Cordova-plugin-background-geolocation: Why do we need GET_ACCOUNTS permission ?

Created on 8 Aug 2017  路  8Comments  路  Source: mauron85/cordova-plugin-background-geolocation

I don't see a point why there are so many permissions required.

Can you explain the need of those:

  1. GET_ACCOUNTS
  2. AUTHENTICATE_ACCOUNTS

Thanks

question

Most helpful comment

Is there an official way to exclude these permissions if you don't want to use background position sync?

I found if I remove the following permissions because I don't want sync or boot functionality the app will crash in LocationService.java with a security exception (not a surprise really)

    <uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
    <uses-permission android:name="android.permission.GET_ACCOUNTS" />
    <uses-permission android:name="android.permission.READ_SYNC_SETTINGS" />
    <uses-permission android:name="android.permission.WRITE_SYNC_SETTINGS" />
    <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />

But the fix for that is simple, wrap setting syncAccount in a try catch and don't attempt sync if syncAccount is null. The client now happily runs without those permissions.

All 8 comments

it's for background position sync

Is there an official way to exclude these permissions if you don't want to use background position sync?

I found if I remove the following permissions because I don't want sync or boot functionality the app will crash in LocationService.java with a security exception (not a surprise really)

    <uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
    <uses-permission android:name="android.permission.GET_ACCOUNTS" />
    <uses-permission android:name="android.permission.READ_SYNC_SETTINGS" />
    <uses-permission android:name="android.permission.WRITE_SYNC_SETTINGS" />
    <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />

But the fix for that is simple, wrap setting syncAccount in a try catch and don't attempt sync if syncAccount is null. The client now happily runs without those permissions.

Notice: this issue has been closed because it has been reported for branch 2.x or later. It could be already fixed in v3 or is not relevant anymore. You may reopen this issue if it has been closed in error.

"On Android 5.1 and lower, all apps need "GET_ACCOUNTS" permission to read information about any account."

I can't figure out why it is needed for syncing. From what I understand, background sync sends position to a third party server url doesn't it ? So why would it need user account informations ?

Special account is needed to background sync work. Latest Android SDK doesn't require "GET_ACCOUNTS" permission, but unfortunately old version of Android does. So it needs to stay.

Thank you @mauron85 but that's my point. Can you tell why background sync needs this permission ?

(I'm discussing with my boss to make the proper privacy policies. That's why I'd like to know.)

This permission was finally dropped in some of latest alphas.

Now sync is not Working...

Was this page helpful?
0 / 5 - 0 ratings