Access to user location needs to be controlled

[tmarx78]

Inside LocationDetails (https://github.com/Cidaas/cidaas-android-sdk/blob/448013ec000d93a9d044897fe2822521661ca747/cidaas/src/main/java/de/cidaas/sdk/android/library/locationlibrary/LocationDetails.java) , there is the following method:

@RequiresApi(api = Build.VERSION_CODES.M) private void getLocationPermissions() { if (ContextCompat.checkSelfPermission(mContext, Manifest.permission.ACCESS_COARSE_LOCATION) == PackageManager.PERMISSION_GRANTED || ContextCompat.checkSelfPermission(mContext, Manifest.permission.ACCESS_FINE_LOCATION) == PackageManager.PERMISSION_GRANTED) { getLocationAfterPermission(); } else { Timber.i("Location permission Denied"); LogFile.getShared(mContext).addFailureLog("Location Permission Denied"); } }

This means, if an application requires access to the User Location, the SDK will inherit the permission without any control by the developer / software integrator into an external application with its own data privacy policy.

Suggestion:

• introduce a new, optional, switch, e.g. enableLocationAccess which is by default true and also when the switch does not exist in the configuration, this way the library keeps compatible with an update - but it would offer control over the Location usage inside the own app.

• if disabled by configuration, getLocationPermissions() will always return false