Compliance with Play Store developer policies for PII collection disclosure
derickl opened this issue · 4 comments
Shadow issue: https://github.com/medic/medic-projects/issues/7536
This is blocking projects so we need to start working on this right away. Scheduling for 3.10.0.
This is ready for AT on branch 5917-goodbye-periodic-gpsing.
Please test it against cht-core branch 5917_better-gps along with medic/cht-core#5917
For Android >= 6, you should not get a permission request the first time you boot the app. Instead, you should get a permission request when you create/edit a report or open a task.
The permission request will keep appearing on the next create/edit/open, until you accept or "deny and don't show again".
For Android 5 and 4, you should get no permissions requests, as in these versions, permissions are granted automatically when the app is installed.
Against a cht-core version that is not 5917_better-gps and Android >= 6, location permission will never be requested, never be granted and Geolocation data will not be recorded on reports.
It would also be good to test this as a "branded flavor" (where we skip the "Settings" page). I'm sure if there's an easier way to do this, except for updating the fixed_app_url property here https://github.com/medic/medic-android/blob/5917-goodbye-periodic-gpsing/src/main/res/values/strings.xml#L5 .
LGTM.
For Android 5 (and maybe earlier versions), there permissions prompt before the app is installed and with Android 7 (and maybe adjacent versions), there is a 'bold' claim that the app does not require any access... but I guess these are Google-level warnings. See screenshots below, courtesy of @mrjones-plip .
Android 5 - Install
Android 7 Install -
Android 7 - Edit report
Android 10 -
Pinging @derickl to have a look at those and give it a quick test on different versions they might have available.
Merged into master.