New guidelines for accessing background location in Android

New guidelines for accessing background location in Android

Weā€™ve got 2021 and if you are an Android Developer you need to know a few things that are going to change really soon.

There are new guidelines for using background location in Android apps. If you want to use this permission in your app you’ll need to submit a special Permissions Declarations Form in Google Play Store.

  • App published before April 16, 2020 – Submit a compliant version of your app by March 29, 2021
  • Apps published after April 16, 2020 – Submit a compliant version of your app by January 18, 2021

I decided to write this blog post because the whole process of preparing your app for this is not obvious. It took some time for me to understand how Google wants you to prepare your app for this and what steps you need to take before sending the form in the Play Store. 

Google Play Policy – Declared permissions and in-app disclosures

Start from reading official docs and just take a look at video posted at Android Developers channel.

Before sending the form

  • Check if you really need this permission. In my opinion in most cases you donā€™t need it. Setting GPS permission to ā€œWhile app in useā€ should work for most apps.
  • In my case that permission was needed for one special feature in the app. Also I needed to add it because of the change of using foreground services in Android 11 (read my previous blog post: Restrictions to background location and foreground services in Android 11)
  • Make sure youā€™ve added prominent disclosure and runtime permission (with user consent)
    Usage of the location should be clear for user but weā€™ll stop here because in most cases your app can be rejected because of missing proper disclosure
  • Prepare a video of yourself app showing the usage of that feature. Prominent disclosure should be also visible on your video.

Location permissions form

Hereā€™s the form. Prepare a short description of your app and how you want to use background location access and why you need it.

If something is wrong youā€™ll get an answer from Google the same day (of course this can vary). We tried that in November 2020 (maybe in 2021 when you got the deadline the approval/rejection time can be longer).


Letā€™s talk about rejections. I sent this form a few times (I was sure I prepared my app properly but there was always something missing). It looks like we didnā€™t get the clear point how this should be done. I contacted many other developers also trying to fill that form and they’d also been rejected 

Rejections

First attempt

In our case, using background location is needed for one feature. We donā€™t need a background location from all users, we also donā€™t want to ask for a background location if we donā€™t need to.

So we decided to do it like this:

  • Add special disclosure before turning on feature that needs to use background location
  • We added a new fullscreen fragment showing all the info – why we need that permission and how it is used. 
  • We added suggested flow to ask for Background Location permission
  • We donā€™t ask for background location permission if we donā€™t have to. 

For us it was something obvious and we were pretty sure this would work. We donā€™t ask for that permission if we donā€™t need to use it.

Decision: REJECTED

Our review team must be able to verify the featureā€™s functionality in your app. If your feature is not visible to the user then you must demonstrate its functionality in your submitted video.
Your video should show the in-app featureā€™s functionality using location in the background and how a user would trigger the prominent disclosure, runtime permission (with user consent), and the declared feature. If your featureā€™s functionality is not directly visible to the user, then you will need to show us its functionality in a video showing the in-app experience (e.g. notifying the user of a fraud alert).
Please modify your video to demonstrate the declared feature for which you are requesting access to location in the background, and resubmit your declaration form via the Play Console

It wasnā€™t clear for us what was wrong. We understood that the video wasnā€™t right and using the feature wasnā€™t obvious. 

Because the feature we have in our app was strictly related with this Android 11 change: Restrictions to background location and foreground services in Android 11 we thought the Google Play Store Team didnā€™t understand our case.  

We recorded new, resubmitted the form again with a new video but the answer was the same. Status: REJECTED

After sending appeal to our case we got more detailed rejection status. 

Prominent disclosure not foundYour app must display a prominent disclosure through a pop-up alert before your appā€™s location runtime permission. Based on our review, a prominent disclosure did not appear before the runtime permission. Please add a prominent disclosure before the runtime permission.Remember, your prominent disclosure must:Appear before your appā€™s location runtime permission.Include at least the following sentence, adapted to include all the relevant features requesting access to location in the background in the app that are readily visible to the user: ā€œThis app collects location data to enable [“feature”], [“feature”], & [“feature”] even when the app is closed or not in use.ā€ If you extend permitted usage to ads, please also include: ā€œThis data is also used to provide ads/support advertising/support ads.ā€Include any other details necessary to make it clear to the user how and why you are using location in the background. While additional content is permitted, it should not cause the required content to not be immediately visible.

It was missing the point. But letā€™s stop here for a while. I talked with many devs trying to pass this location form and in most cases the proper way of showing prominent disclosure was the problem. This reply from Google is telling exactly what you need to do.

