[whatwg] Permissions required for Background GeoLocation

When it comes to an Ultimate Web App tracking a user's location in the
background (while UWA is backgrounded or phone is asleep) how can the user
(and Web Standards) ensure that the user is not tracked covertly,
maliciously, or unintentionally?

Can any please help, offer opinions, with the "best" way to: -
1) Ensure that a user has authorized the UWA access to Geolocation
2) Inform the user that location tracking will be performed even when the
move away from the App.
3) Allow tracking to be discoverable via status bar or other

For more details on the planned implementation please see: -

Some initial ideas: -

   1. User permission must be explicitly granted before GPS is accessible.
   2. While GPS is being watched, even in background, the circles/ripples
   icon cue is visible to user on the device.
   3. The underlying Service Worker architecture mandates the use of
   secure/authenticated httpS communication.
   4. httpS is now also mandated for GPS access

I personally think the above is enough, but for the sake of argument, does
anyone have thoughts on how access may be further governed?

   1. Only permit background/service-worker GPS access if the Web App is
   2. If a single GPS permission will cover both background and foreground
   access, then put a link on the toast to the Faustian details?
   3. Use a new icon, perhaps an eye or a doughnutted version of the
   current GPS ripples? Pulse the icon?
   4. When phone/device wakes an/or UWA is foregrounded a notification
   should inform user that tracking continued while App was not visible.

Anything else?

Received on Tuesday, 30 May 2017 05:14:31 UTC