Trackers

[IzzySoft]

I've just found your app, and it looked promising – so I took a deeper look. For an app dealing with sensitive data (personal data, and especially health data), it shouldn't contain any trackers – but alas, it does:

Offending libs:
---------------
* Crashlytics (/com/crashlytics): Tracking
* Firebase Data Transport (/com/google/android/datatransport): NonFreeNet
* Google Mobile Services (/com/google/android/gms): NonFreeDep
* Google Play Core (/com/google/android/play/core): NonFreeNet,NonFreeDep
* Firebase (/com/google/firebase): NonFreeNet,NonFreeDep
* Firebase Analytics (/com/google/firebase/analytics): Tracking

6 offenders.

I wouldn't trust any personal data to the companies represented by those services – and I wouldn't like to see my personal data going there. So would you consider removing those offenders, so your app can be recommended for this purpose? Thanks in advance!

[yashovardhan99]

Hi @IzzySoft Thanks for your report about this! Firebase is used in this project only to maintain compatibility with v1.0 of the project. The old version of this app stored data on Firebase Firestore (really bad, I know). With v2.0, I have an ambition to remove all online services and make the app complete offline. However, I still need to maintain compatibility and allow users to migrate data they have stored in the cloud.

Once v2.0 is released as stable, I will be slowly removing Firebase libraries and databases in a phased manner. The original plan was to complete the stable version by May 2021 and then start removing firebase database in a phased way starting 2022; However, that took a hit due to my full time work taking priority.

That said, my complete code is open source, I only publish the final aab file generated by the release pipelines on GitHub on the Google Play Store. You are free to analyze the code and report any places where sensitive data might be tracked. Presently, Google Analytics related code mostly resides in AnalyticsEvents.kt. This class is tracking only anonymous data related to things like-

• New patient being created/edited/deleted (only patient id is logged, which is just an integer in serial order) - It can never be used to identify an actual person. Patient names, descriptions etc. are never sent to any analytics server.
• New healing being created/edited/deleted (again, only patient id is logged)
• New payment being created/edited/deleted (patient id is logged)
• The user navigating across different screens.
• The status and result of import/export of files - Here, these parameters are just a string which track values like "started", "failed", "completed" etc. These were added to help me keep a track of how often imports/exports fail.

This was added mainly because the app is currently in a beta stage and I wanted to see how my app behaves and how users use it. However, I do plan on either migrating to other free (more data-friendly) solutions or removing analytics altogether once my app starts rolling out in production.

Further, I would like to clarify that v1 of this app was not meant to store sensitive medical data as was outlined in the old Privacy Policy. You can find the latest privacy policy here. This clearly states what information is being collected and tracked.

Coming to the issue with using Firebase services, I understand that a few users might have objections to the use of their service. If you have any suggestions for alternatives, please drop them here (or better yet, help implement that yourself!). I did have plans to replace firebase with open source alternatives, but couldn't find any good alternatives which can work for me at no cost.

Once the beta period of this app is over however, I will slowly remove firebase dependencies. Some of the dependencies you mentioned are required to maintain compatibility with v1 of this app as I mentioned. Regarding the others, if I find free open alternatives to those services, I will be more than happy to switch to them.

Once again, thanks a lot for these issues! This app was created by me a few years back when I was much more naive as a way to help some of my friends/family. It doesn't have many users except for friends/family as of now. I am working on this open source project only in my free time since I have other full time commitments. So please expect these changes to take time. If you feel so strongly for the causes you mentioned, please consider supporting the app so that I can migrate away from firebase services as soon as possible.

[IzzySoft]

Hi @yashovardhan99 – and first many thanks for your fast and comprehensive answer! Let me also clarify that I didn't mean to accuse you of intentionally sending sensitive data to those services. The problem with the libraries mentioned is they are proprietary and closed-source, so you cannot really investigate what they do. Further, making them part of your app they get access to anything the app has access to, be it permission-wise or the data accessed. Which means, you can never tell for sure what data leaves the device and where to.

I'm really happy you already have plans to abandon those libraries. I'm no Android developer, so hints I can give are possible few. But what I can give, I give freely. My F-Droid snippet collects such developer hints, so there you'll find e.g. pointers for acceptable analytics, or replacements for push notifications – for the latter I strongly recommend UnifiedPush, which gives the user the choice what service to use and thus helps them having control over their data (also see my listing of Push Clients/Manager, including the "distributors" for UnifiedPush).

As for replacements to other Firebase things, I've no idea (but welcome hints to include with the linked snippets, so others can profit as well). If you could roughly outline what features that might be, I can keep my eyes open as well or might even be aware of something without knowing it 😉

If you were able to reduce those "offenders" to a minimum (say, removed those analytics and the Google Play stuff), I happily offer you a place in my F-Droid repo. If you can get rid of all of them, I could even help you getting listed at F-Droid directly. Both places only accept open source apps, and both have a strong focus on privacy – with F-Droid having the stricter rules, and my repo often serving as stepping-stone. Privacy proponents usually prefer these places over Google Play (I myself don't even have a Google account anymore, as Google closed that for inactivity years ago).

Finally: Great you care about such things! And often good rises greater than expected if one starts "just a small app to help the relatives" (like Uriah's BaldPhone for the elderly). Please keep it up!

[yashovardhan99]

I completely agree with you. I will look into acceptable analytics and other suggestions to see what can be done. Do note that it might take a few months atleast, as the app is currently in beta and the major focus is to move it to stable first. However, these are certainly in my todo list and I will use this issue as a tracking point for this.

Thanks once again!

[IzzySoft]

No pressure! Do as your time permits. When you made progress and want me to perform another scan, just place a comment here (I'd suggest we keep this issue open for the progress on this task, if you agree).

[yashovardhan99]

I agree. I have added the sticky label to prevent stale bot from auto-closing this