feat: Doze-resistant location sharing with boot persistence

[MatthieuTexier]

Summary

Location sharing and telemetry collection stopped updating during Android Doze because the main process had no foreground service. Sessions were also lost on app/device restart.

This PR adds:

• LocationForegroundService (foregroundServiceType="location") to keep GPS callbacks alive during Doze
• LocationServiceCoordinator (reference-counted singleton) managing the service lifecycle across both location sharing modes (peer-to-peer and group/telemetry)
• Session persistence to DataStore with automatic restore on app startup
• BootReceiver to start Reticulum at device boot so sharing resumes without opening the UI
• GPS priority upgrade from BALANCED_POWER_ACCURACY to HIGH_ACCURACY (reliable in Doze with a location foreground service)
• Dynamic notification text reflecting active reasons (sharing, telemetry, or both)
• DB migration 44→45: source column + index on received_locations

Addresses user request for location sharing persistence across restarts (PR #713 comment by bd.) and partially addresses #385 (Live Tracking reliability).

Changes

File	Change
LocationForegroundService.kt	New — lightweight foreground service with START_NOT_STICKY, SecurityException handling
LocationServiceCoordinator.kt	New — thread-safe ref-counted acquire/release with rollback on failure
BootReceiver.kt	New — starts Reticulum service at BOOT_COMPLETED
LocationSharingManager.kt	Session persistence, restore on startup, HIGH_ACCURACY, acquire/release coordination
TelemetryCollectorManager.kt	Foreground service for send + request-only modes, state poisoning in stop()
TelemetryLocationTracker.kt	HIGH_ACCURACY GPS priority
SettingsRepository.kt	Session persistence methods
ColumbaApplication.kt	restoreIfActive() in all 4 init paths
AndroidManifest.xml	FOREGROUND_SERVICE_LOCATION, RECEIVE_BOOT_COMPLETED, service + receiver declarations
ReceivedLocationEntity.kt	source column with @ColumnInfo(defaultValue) + index
DatabaseModule.kt	Migration 44→45
ColumbaDatabase.kt	Version bump to 45

Test plan

• Doze mode (peer-to-peer): 24+ min with positions updating every 30-60s
• Doze mode (group client): 20+ min with positions from host
• Doze mode (group host): 30+ min collecting and redistributing positions
• Cold boot (peer-to-peer): sessions restored, sharing resumes without UI
• Cold boot (group sharing): telemetry send/request resume from DataStore settings
• Cold boot (host mode): host mode re-synced with Python after Reticulum READY
• Service stops when all sharing/telemetry disabled
• Notification text updates dynamically
• Battery optimization whitelist required for full Doze resistance (existing BatteryOptimizationCard handles this)
• Kotlin tests: 6045 passed (2 pre-existing failures on upstream/main)
• Python tests: 1657 passed
• ktlint + detekt: passed
• Adversarial code review completed

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[greptile-apps]

Greptile Summary

This PR adds Doze-resistant location sharing via a new LocationForegroundService managed by a generation-counter–aware LocationServiceCoordinator, wires session persistence to DataStore with boot-time restore via BootReceiver, and fixes a Python-interop unit mismatch (receivedAtMillis → receivedAtSeconds) that was silently returning zero telemetry entries on every incremental request. The serviceFailed flag in the coordinator correctly breaks the retry loop that prior reviews flagged, and the generation counter addresses the onDestroy race.

Confidence Score: 4/5

Mergeable with low risk; previously flagged P1s (BootReceiver exported, persistSessions/release ordering, DB version mismatch) remain open and should be tracked, but no new P0/P1 issues were found in this pass.

No new P0 or P1 bugs introduced. The single new finding is P2 (MicroG detection reliability on Android 11+). The unresolved items from prior review rounds keep the ceiling at 4/5 rather than 5/5.

LocationSharingManager.kt (persistSessions/release ordering), AndroidManifest.xml (BootReceiver exported), DatabaseModule.kt (version number discrepancy), LocationCompat.kt (MicroG detection on API 30+)

