feat(privacy): add global toggle and short-circuit getLocationPermiss… #21
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
also respect privacy control on header level
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add global privacy toggle for location
Motivation
Currently, LocationDetails checks Android location permissions directly.
This means the SDK may use device location whenever the app has ACCESS_FINE_LOCATION or ACCESS_COARSE_LOCATION, even if the host app only requested those permissions for other purposes (e.g. maps).
This PR introduces a global privacy switch that allows apps to disable location usage inside the SDK without breaking existing behavior.
Backward compatible – by default, location remains enabled.
Minimal change – only one new helper (Privacy) and a guard in getLocationPermissions().
Explicit opt-out – apps can now enforce “SDK must not use location” regardless of OS-level permissions.
Changes
Added de.cidaas.sdk.android.library.common.Privacy class:
Privacy.setLocationEnabled(boolean)
Privacy.isLocationEnabled()
Updated LocationDetails#getLocationPermissions(Context):
Returns false immediately if Privacy.isLocationEnabled() is false.
Updated README with usage instructions.
Usage
Default (no change)
// Legacy behavior preserved
boolean hasPermission = new LocationDetails().getLocationPermissions(context);
// returns true if OS location permissions are granted
Disable SDK location usage completely
Java
import de.cidaas.sdk.android.library.common.Privacy;
// e.g., at app startup, after reading user settings, or remote config:
Privacy.setLocationEnabled(false);
// now, even if the app has ACCESS_FINE_LOCATION, the SDK acts as if it does not
boolean hasPermission = new LocationDetails().getLocationPermissions(context);
// will always return false
Kotlin
import de.cidaas.sdk.android.library.common.Privacy
// disable at app startup
Privacy.setLocationEnabled(false)
// SDK now behaves as if location permission is never granted
val hasPermission = LocationDetails().getLocationPermissions(context)
// always returns false
Optional: configure via SDK init (if exposed)
Cidaas sdk = new Cidaas(context)
.setLocationEnabled(false); // ensures SDK ignores location permissions
Example scenario
Your app uses location for maps/navigation → permission is granted.
For authentication, you do not want the SDK to read location.
With this PR, call Privacy.setLocationEnabled(false) and the SDK behaves as if no location permission is present.
Migration
No code changes required for existing apps.
To disable SDK location usage, call Privacy.setLocationEnabled(false) early in app startup.
Next steps
In a future major release, consider flipping the default to disabled (false) for stricter privacy by default.