These aims shouldn't be incompatible. The device should be able to use purely local location data to tag the photos, and then the photos should only be made available to applications the user trusts.
We've been so brainwashed by saas companies to expect that simply collecting information implies sharing it. The point of distributions like this is to remove those cloud dependencies while retaining functionality, and placing that functionality at the control of the user.
Fine if you decide to have GPS enabled for photos, but it should be opt in rather than opt out. Anyone who manages to get access to your images could reconstruct a map of where and when you have been
Google camera prompts about saving location on first startup. Graphene's default camera defaults to "off".
I naively assumed, given how GPS works, that I could enable location access, and disable network access for the camera app, and that it would still be capable of copying two floating point numbers from the local GPS chipset to the exif data.
Instead, it wants to call out to some questionable network services.
I'm clearly not the only one that wants this feature. Graphene even includes a reimplementation of the necessary Google API.
However, it (and the original google implementation) are flaky. This all "just worked" on my iPhone and (before that) Windows Phone. It didn't even occur to me that it was a thing that could be screwed up.
i don't even