Hello.
I just installed Home Assistant companion app on my android device.
I noticed that it by default sends some technical information about the device, battery, etc without asking the user of the phone.
Also, even though the sensors can be disabled in the app configuration, those sensors can be enabled from the Home Assistant Web GUI by an administrator, again, without asking the user of the phone whether to enable the sensors the admin requested.
I think the sensors and other privacy-related information about the device must be controlled by the owner of the phone, but not by the administrator of Home Assistant server. Or at least there should be an option in the companion app to deny the access.
What you asking for would be more restrictive than what iOS has built in — and Apple typically cares about this stuff. Location, fitness/movement, camera and mic all needs user approval.
I’m genuinely curious: Would you mind listing the sensors of concern and what your concern is for each (e.g. how it could be abused)?
Well, I know that location, camera, wifi, etc sensors require user permission because without it Android OS wouldn’t allow the Home Assistant app to access them.
But there are other sensors that are (more or less) privacy invasive that can be accessed/changed without user consent, and even without notifying the user about the change:
Next Alarm
Audio mode
Headphones
Mic muted
Music active
Ringer mode
Speakerphone
Battery level
Is charging
Do Not Disturb sensor
Device Locked
Last Reboot
Light Sensor
Public IP Address
Proximity sensor
Internal Storage
Current Time Zone
It’s cool to have such sensors when you need it. But I use the Home Assistant companion app on Android only as an alternative to a Web GUI in a browser, so I always logged in, etc. I do not plan to use any of those sensors and I don’t want the app to track them and to enable them if the administrator request to do so.
I have tested it on my Android and I might be able to enable the sensor in HA, but it is still disabled on the phone, so I do not think the phone settings are controllable from HA.
The enable sensor will just enable it in HA, but you will still not receive any data, if you have not also enabled it on the phone.
I would also like to see an option to permanently forbid all sensors, or at least disable everything by default on server side.
My use case is I want to give access to employees of our SMB to a dedicated HA instance to open garage doors (no permissions needed, only the needed entities would be exposed). Of course, there’s no way I want any of their phone data to land on HA. The web interface through a browser could be enough, but I also want widgets for quick access.