNoted: ${op.toDebugString()}")
          RuntimeException().printStackTrace(System.out)
        }

        override fun onSelfNoted(op: SyncNotedAppOp) {
          Log.d(TAG, "onSelfNoted: ${op.toDebugString()}")
          RuntimeException().printStackTrace(System.out)
        }

        override fun onAsyncNoted(op: AsyncNotedAppOp) {
          Log.d(TAG, "onAsyncNoted: ${op.toDebugString()}")
          RuntimeException().printStackTrace(System.out)
        }
      })

(as part of other code in a custom Application subclass)

In the context of that sample, it will record the fact that the app is obtaining the location from its viewmodel. But, that's just based on the sample — in a larger app, it would record the permission uses from anything, including your ad network library.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • Thank you for that code. With that I so far have seen only one sort of background request. Basically as soon as I press home, flurry asks for location. I'm not sure how to tell if that is considered background or not. – casolorz Jan 26 '21 at 01:58
  • @casolorz: That could be "a timing thing", particularly depending on how Flurry is detecting the HOME press and what it is doing in response to that. It also seems silly -- does Flurry think that pressing HOME means that the user really gets transported to their home or something? :-) – CommonsWare Jan 26 '21 at 12:35
  • 1
    So I stepped their code and they always get `null` when they request the location, but if I add the `ACCESS_BACKGROUND_LOCATION` and give that permission to my app then they don't get `null`. So I'm pretty sure it is considered to be a background call. I'm doing a bit more testing just to make sure. – casolorz Jan 26 '21 at 12:41
  • I've fixed every situation where `AppsOpsManager` said I was using location while the app was on the background, however after submitting a new apk the Play Store is still complaining about it. Any other way of checking this that you can think of? particularly on Android < 10? – casolorz Jan 26 '21 at 20:54
  • @casolorz: Nothing simple leaps to mind. You could collect Logcat for a while when your app is in the background and seeing if there are any signs of what's going on. There may be static APK analyzers that could try to identify what is using `LocationManager` in your APK. – CommonsWare Jan 26 '21 at 22:09
  • Thank you, I'll see if I can find that. I also found out `WifiManager` uses location when getting the network info, so I have a feeling there could be tricky places that aren't obvious. – casolorz Jan 26 '21 at 23:10