Capturing photo locations on Android 10+

July 11, 2022
vishnu@ente.io

Recently we ran into an issue on our Android app, that caused us to not capture location data embedded within photos, on devices running Android 10 and above.

As of writing this post, the issue has been fixed and a migration script has been deployed to detect and re-upload affected photos.

Here's a timeline of how the story evolved:

  • 29.05.2022 - the issue was introduced in v0.5.26.
  • 06.06.2022 - the issue was discovered.
  • 06.06.2022 - a fix was deployed that solved the issue for newer files that were backed up.
  • 09.06.2022 - a migration script was deployed that scanned through older files and re-uploaded those with missing location data.

We also updated our servers to break the "free up space" functionality on the affected builds, to retain the original files on device.

Root Cause

What caused this issue was a seemingly harmless commit that updated our Android app's compileSdkVersion to 32.

What we did not know was that according to Android's updated permission model, we have to add ACCESS_MEDIA_LOCATION to our manifest file, to fetch the location embedded within a photo's EXIF data. What is absurd is that this permission is not visible to users (source) and is granted automatically without consent.

Now despite this permission missing from our manifest, the requests to fetch the location of a photo did not throw an exception, instead, quietly returned [0, 0] as the latitude and longitude.

Had this thrown an error instead, we would have caught the issue before it made its way in to production.

Takeaways

  • We should have test cases to verify the correctness of metadata parsed from new photos.
  • We should be paranoid about updating the Android SDK, as they can introduce breaking changes, that break silently.
  • Android's permission system is still a joke.

Final Notes

During our investigation, we found multiple other cloud storage apps to be plagued by the same bug. We notified their developers, along with the fix. Some were proactive enough to acknowledge and fix the issue for newer files. Some others labelled the bug as a feature. To each, their own.

At ente, data is precious. We will continue to do our best to safely preserve every bit of it.