I think the problem is that older SDK versions allowed you to do things like scan local WiFi names to get location data, without requiring the location permission.

So bad actors would just target lower SDK versions and ignore the privacy improvements

▲

john01dav 4 hours ago | parent [-]

The newer Android version could simply give empty data (for example, location is 0,0 latitude longitude, there are no visible WiFi networks), when the permission is missing and an app on the old SDK version requests it.

Of course, they don't like this because then apps can't easily refuse to work if not allowed to spy.

▲

jpollock 3 hours ago | parent [-]

That can have some very extreme legal ramifications.

Consider - it's a voip dialing client which has a requirement to provide location for E911 support.

If the OS vendor starts providing invalid data, it's the OS vendor which ends up being liable for the person's death.

e.g. https://www.cnet.com/home/internet/texas-sues-vonage-over-91...

which is from 2005, but gives you an idea of the liability involved.

	▲	pocksuppet 2 hours ago \| parent \| next [-]
		Phone companies are required to make sure 911 works on their phones. Random people on the internet aren't required to make sure 911 works on random apps, even if they look like phones.
	▲	eviks 2 hours ago \| parent \| prev [-]
		It can't have "extreme ramifications", Google's own phone couldn't call 911 for a while. And you can manually force only the voip dialing apps instead of everyone