One thing I am always aware of are apps that want permission to access Bluetooth and/or Wi-Fi and/or Networks.
Even though Bluetooth is very short ranged it can still be used to tie you into a location within a database based on other database records that are more detailed.
Yeah, I love playing you “My Great Dog-sitting Simulator” (not a real app) but you do not need access to my BT. The OS handles sending your audio to my headphones!
I haven’t done an extensive survey or anything, but every modern router I’ve interacted with supports setting up a secondary WiFi network with guest isolation (so anything on that SSID can’t see any network device besides the router and itself). This is useful for apps or hardware that is untrusted and/or demands unjustified permissions.
Correct, using the guest network is better but I think turning off WiFi and just using mobile data is sufficient. I wonder if the permission applies to cellular connectivity as well.
Sure, removing your network from the equation is definitely a more secure option; just make sure the app isn’t using those granted permissions in the background when you’re done using it and log back into your network.
Oh no, it absolutely isn’t. It’s actually a feature apple implemented to stop apps from scanning and interfacing with the devices on your local network without your approval and Teams has zero explanation on why it needs that permission nor why the calls can’t be made without it while every single other app is able to do so without that permission.
The only other apps that require it are device specific apps (printer, local smart home stuff, FTP, DLNA, etc) and network scanners.
Is it possible that Android doesn’t have that permission and therefore Teams is able to scan the network regardless? You could test it out with an SSH or network scanner app for example
I remember when Bluetooth started demanding location permissions. You’ll never convince me that it’s functionally required or provides any benefit other than furthering efforts to spy on the user.
When it started being rolled out, I avoided any app or hardware that made that demand. Sadly, that’s no longer an option if I want any Bluetooth at all.
It’s not like Bluetooth started demanding location permissions, the conceptual model of the permission was revised: having access Bluetooth means an app could determine your location via a form of lateration.
In earlier versions of smartphone operating systems, this was not transparent to users lacking the technical background, so Bluetooth also requiring location access is actually an attempt at making users aware of that. I’m not an iOS developer, so I can’t comment on iPhones, but on Android versions prior to 11, having access to Bluetooth meant an app would be able to determine your location.
Today, you can require the permission ACCESS_FINE_LOCATION, which expresses that your app might use Bluetooth to obtain location information on Android. Also, if you’re just scanning for nearby devices to connect your app to, but don’t want users to be confused why your smart fridge app needs to know your precise location, you can declare a permission flag (neverForLocation) and Android will strip beacon information from the scan results, better asserting your intentions.
So, overall: no, there is nothing nefarious going on, it was always possible to determine your location via Bluetooth, and the update to the permission model was an honest improvement that actually benefits you as user.
Now, there are still plenty of shady apps around, and apps that are poorly written - don’t use those.
I believe it’s only required during the pairing process, but as the other observer pointed out, I don’t know much about it. If you’re able to circumvent the process, more power to you!
One thing I am always aware of are apps that want permission to access Bluetooth and/or Wi-Fi and/or Networks.
Even though Bluetooth is very short ranged it can still be used to tie you into a location within a database based on other database records that are more detailed.
Yeah, I love playing you “My Great Dog-sitting Simulator” (not a real app) but you do not need access to my BT. The OS handles sending your audio to my headphones!
Teams is the worst, you can’t join any call if you don’t allow it to scan your local network. I wish the executives a very nice and agonizing death.
I haven’t done an extensive survey or anything, but every modern router I’ve interacted with supports setting up a secondary WiFi network with guest isolation (so anything on that SSID can’t see any network device besides the router and itself). This is useful for apps or hardware that is untrusted and/or demands unjustified permissions.
Correct, using the guest network is better but I think turning off WiFi and just using mobile data is sufficient. I wonder if the permission applies to cellular connectivity as well.
Sure, removing your network from the equation is definitely a more secure option; just make sure the app isn’t using those granted permissions in the background when you’re done using it and log back into your network.
On what device? I have Nearby Devices and Location disallowed on Android, and it still works fine.
Side note. Teams is the worst. Just, period.
iOS, it’s been that way for a long time…
Interesting. I wonder if that’s an iOS requirement that Teams is forced into. Somehow, I doubt it.
Oh no, it absolutely isn’t. It’s actually a feature apple implemented to stop apps from scanning and interfacing with the devices on your local network without your approval and Teams has zero explanation on why it needs that permission nor why the calls can’t be made without it while every single other app is able to do so without that permission.
The only other apps that require it are device specific apps (printer, local smart home stuff, FTP, DLNA, etc) and network scanners.
Is it possible that Android doesn’t have that permission and therefore Teams is able to scan the network regardless? You could test it out with an SSH or network scanner app for example
That’s a good question. I’m not sure. Well, guess I’m firing up the Wireshark.
I remember when Bluetooth started demanding location permissions. You’ll never convince me that it’s functionally required or provides any benefit other than furthering efforts to spy on the user.
When it started being rolled out, I avoided any app or hardware that made that demand. Sadly, that’s no longer an option if I want any Bluetooth at all.
It’s not like Bluetooth started demanding location permissions, the conceptual model of the permission was revised: having access Bluetooth means an app could determine your location via a form of lateration.
In earlier versions of smartphone operating systems, this was not transparent to users lacking the technical background, so Bluetooth also requiring location access is actually an attempt at making users aware of that. I’m not an iOS developer, so I can’t comment on iPhones, but on Android versions prior to 11, having access to Bluetooth meant an app would be able to determine your location.
Today, you can require the permission
ACCESS_FINE_LOCATION
, which expresses that your app might use Bluetooth to obtain location information on Android. Also, if you’re just scanning for nearby devices to connect your app to, but don’t want users to be confused why your smart fridge app needs to know your precise location, you can declare a permission flag (neverForLocation
) and Android will strip beacon information from the scan results, better asserting your intentions.So, overall: no, there is nothing nefarious going on, it was always possible to determine your location via Bluetooth, and the update to the permission model was an honest improvement that actually benefits you as user.
Now, there are still plenty of shady apps around, and apps that are poorly written - don’t use those.
I knew that someone would try to convince me. You won’t convince me.
… Though your argument is pretty compelling.
I don’t think he wanted to convince you, he just explained the backgroundon how you can track locations with bluetooth.
Whaaat? I definitely use Bluetooth without location services, and always have?
I believe it’s only required during the pairing process, but as the other observer pointed out, I don’t know much about it. If you’re able to circumvent the process, more power to you!