fix: location-permission-revoke-handling#689
Open
David-Adegboyega wants to merge 1 commit into
Open
Conversation
|
@David-Adegboyega Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Contributor
|
Kindly resolve conflict |
1 similar comment
Contributor
|
Kindly resolve conflict |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #591
This PR addresses a security and reliability gap in the location tracking system by ensuring the application detects OS-level location permission revocation while running in the background. Previously, revoking location permissions from device settings could leave the position watcher active and allow stale location data to persist in the application state.
What Changed
src/services/locationService.ts
Added an AppState listener to detect when the application returns to the foreground and re-check location permissions.
Implemented permission transition detection (granted → denied) to handle runtime permission revocation.
Automatically stops and removes the active location watcher when permission is revoked.
Clears cached location data and updates application state to reflect the revoked permission.
Logs permission revocation events through appLogger for improved observability and troubleshooting.
Added lifecycle management methods (cleanup() and reset()) to safely dispose of watchers and listeners.
Refactored Zustand store interactions to use .getState() for safe access outside the React component tree.
src/store/locationStore.ts (new)
Introduced a dedicated Zustand store for location state management.
Added support for:
coordinates
permissionGranted
setCoordinates()
setPermissionGranted()
clearLocation()
Provides a centralized and predictable interface for reading and clearing location state.
src/store/degradationStore.ts
Fixed an incorrect import path for featureCapabilities.
src/tests/services/locationService.test.ts (new)
Added comprehensive unit tests covering:
No-op behavior when permissions were never granted
Watcher registration after permission approval
Prevention of duplicate watcher registration
Full permission revocation flow, including watcher cleanup and store updates
Subscription and listener cleanup during service teardown
Impact
Prevents stale location data from being served after permissions are revoked.
Ensures background location watchers are properly cleaned up, reducing unnecessary resource usage.
Improves privacy and security by respecting OS-level permission changes without requiring an application restart.
Provides better operational visibility through explicit permission revocation logging.
Acceptance Criteria
✅ Position watcher stops after permission revocation is detected.
✅ Location coordinates are cleared immediately on revoke.
✅ No stale location data remains available to consumers.
✅ Permission state is updated to reflect revocation.
✅ Unit tests verify watcher removal and cleanup behavior.