The Rowi Location API Access Argument

If you follow me on Twitter, you probably saw a heated exchange of words between myself, Nokia Principal Engineer Justin Angel, and Microsoft ASP.NET Program Manager Erik Porter. (He made Rowi, a nice Windows Phone twitter client.) The argument at its core is that Rowi users don’t have exacting control over how Rowi accesses location data. Let me show you what I mean.

Normal tweet flow, without automatic location access.

The figure above shows a fresh tweet screen in Rowi. You can tap the add current location link to opt into Location API access and geo-tag a tweet. That part is okay. But after sending this tweet, Rowi "remembers" the decision and in new tweets automatically pulls your location data with no way to turn this off. So if you decide that Rowi is to no longer have access to your location data, you cannot opt-out. The only way to disable this behavior is to start a new tweet, tap the clear link after it pulls your location data, then send a tweet out to save your settings to disk.

Tweet flow after you send one geo-tagged tweet. Note the location data was pre-populated.

This behavior is not aligned with Windows Phone Application policies, specifically 2.7.3 which clearly states:

Your application must provide in-application settings that allow the user to enable and disable your application's access to and use of location from the Location Service API.

And when brought to Erik's attention, he dismissed the issue claiming that tapping the clear link offers users the ability to send tweets without location data and that he "worked with marketplace team already on this exact issue" implying they OK'ed it. But what Erik fails to realize -- or is choosing to ignore -- is that I can't hit the clear link until it runs its fingers through my location data. Against my will.

... but maybe he's right. Things get a little muddied when you put this in the perspective of the app. The location data on the new tweet page isn't being transmitted to Twitter at that time, therefore a case could be made around the fact that opt-in consent is not required per policy 2.7.4:

If your application publishes or makes available location data obtained from the Location Service API to any other service or other person (including advertising networks), your application must implement a method to obtain opt-in consent. [...]

Confused yet?

Now let's be honest -- there's no real impact here. Rowi is a very trustworthy application and has a clear and succinct privacy policy. But I strongly believe something is wrong here. The user should have the final say in what privileges an application has and what rules they must follow. So I think Rowi needs a Location API master switch.

What do you think?