So letā€™s get back to our case. This approach in our case was WRONG:

  • Home screen. We didnā€™t ask for background permission if we didnā€™t have to.
  • There was one feature that could use standard location access (while the app is open). We didnā€™t ask for background permission so there was no disclosure about it. 
  • When the user was trying to use a feature that is using background location access – we created a separate fragment showing disclosure, telling him why, we used proper scope for asking for this permission (recommended by Google for Android 11).
  • User approved this permission for this feature – the feature is ready to go.

As I know, many devs were trying to use it just just like that. You wonā€™t be accepted if you have scope like this in your app.

You should do something like this

To pass Google Play Store review you need to have prominent disclosure before asking for ANY location access. Thatā€™s the change we made. We left the second consent screen before turning on features that need to use background location access (we want to be transparent for users).

In the disclosure we wrote how we use location in general and we mentioned features. We said that most features donā€™t need to use background location and you wonā€™t be asking for it if we donā€™t need it but you should be aware that if you want to use (in our case) GPS recording feature – you need to allow background location permission. And later weā€™ve got recommended scope for asking for it.

Keep in mind your use case can vary. If you are using ads – you need also put this information in that disclosure (we donā€™t use ads or Advertisement ID).

  • Verify if you really need background permission access. You can still use foreground service for location (if you are not starting it from the broadcast receiver or any other background process). In that case foreground service is becoming background service and you need this permission. 
  • Show proper dialog telling how you use location in your app. Do it always before asking for any location permission.
  • Remember about using proper scope for asking for background location (especially for Android 11)
  • Record a short video (required by the form) showing your feature. Disclosure dialog should be also visible on the video.

TL;DR

Summary

We started working with the form in October 2020 so it was just after Google released it. Like I said before, because this is manual review, this process may vary for you. Your use case can be different but many developers were missing proper disclosure.  

Also donā€™t forget to look at official docs that are updated.

If you find this article useful, ping me on Twitter @adekk and leave a comment. Itā€™s always great to have feedback from readers.

This article was also posted at Medium.

Restrictions to background location and foreground services in Android 11

Restrictions to background location and foreground services in Android 11

Android 11 is officially out! There are many changes related to privacy you should know about and it’s good to check your apps for potential flaws. It’s also good to know what are the current platform restrictions.

I’d like to focus on important change in Android 11 that can affect your app if you are using location and foreground service. What’s important, it doesn’t matter if you are targeting your app to API29 or to the latest API30. If you are using device with Android 11 it’s also good to know how to deal with location permissions and when your app can be blocked.

Let’s get back to Android 10 for a moment.

Android 10 (API level 29) introduced a number of features and behavior changes to better protect users’ privacy. Read privacy changes docs.

To support the additional control that users have over an app’s access to location information, Android 10 introduces the ACCESS_BACKGROUND_LOCATION permission.

Unlike the ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION permissions, the ACCESS_BACKGROUND_LOCATION permission only affects an app’s access to location when it runs in the background. An app is considered to be accessing location in the background unless one of the following conditions is satisfied:

  • An activity belonging to the app is visible.
  • The app is running a foreground service that has declared a foreground service type of location.To declare the foreground service type for a service in your app, set your app’s targetSdkVersion or compileSdkVersion to 29 or higher. Learn more about how foreground services can continue user-initiated actions that require access to location.

TL;DR: It’s clear. You can use location in the app only when you are showing the user your app, user can see what’s going on and is aware of that. That’s why foreground service type was introduced.

Use case: GPS Tracker

Let’s talk about real example here. I’m working on an app that is recording trips (routes) with GPS. Change that was made in Android 10 wasn’t problematic for us. We are always showing user some UI that the app is working – notification (so we run foreground service working with active notification)

Question: Do we need to use ACCESS_BACKGROUND_LOCATION permission?

No. We are showing notification to the user, user can see that the app is working, everything is fine. And we are asking only for location Allow only while using the app. We don’t need background permission. That’s great!

Auto trip recording

In our app we have some feature called “autostart“. User can start recording automatically. For example when entering their vehicle. Simple BROADCAST RECEIVER matched with Bluetooth.

You can set this up. When you are connected to some BT device, app is starting recording route. We are starting foreground service, showing info to user.

Question: Do we need to use ACCESS_BACKGROUND_LOCATION to start GPS recording with BROADCAST_RECEIVER?

Android 10: No. Start foreground service, get location with foreground service.

Android 11: Yes. You can’t use location even with foreground service when it was started by BROADCAST_RECEIVER. Broadcast Receiver for Android 11 is background process.

