Robot vacuums requiring location access 😡

I’ve found several top brands of robot vacuums require granting location access (precise!) when setting up.
It’s such a shame but it seems there’s a trade off of private but crappy product (Neato - LiDAR based (+) stagnating (-), lacking a base station (-) etc), or camera based (-) ones (iRobot Roombas, now owned by Amazon :nauseated_face:). If you don’t want a camera but also want a base station and updated products they also then want your location access (Roborock/Samsung).

I went with Samsung and granted location briefly when setting up then cancelled that permission, but curious if anyone knows how to spoof location on mobile so these apps get fake location data even just for the initial set up.

Thank you :slight_smile:

1 Like

The Smart Grid or “internet of things” sounded interesting 5 years ago… now it sounds like a nightmare.

5 Likes

You can get location spoofing apps on Android which can be enabled in developer options. I don’t know any in particular but make sure to find one you trust

One of the things that bothers me about IoT is how irresponsibly it’s been implemented. We’ve been 20 years with relatively widespread adoption of computers. We know what we should be doing to make things secure. Why are IoT devices regularly ranked as easy vulnerabilities in our home networks? We know better. It doesn’t have to be this way. Do it right, guys.

1 Like

One thing I find amazing is that things like this are allowed on the market and people find you crazy for questioning it.
Wouldn’t you be able to set up an VPN at the router level for some extra layer of security?
Also with e/os there is a location spoofer with in the settings that may help somewhat.
Best level if security here is to not have it in the first place.

WIthout sounding too much of a tinfoil hat wearer… I would question whether or not this is actually a case of irresponsibility, but rather an intentional gap that allows more data collection. Data is being called the new oil for a reason…

According to Android developer wiki thingie:

ACCESS_FINE_LOCATION is necessary because, on Android 11 and lower, a Bluetooth scan could potentially be used to gather information about the location of the user.”

It is also not a requirement in Android 12 and above.

The Wiki in question ^

tl;dr basically you can get current location by scanning for bluetooth devices near you and getting their mac addresses, similar to how you can get the location of someone by getting the mac addresses of routers nearby and since bluetooth can be used this way, location has to be asked for

About mock location, there a few apps that do that. One that I found is Fake Traveller. You enable these in Android developer settings.

1 Like

We know what we should be doing to make things secure.

And that sadly means “Do not use a computer, stay on your phone for as much as possible”
PCs have AWFUL security by default, much worse than spyware Samsung, Huawei and so on Android.

If you want actually good security, you will suffer from a lack of usability.

Oh and about IoT devices: Just fuck them, they’re probably the worst software you have in your house.

I doubt the possibility that this is the reason why there are poor standards depending each individual company that provides an IoT product. I’m choosing a good faith argument, but your opinion is also valid and possible.

That’s more what I was referring to. The tech industry knows better, so we (as in the industry) should not be doing this. Of course, at the end of the day, individual people have to do what they have to based on their threat model. :confused:

i use Private Location | F-Droid - Free and Open Source Android App Repository

1 Like