Important Files Changed

Filename	Overview
app/src/main/java/network/columba/app/service/LocationForegroundService.kt	New foreground service with generation-counter–based onDestroy guard; previously flagged icon and title issues addressed in code with TODO comment.
app/src/main/java/network/columba/app/service/LocationServiceCoordinator.kt	Thread-safe ref-counted coordinator with serviceFailed guard (breaks retry loop) and generation counter (fixes onDestroy race); logic is sound given prior review iteration.
app/src/main/java/network/columba/app/service/LocationSharingManager.kt	Session persistence and restore added; persistSessions()/release() ordering race previously flagged remains unresolved — release() fires synchronously before DataStore write completes.
app/src/main/java/network/columba/app/service/TelemetryCollectorManager.kt	Foreground service lifecycle integrated via updateLocationTracking(); stop() correctly poisons all flags covering needsForegroundService() before cancelling observers; timebase millis→seconds fix included.
app/src/main/java/network/columba/app/util/LocationCompat.kt	MicroG detection via GET_ACTIVITIES may silently fail on Android 11+ with user-space MicroG installs; cached result means the wrong GMS decision persists for the app lifetime.
app/src/main/java/network/columba/app/service/TelemetryLocationTracker.kt	One-shot HIGH_ACCURACY preferred over cache; allowAnyAccuracy param correctly threads through; CurrentLocationRequest with maxUpdateAgeMillis=0 prevents stale OS-cache fixes.
app/src/main/java/network/columba/app/receiver/BootReceiver.kt	Starts Reticulum at boot; android:exported="true" vulnerability previously flagged remains in the manifest.
data/src/main/java/network/columba/app/data/di/DatabaseModule.kt	MIGRATION_1_2 adds source column and index correctly; PR description says "44→45" but code is 1→2 — previously flagged mismatch remains unresolved.
reticulum/src/main/java/network/columba/app/reticulum/protocol/NativeTelemetryHandler.kt	receivedAtMillis→receivedAtSeconds rename with /1000L division fixes the Python sideband interop bug; timebase filtering is now unit-consistent.
reticulum/src/main/java/network/columba/app/reticulum/protocol/NativeReticulumProtocol.kt	DIRECT→OPPORTUNISTIC delivery for telemetry correctly avoids Link establishment stalls on boot before path discovery warms up.
app/src/main/AndroidManifest.xml	FOREGROUND_SERVICE_LOCATION and RECEIVE_BOOT_COMPLETED permissions added; LocationForegroundService declared with foregroundServiceType="location"; BootReceiver remains exported with normal-protection permission.
data/src/main/java/network/columba/app/data/db/entity/ReceivedLocationEntity.kt	source column added with matching @ColumnInfo defaultValue and SQL DEFAULT 'location_sharing'; companion constants provided for future SOS trail use.

Sequence Diagram

sequenceDiagram
    participant App as ColumbaApplication
    participant LSM as LocationSharingManager
    participant TCM as TelemetryCollectorManager
    participant Coord as LocationServiceCoordinator
    participant LFS as LocationForegroundService
    participant DS as DataStore

    App->>LSM: restoreIfActive()
    LSM->>DS: getLocationSharingSessions()
    DS-->>LSM: sessionsJson
    LSM->>Coord: acquire(REASON_SHARING)
    Coord->>LFS: start(text, gen=1)
    LFS-->>Coord: onStartCommand OK

    App->>TCM: start()
    TCM->>Coord: acquire(REASON_TELEMETRY)
    Coord->>LFS: start(updated text, gen=1)
    Note over Coord,LFS: notification text updates to sharing & telemetry

    TCM->>Coord: release(REASON_TELEMETRY)
    Coord->>LFS: start(text=sharing active, gen=1)

    LSM->>Coord: release(REASON_SHARING)
    Coord->>LFS: stop()
    LFS-->>Coord: onDestroy clearReasonsForGeneration(1)

Loading

Prompt To Fix All With AI

This is a comment left during a code review.
Path: app/src/main/java/network/columba/app/util/LocationCompat.kt
Line: 88-104

Comment:
**MicroG detection silently fails on Android 11+ with user-space installs**

`getPackageInfo(..., GET_ACTIVITIES)` for a non-system package is subject to Android 11+ package visibility restrictions. On custom ROMs where MicroG is installed as a user-level package (not a privileged system app), this call throws `NameNotFoundException` and the `catch` block returns `false` — so `isMicroG` is `false`. Since `isGooglePlayServicesAvailable()` succeeds on MicroG, the final expression becomes `true && !false = true`, meaning the app falls back to MicroG's FusedLocationProvider and the inaccurate cell-tower fixes you're explicitly trying to avoid.

Worse, `isPlayServicesAvailable` caches the result on first call (`checked = true`), so the wrong decision persists for the entire app lifetime.

The `<queries>` manifest element for `com.google.android.gms` would guarantee package visibility on Android 11+; alternatively, checking for `org.microg.gms` or `org.microg.nlp` as a top-level package (which has no visibility ambiguity) is a more reliable signal.

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (18): Last reviewed commit: "fix: detect MicroG and bypass FusedLocat..." | Re-trigger Greptile}

[MatthieuTexier]

@greptile

[MatthieuTexier]

@greptile

[MatthieuTexier]

Failed test is a flaky one.