When trying to start foreground service with Broadcast Receiver you’ll get this error:

Foreground service started from background can not have location

Solution: You need to get ACCESS_BACKGROUND_LOCATION for your app. Even when using foreground service. The same foreground service will work without having this permission if user stars it manually from your app (e.g. clicking record button in your app).

Changes in Android 11

At Android Developers Summit ’19 Dianne Hackborn said that “Abusing foreground services is becoming big issue and we have to do step to address that…

I believe this is the “step“.

Foreground services in Android 11

Source: /11/privacy/foreground-services

Android 11 changes when foreground services can access the device’s location, camera, and microphone. This helps protect sensitive user data.

Restrictions to access while in use

Restrictions to access while in useIf your app starts a foreground service while running in the background, the foreground service cannot access the microphone or camera. Additionally, the service cannot access location unless your app has background location access.

Asking for location permission in Android 11

I believe that in most cases you don’t need ACCESS_BACKGROUND_LOCATION for your app. It’s always good to analyse your needs here. If you need it for your use case – be aware of other changes here. You can’t ask for this permission directly. And this is another big change in Android 11.

Android 10 vs Android 11

If you are using Android 10 and you’ve added ACCESS_BACKGROUND_LOCATION to your manifest you’ll see this prompt:

Asking for BACKGROUND_PERMISSION in Android 10

Note: You’ll see Allow all the time permission if you are using Android 10.

When using Android 11 you won’t see option for Allow all the time anymore.

Get consent for background location in Android 11

This is Google’s suggestion how to deal with it. Starting Android 11 you need to explain user why you need background permission and you can’t get consent with just a click.

Always explain user why background location permission is needed and direct user to app’s settings screen.

You need to redirect user to app’s settings screen.

User is forced to manually change permission for your app (that’s why explaining him why he should do that is so important)

There’s a great codelab regarding location permission in Android 10 and Android 11. I suggest to check Receive location updates in Android with Kotlin.

This article was also published on Medium.

Android Dev Summit 2019 – my recap

Android Dev Summit 2019 – my recap

I was attending Android Dev Summit 2019 in Sunnyvale and I’d like to share my thoughts after the event. It’s my small recap of my experience. But let’s start from the beginning.

Android Dev Summit and Google I/O. Why do we need two Android events from Google?

You can’t compare these two events. They are completely different. I’m starting from this because I know that in #androiddev community it’s not obvious why do we have Android Dev Summit and why it’s not a part of Google I/O.

I’ve also been to Google I/O so I can tell the difference from my own experience.

Google I/O is probably the developer conference (especially if you are into Google’s technologies) but it’s more like a festival. I can’t compare this event to any other event I’ve been to but if you are a developer and you are focused around Google’s technologies – it’s like being at the best music festival with your favorite lineup.

If you are Android developer – Google I/O is important, but it’s focused on announcements. Of course you’ve got access to Googlers (networking is another best thing I can think of) but it’s not focused only on Android and it’s future.

Android Dev Summit is a conference focused only on Android, its framework and future. It’s organised by people directly involved in the Android development. You’ve got access to Googlers directly working on Android andĀ all its parts (Jetpack, Play Store, Android Studio, Android for Cars…). It’s 2-day event and the goal here is to invite Android developers and give them deep technical talks about platform and coming changes to the platform. Also it’s the right moment to get feedback from them. This is important, I was surprised how all teams are open here and waiting for your feedback (greetings to Ian Lake)

For almost two days you’ve got access (Office hours) to all Android teams waiting for your questions.

If you are not attending the event in person – don’t worry – keynote is live streamed on YouTube and all other talks are shared on YouTube few days after the event. It’s one week since the event and you can already watch them here (all Android Dev Summit 2019 sessions)

Networking

Just like at Google I/O – it’s a good place to meet (new) people know only from the internet. A lot of GDEs (Google Developer Experts) and people working in companies located in Sillicon Valley area.

Breaks between talks were also really awesome – it was a perfect moment to share and exchange your thoughts with others about the topic.

Let’s get back to the main topic – Android

My favorite points from Android Dev Summit 2019

This part is especially for Android developers. I’ll skip keynote here but I think you should start watching talks from ADS from keynote to have a better overview.

