Select Page
Restrictions to background location and foreground services in Android 11

Restrictions to background location and foreground services in Android 11

Android 11 is officially out! There are many changes related to privacy you should know about and it’s good to check your apps for potential flaws. It’s also good to know what are the current platform restrictions.

I’d like to focus on important change in Android 11 that can affect your app if you are using location and foreground service. What’s important, it doesn’t matter if you are targeting your app to API29 or to the latest API30. If you are using device with Android 11 it’s also good to know how to deal with location permissions and when your app can be blocked.

Let’s get back to Android 10 for a moment.

Android 10 (API level 29) introduced a number of features and behavior changes to better protect users’ privacy. Read privacy changes docs.

To support the additional control that users have over an app’s access to location information, Android 10 introduces the ACCESS_BACKGROUND_LOCATION permission.

Unlike the ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION permissions, the ACCESS_BACKGROUND_LOCATION permission only affects an app’s access to location when it runs in the background. An app is considered to be accessing location in the background unless one of the following conditions is satisfied:

  • An activity belonging to the app is visible.
  • The app is running a foreground service that has declared a foreground service type of location.To declare the foreground service type for a service in your app, set your app’s targetSdkVersion or compileSdkVersion to 29 or higher. Learn more about how foreground services can continue user-initiated actions that require access to location.

TL;DR: It’s clear. You can use location in the app only when you are showing the user your app, user can see what’s going on and is aware of that. That’s why foreground service type was introduced.

Use case: GPS Tracker

Let’s talk about real example here. I’m working on an app that is recording trips (routes) with GPS. Change that was made in Android 10 wasn’t problematic for us. We are always showing user some UI that the app is working – notification (so we run foreground service working with active notification)

Question: Do we need to use ACCESS_BACKGROUND_LOCATION permission?

No. We are showing notification to the user, user can see that the app is working, everything is fine. And we are asking only for location Allow only while using the app. We don’t need background permission. That’s great!

Auto trip recording

In our app we have some feature called “autostart“. User can start recording automatically. For example when entering their vehicle. Simple BROADCAST RECEIVER matched with Bluetooth.

You can set this up. When you are connected to some BT device, app is starting recording route. We are starting foreground service, showing info to user.

Question: Do we need to use ACCESS_BACKGROUND_LOCATION to start GPS recording with BROADCAST_RECEIVER?

Android 10: No. Start foreground service, get location with foreground service.

Android 11: Yes. You can’t use location even with foreground service when it was started by BROADCAST_RECEIVER. Broadcast Receiver for Android 11 is background process.

When trying to start foreground service with Broadcast Receiver you’ll get this error:

Foreground service started from background can not have location

Solution: You need to get ACCESS_BACKGROUND_LOCATION for your app. Even when using foreground service. The same foreground service will work without having this permission if user stars it manually from your app (e.g. clicking record button in your app).

Changes in Android 11

At Android Developers Summit ’19 Dianne Hackborn said that “Abusing foreground services is becoming big issue and we have to do step to address that…

I believe this is the “step“.

Foreground services in Android 11

Source: /11/privacy/foreground-services

Android 11 changes when foreground services can access the device’s location, camera, and microphone. This helps protect sensitive user data.

Restrictions to access while in use

Restrictions to access while in useIf your app starts a foreground service while running in the background, the foreground service cannot access the microphone or camera. Additionally, the service cannot access location unless your app has background location access.

Asking for location permission in Android 11

I believe that in most cases you don’t need ACCESS_BACKGROUND_LOCATION for your app. It’s always good to analyse your needs here. If you need it for your use case – be aware of other changes here. You can’t ask for this permission directly. And this is another big change in Android 11.

Android 10 vs Android 11

If you are using Android 10 and you’ve added ACCESS_BACKGROUND_LOCATION to your manifest you’ll see this prompt:

Asking for BACKGROUND_PERMISSION in Android 10

Note: You’ll see Allow all the time permission if you are using Android 10.

When using Android 11 you won’t see option for Allow all the time anymore.

Get consent for background location in Android 11

This is Google’s suggestion how to deal with it. Starting Android 11 you need to explain user why you need background permission and you can’t get consent with just a click.

Always explain user why background location permission is needed and direct user to app’s settings screen.

You need to redirect user to app’s settings screen.

