That's a violation of the Apple app store terms of service, but I have never yet successfully reported such a violation to Apple. Their tech support doesn't understand what to do with such reports and after many back-and-forth attempts I've just given up trying for now.

Apple employees, if you're reading this, it's an obvious violation of ASRG 5.1.1 (iv) Access and it's probably a violation of ASRG 3.1.4 Hardware Specific Content — but as a mere developer, there's nowhere for me to report that for internal investigation. Perhaps one of you can do better.

Apple employees, if you're reading this, I would _LOVE_ a way to flag an app notification as spam. I use a few apps that I really need notifications on for (delivery apps, and the like) but that insist on spamming me. Pretty sure this is a ToS violation, but I'm entirely unsure how to do anything about this.

> That's a violation of the Apple app store terms of service

Like it is of hundreds of other high profile apps... other than facebook.

They have different rules for big companies and for small companies. All big companies are given a pass on shady stuff

It very likely asks the location permission because it wants to scan Bluetooth devices. Scanning Bluetooth devices can be useful to detect the speaker, but it's also often used to track user locations especially indoor where the GPS doesn't work or is not precise enough.

You can place Bluetooth emitter beacons around an area and by scanning the Bluetooth devices on the smartphone and some triangulation, you know precisely where the smartphone is.

By the way even Apple, which is not that privacy friendly, sells such Bluetooth beacons to track peoples' location. https://en.m.wikipedia.org/wiki/IBeacon

This technology can have good use too, in retirement homes or hospitals for example. But it's mostly used to know where you are in a mall.

On android 9+, giving it the permission is not enough.

You must also enable the GPS and wait for it to lock your position :( :( :(

So yeah, it's a function designed to force you give away your location (masquerading as a privacy feature)

bluetooth and location permissions are many times together, because if you can scan the device macs you are able to use it to locate the user ( with bluetooth beacons for example).

Unfortunately, both Google and Apple decided to merge Bluetooth and Location permissions a while back, on the basis that bluetooth scans can be used to unmask your location (by fingerprinting known BLE beacons). This means that any app that needs to communicate over BLE is forced to request the location permission - even if they don't want to.

That's not to say anything about whether this app in particular is using location maliciously, of course. But all apps for BLE devices are in this boat :/

Which is the reason I prefer websites to apps. Ok, there are certain tasks that are not feasible without an app. Mostly though, what's done in the app could be done on a website. And the website is by far more accessible through a wide variety of devices with a range of operating systems.

Websites can track you as well and the UI’s are horrible for the most part. Of course, many apps are basically websites in an app browser. Sigh.

What is it in speaker firmware that needs upgrading anyway?

I never even connected my Nintendo Switch to the internet.

(It's pretty cool actually that when you buy a physical game, if they need an OS update it's shipped on the cartridge. )

My experience with Bluetooth connectivity is lots of things don’t work universally when shipped.

On iOS the "JBL Portable" app(a recent new name for their app JBL Connect) does not require any access to location.

Are you talking about the Android app?

I use a Bose QC35 and its app too requires location enabled to be open.