If you are Android Developer, make sure to watch this:

  • Jetpack Compose
    I think everyone is following this topic and if you are Android developer you should know it’s the future. It’s good to know about upcoming changes here
  • Preparing for Scoped Storage
    This is a really big change in Android. I’m not sure why it is ignored by many Android developers. Make sure to watch this video and think how you should change your app to be ready for this.
    In my opinion it’s one of the biggest changes coming to Android. I don’t feel comfortable here with new APIs and I hope Google will give us more examples how we should use it and which API (this is my main concern).
  • LiveData with Coroutines and Flow
    I feel Flow will be trending topic on Android’s dev conferences.
  • Motion Layout
    Make sure to watch to this session (“What’s New in Android Studio Design Tools”). I think this is huge!
  • Understanding Compose
    Interesting, deep technical talk I didn’t understand when I was there. I needed to watch it again and probably I’ll do it again.
    I think it can be a game changer and we’ll see more talks about it on Android conferences.
  • Developing Themes with Style
    Crash course in themes and styles. And if you know it’s made by Nick Butcher and Chris Banes – you know it’s gonna be good. And it was it. One of my favorites.
  • What’s new in Android Studio 4.x
    I think it’s important to watch this session. Probably you are not using canary versions in Production but make sure you watch this to see what new tools you’ll get it.
  • An Opinionated Guide to Dependency Injection on Android
    OK, maybe it wasn’t real deep technical talk but you’ll learn here what’s the future of DI in Android and why you should still stick with Dagger. This is a good thing. I was waiting for this.
    TL;DR: Google knows dagger.android wasn’t the best thing they made for Android and in future they’ll try to give us better solution here. No details. I think we need to wait a while for more detailed info.
    PS. There is new codelab from Google for Dagger
  • Fragments: Past, Present, and Future
    More changes coming to Fragments. Be sure to watch it.

I was also pleasantly surprised with these talks:

If you are into Android development make sure to watch sessions from this event. Simply start from the keynote.

Report bug, use official issue tracker

This is something I also learned there. Google is listening to your feedback and there’s no better way of reporting it than official issue tracker.

If you think they are not reading it – you are wrong! It’s reporting issues on Twitter that is not working šŸ˜‰

Android Auto / Android for Cars

I was looking forward to see some news regarding Android Auto / Android for Cars. Unfortunately, no news here. There was no Android Auto team present. There was only Android for Cars team presenting latest version of Android for Cars in Volvo XC40. But still the platform is closed for third party apps (other than multimedia and instant messaging).

You can see short presentation here: How to Build Media Apps for Cars (Android Dev Summit ’19)

I hope this situation will change in near future. For us, it’s the only one closed mobile platform for our navigation (Apple opened this gate before Google).

 

Some photos from the event

Android Series #1: App quality, Vitals

Android Series #1: App quality, Vitals

I’m starting Android Series on my blog (yay!). Today I’d like to focus on a news that was announced by Google 2 weeks ago and I feel that this post from official Andoid Developers Blog didn’t get much attention. I talked with many Android developers on many events and I know how approach for maintaining code can vary. In most cases on conferences we are focusing on technology, technical stuff and we forgot about quality. Don’t get me wrong, I know that Google is trying to change this situation. I’ve been to Google I/O 2018 and I was talking with Googlers about it but I saw also that many developers are more exited about technical news from Android’s world and they didn’t get much attention to this topic. It is worth to mention that new technical stuff we got from Google like Android Jetpack, Architecture Components – they are also here to help us to improve the quality – better architecture – more solid app, less crashes, better performance (so this is connected). What’s “the quality” in Android’s world?
Posted by Paul Bankhead, Director, Product Management, Google Play … Over the last year, we’ve been enhancing our search and discovery algorithms’ consideration of app quality and user engagement. This means that apps and games that have high retention rates, low crash rates, low uninstalls, and many other factors, are recommended more often. Recently, we increased the importance of engagement and app quality in our recommendation systems and users reacted favorably to the changes. With more high quality titles being surfaced in the Play Store’s recommendations, people are playing the games they download more often.
Paul Bankhead briefly listed factors that affect the quality of Android applications. We heard in the past that stability and performance is a factor when you are thinking about ASO (App Store Optimization). Now it is more clear what does it mean and we know that Google is already using this factor to filter search results at Play Store (search results, recommendations…). You want more downloads for your app? Make your app stable and don’t forget about performance.

Android Vitals to the rescue!