User is forced to manually change permission for your app (that’s why explaining him why he should do that is so important)

There’s a great codelab regarding location permission in Android 10 and Android 11. I suggest to check Receive location updates in Android with Kotlin.

This article was also published on Medium.

How to get free SSL certificate (HTTPS) for free?

How to get free SSL certificate (HTTPS) for free?

If you are setting up any website today SSL certificate (https://) is a must have. July 2018 will be a game changer and you should be prepared for this date.

While I work in mobile right today I’m getting questions about this because I spent many years working with web and still I’m trying to be up-to-date with new web technologies and trends. This kind of knowledge is also very useful in mobile because web and mobile are connected and this connection in my opinion is getting closer and closer (see PWA, Instant Apps, Flutter…).

(Let’s get to the point) Let’s say you’ve got website without SSL (HTTP) and you are afraid you’ll get some penalty for not having SSL. Is this true? What will happen in July 2018?

Take a look at Google Security Blog and post from February 2018:

For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

What is also important, this will be additional factor for Google Search results (SEO). If you want to keep top positions in Google’s search results – keep it in mind.

How to add SSL (HTTPS) to my site? 

Let’s just simplify this:

  • You can probably buy SSL certificate at your hosting provider (as your hosting provider)
  • You can get free certificate from https://letsencrypt.org/ and install it on your server (ask your hosting provider how to do it and what is important – ask if this is possible. I know that not all hosting providers are allowing to do that – because for example they want to sell you one…)
  • Use Crowdflare service for free and move your website to HTTPS in a minute

 

I’d like to focus on Cloudflare

Cloudflare provides content delivery network services, DDoS mitigation, Internet security and distributed domain name server services, sitting between the visitor and the Cloudflare user’s hosting provider, acting as a reverse proxy for websites.

It may sound like a sponsored article but it’s not. Cloudflare is really great service that can help you in many ways:

  • Stop attacks directed at a website
  • Dynamically modify content in order to improve performance
  • Insert applications into web pages
  • Provide rich analytics on all the requests to your website
  • Automatically determine what objects are static and cacheable at the network’s edge without any user configuration
  • Provide a network gateway between protocols like IPv6 \<-> IPv4
  • Make installing SSL flexible and one-click easy
  • And many more things a traditional CDN can’t provide….

How to set up your domain with Cloudflare?

Read this FAQ tutorial to know how to move your domain to Cloudflare. This is starting point for the service. Once you have it – you can try to use and test it’s features. Just start with Free service

Once you have. Your domain is active at Cloudflare. How to turn on SSL?

Just go to Crypto tab and enable SSL (Flexible can be good start point, for blog, landing page – you can start using it without a problems)

Is that all?

Just check your website and other option in Crypto

If you have mixed content you want to enable also Automatic HTTPS Rewrites and if you want to make HTTPS your default URL Always use HTTPS

That’s it. Check your website, you should see SSL confirmation

So it’s just a friendly reminder for July 2018 and make your users more secure.

 

Why I started a Blog

Why I started a Blog

As you can see I started my own blog and you are probably thinking why?

What’s the purpose?

I was thinking about starting my own blog years ago. As you can see that didn’t happen and my own domain was inactive for many years. I was posting different kind of things in various social media channels and for years it gave me some kind of illusion that actually it’s the best way to share your thoughts, knowledge and it’s working. I’ve got Facebook or Twitter, I’m sharing my moments there so what’s the purpose? I used the phase “moments” deliberately because it is how it works right now. It’s hard to say what’s the average lifetime for posts on Facebook or Twitter but I after day or two, almost no way will see your content and it’s getting worst because for example Facebook is not showing your content to all of your friends etc. Second point is that it’s really hard to get back to some of your thoughts written there.

I’m not doing this for clicks, views, mostly for myself but you know how it is, if anyone can find it useful I will be really happy!

I’d like to focus on few things right now:

  • developers’ world
  • mobile (of course Android)
  • innovation/new technology
  • startups/business
  • and we’ll see what else 🙂

So as you can see a little bit of mixed stuff. A little bit of developer’s blog, startup blog, reviews. Who knows. Firsts of all let’s see how it works. Let’s give it a try!

OK, but why in English?

It took me some time to make this decision. For many years right now my primary language is English. For developers or in startups’ world it is also primary language, so why not? And there’s always a space to polish language skills.