Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Does cordova is spying user's information without any knowledge of developers behind the plugins. #185

Closed
3 tasks
Theamansinghrajput opened this issue Nov 26, 2022 · 2 comments

Comments

@Theamansinghrajput
Copy link

Bug Report

Problem

What is expected to happen?

What does actually happen?

Information

Command or Code

Environment, Platform, Device

Version information

Checklist

  • I searched for existing GitHub issues
  • I updated all Cordova tooling to most recent version
  • I included all the necessary information above

image

Our company get above message from google play, some features in app is uploading phone information to cordova server. is this ? in cordova's credibility.

@breautek
Copy link
Contributor

I can confidently say that this plugin does neither read the phone number or send any information to the cordova website.

I don't think any of the apache plugins would do this. We do have opt in telemetry, but that is on the CLI tooling only and wouldn't record phone numbers.

What I would suggest is to do a "Find in folder" type of scan for any files that contains keywords, like the cordova apache domain.

@jcesarmobile
Copy link
Member

All the plugin code for Android is in this class https://github.com/apache/cordova-plugin-device/blob/master/src/android/Device.java

You can see there is no code for getting the phone number and no code for making network connections to cordova.apache.org. Also we don't have any endpoint on cordova.apache.org for getting phone numbers. If you don't believe you can check it as the repository is also public.

Also the plugin doesn't request any permissions, as far as I know, for getting the phone number you'll need android.permission.READ_PHONE_STATE.

The only sensitive information the plugin gets is the Secure.ANDROID_ID, we have a separate ticket tracking how we could manage to not provide that id if not desired.

@jcesarmobile jcesarmobile closed this as not planned Won't fix, can't repro, duplicate, stale Nov 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants