Every day our iPhones and iPads become a little more integrated in our lives. Every day they learn a little more about us and become more capable than they were before. And every day many of us make a choice to hand over more information about ourselves in exchange for features and convenience. One such piece of information is our location. There's a seemingly endless list of apps that may want to track your location for a variety reasons. From mapping your bike rides to recommending nearby restaurants, many of us grant apps permission to access our location every day. As more apps request and make use of this type of sensitive information, it becomes increasingly important for users to have more granular control over which apps access what information and when. With iOS 8, we will see some noteworthy changes to location permissions intended to provide more transparency, and give users more control.
Introducing new permission types
Any app can request access to your location, and once that app has your permission, it can access your location any time it likes. In iOS 8, there will be two types of location permissions that apps can ask for: Always and WhenInUse. If, like I did, you have assumed that WhenInUse means the app can only get your location while you're using it, I'm sorry to inform that we're both wrong. The Always permission will be identical to what location service permissions look like in iOS 7, and WhenInUse will offer a more restricted option, but these two options are more nuanced than they appear at first glance.
Both Always and WhenInUse permissions allow an app to access your location, your location while in the background, and perform ranging (which allows apps to look for nearby iBeacons). Where these permissions differ is Always also allows apps to sign up for region monitoring as well as be notified of significant location changes.
Region monitoring allows apps to be notified when a user enters or exits a particular geographic region – for instance, setting a reminder for when you leave the office. Significant location changes are a little less specific, and simply notify an app when your location has changed significantly (surprising, huh?) as determined by your device switching cell towers. The reason these two pieces of functionality are treated differently and have effectively gotten their own permission level is because they have the ability to launch an app when it is not running. If you were to explicitly close an app that has signed up for significant location changes, iOS will wake the app once you have moved far enough to change cell towers, and the app will have about 10 seconds to do something; trigger an alert, record your location, etc. As of iOS 8, if an app wants to be able to monitor your location, even when it has been closed, it will need to ask for the Always permission. But remember, the Always permission already exists in iOS 7 as the standard location permission. Apps that don't require this sort of location monitoring will be able to ask for the slightly more restrictive WhenInUse permission in iOS 8 instead.
Extended status bars, additional dialogs, and required reason strings
Additionally, even though apps using the WhenInUse permission can monitor your location while in the background, doing so will result in an extended blue status bar – similar to the one you see when tethering or when you're on a phone call and have another app open. This is a nice addition that will give users more insight into what apps are accessing their location at any given time. Users will also have the ability to tap the status bar to return to the most recently used app that is currently accessing their location, making it easy to force close any apps you may not want watching your location.
As an additional privacy measure, if an app requests Always permission and you grant it, iOS will remind you a few days later that the app is monitoring your location, and will ask if you want to continue to allow the app to do that. You'll have the choice to let it continue, or to revoke its location monitoring permissions.
One last big change being made is the required use of reason strings. You may have seen apps before that, when they request a particular permission, have an explanation in the iOS dialog explaining why they are requesting that permission. It's a nice feature that gives users an explanation of why they should allow the permission, but so far the implementation of these explanations has been optional. Starting in iOS 8, developers requesting access to your location will be required to use these explanation strings. Whether they're asking for Always or WhenInUse permission, if the explanation string doesn't exist, the permission dialog will never be shown to the user. This should be a good incentive for developers to start thinking about why they're asking for permission, and explaining it to their users.
Shortcomings
While I'm happy to see Apple continue to improve user privacy and I appreciate the forward-thinking manner in which they approach these issues, these changes aren't quite what I was hoping for.
Users can't choose which location permission type to grant
Users can allow the permission being requested or not, but they cannot choose which type of location access an app gets. This means if an app asks for Always permission, and you're not comfortable with that, you can't give it WhenInUse access instead – your only option is to completely deny access. As an example, a weather app could request Always permission so that it can have your weather for your current location instantly any time you launch it. But maybe you're just fine with it only having WhenInUse permission and having to wait for it to update any time you launch it. It doesn't matter, your options is Always or never. Admittedly, letting users choose which level of permission an app gets would lead to its own problems, but I would prefer an option to restrict an app's permissions without completely denying them.
No granular control over location information
We will have some control over when apps can access our location, but no control over what kind of location information. Knowing that I'm in the United States is different than knowing I'm in Colorado is different than knowing I'm in Denver is different than knowing I'm in a Target is different than knowing I'm in the frozen food section. iBeacons open a whole new world of exciting possibilities for apps, but with those exciting possibilities come creepy ones. I might give an app for a grocery store chain access to my location so it can find the nearest location to me, but that same permission means the app can track me while I move through the store. Giving users control over the granularity of our location would have been a more meaningful change in iOS 8. Different apps can have very different needs when it comes to the accuracy and specificity of people's location – Apple should give us controls that reflect that.
In the end, we're getting more control over our location information in iOS 8, which is a good thing. Unfortunately the specifics of these permissions and what they mean will likely lead to a lot of confusion for people. Furthermore, I'm not convinced the changes will empower users in the ways that I would hope for. I have no doubt that we will continue to see Apple make enhancements and improvements in subsequent versions of iOS; they've already done a great job of establishing that.
When iOS 8 is released this fall, we'll have to see how well users take to these new changes. Maybe in iOS 9 we'll see some clarity added to these options, and perhaps even more control.