Why do you require location services to be on when pairing?
It does sound a bit weird to ask for this, but in short, we don't want to receive information we haven't been given permission to receive.
Our Data Protection Officer did some research on this, and here is what we found:
Google decided to allow scanning & pairing of Bluetooth LE devices ONLY if the “access location permission” was given. Their reasoning is that scanning & pairing Bluetooth devices may show Bluetooth low energy location beacons and thus reveal the user’s location to the scanning app.
(Documented here https://developer.android.com/guide/topics/connectivity/bluetooth-le )
By requiring this permission to be requested, the Android mobile phone user has a chance to recognize the potential exposure. So any app (like mySugr) that implements connecting to a Bluetooth LE device (eg blood sugar meter) needs to declare the ‘access location permission’ as one of the needed permissions.
So, for the sake of being transparent and to follow technical requirements, we do ask that you provide permission. While it is highly unlikely that we would receive any type of location data, even with the slightest possibly being there, we have to ask that permission for the pairing process. You can turn it off after the pairing has been completed.