You’ll find Android Vitals in Google Play Console.
Android vitals is an initiative by Google to improve the stability and performance of Android devices. When an opted-in user runs your app, their Android device logs various metrics, including data about app stability, app startup time, battery usage, render time, and permission denials. The Google Play Console aggregates this data and displays it in the Android vitals dashboard.
Do you care about high retention or low uninstall rate as a developer? Probably you are focusing on crashes, ANRs mainly. It’s not enough right now. You could miss some important factors you’ll find in Android Vitals. It’s easier to understand this when you are working on your app for many years. You’ll see then also that in many cases fixing/improving Android Vitals can be a long term process. You could say that’s it’s not your problem as a developer – retention, number of downloads – it’s marketing or maybe product owner should care about this. Maybe, but right now you should be aware that with Android vitals as a factor in Play Store you are also responsible for this. All sides of a project should have this knowledge. Product manager was ignoring your suggestions about this? Tasks related with performance were moved to low priority queue? Right now maybe you should change your way of dealing with it. Especially when the app is your business. If you are a developer don’t focus only on problems mentioned for example in Crashlytics console. Be aware about Androd vitals. I hope that Google in future will move some information from vistals to Crashlytics console. I started writing more detailed article about Vitals but in my opinion Wojtek Kaliciński’s treatment of the subject is exhaustive. Wojtek posted two great articles about Android Vitals and you should read it:
  1. How to fix app quality issues with Android vitals
  2. How to fix app quality issues with Android vitals (Part 2)
I strongly suggest you also to to see the session about it from Google I/O ’18 See you next time!  
How to install WordPress on Google Cloud

How to install WordPress on Google Cloud

You are reading this post thanks to Google Cloud. To be honest, I’ve installed this blog “unexpectedly” while testing some features of Google Cloud. Possibility to try WordPress using Google Cloud pushed me finally to fill my empty domain with this blog. It took me just a few minutes.

Few words about Google Cloud

Google Cloud Platform, offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search and YouTube. Alongside a set of management tools, it provides a series of modular cloud services including computing, data storage, data analytics and machine learning (Wikipedia)

You can install WordPress in Google Cloud in a few minutes. WordPress is a part of Compute Engine in Google Cloud. If you want to try it just useĀ Cloud Launcher. You’ll find there WordPress icon.

Using this method you can install WordPress in a few minutes. It will deploy new virtual machine and after few minutes you’ll get web server with WordPress installation. In Google Cloud console you’ll find all credentials (access to SSH, mysql access, PhpMyAdmin, WordPress generated passwords etc).

With recommended WordPress installation you’ll get virtual machine with Apache HTTP Server 2.4.+, MySQL 5.5.+
and PHP 5.6.+. Quick tip, you can use also virtual machine with WordPress certified by Bitnami which is using for example newer version of MySQL 5.7 and PHP7. It is also cheaper but we’ll talk about prices later.

How to install WordPress in Google Cloud

Let’s start from the beginning and install WordPress certified by Bitnami

Go to Cloud Launcher and select WordPress certified by Bitnami.

Click Launch on Compute Engine. You should see the form that is visible on the screenshot below. You’ll see there also price estimation (and like I said, we’ll get to this point (pricing) later. Just make sure to select us-centra1-f and small machine.

Machine type smallĀ will give you 1 shared vCPU and 1.7GB which is OK for simple blog. I tried micro (1 shared vCPU, 0.6 GB memory, f1-micro) but this machine was to weak to run my blog without problems. It was working but I’ve got problems with database connections, editing posts sometimes. Just go with small plan at start.

Click deploy and you’ll see that Google is preparing your machine

It will took just a minute and you’ll get all info you need to login to your WordPress installation.

And it’s done! You’ll get URL to your machine and WordPress running. All you need to do right now it to redirect your domain to this URL. Simple, right? With Bitnami version of WordPress you’ll get installation with

Configure your domain and SSL certificate

I’ve create seperate blog post how to get SSL (HTTPS) for your blog for free with Cloudflare:Ā How to get free SSL certificate (HTTPS) for free?Ā If you want to use Cloudflare it’s good to install Cloudflare plugin to your WordPress instance before activating SSL on your domain. This should fix issues with potential redirect loop.

Benefits of hosting your blog on Google Cloud

As always, there are pros and cons. Let’s start from good things.

  1. Scalability
    With cloud you are paying for the CPU usage/traffic. If you are running site with big traffic – it can be quite a good choice.
  2. Security
  3. Guaranteed uptime
  4. Custom configuration
    If you want to change defaults (Apache, PHP parameters etc), some server settings, it’s not always possible when you are at shared hosting provider. You have the complete control over what you want to do with your machine instance.Ā You don’t have to depend on a single shared server to host your site.

Pricing

I don’t want to put “pricing” to cons (right now). For small blog, probably it’ll be much more expensive than a standard shared hosting you can get. Let’s be honest – Google Cloud wasn’t created only to serve WordPress blogs and it’s not the best example to showcase it.

I want to git it a try for a few months and we’ll see. Right now with smallĀ machine current pricing plan is not the cheapest solution you can get. I read that it’s possible to optimizeĀ g1-micro virtual machine for sites like this (with very low traffic).

Updated: 23.07.2018

I switched to micro plan and I’m able to host my blog without any cost right now.