Trackers & Permissions (exodus report) #319
Comments
|
I completely agree ! While I am very thankful that the app is kept alive, I think that if the trackers are not used to gain information to maintain the app or to do ads, then they should be removed. This would make the app much more privacy-friendly. As it is, I don't feel like using the app if information about its use will be sent to Facebook or Google, and especially if it is not used to make the app better. Which is a shame, as the app looks really amazing ! |
|
Thank you for keeping this app going. It's not clear where the source code for version 2.2.3 is (what's currently deployed to the Google Playstore). The release date of March 2nd, 2021 doesn't correspond to anything on the releases page, and it's not obvious which commits went into it. Is it safe to assume that the code in Github reflects what's ending up on our phones? |
|
Never knew about this site; nifty!
FreeCBT intends to use exactly zero of the trackers listed on that page. Unfortunately, I suspect most of them come from Expo - Expo probably allows integration with those trackers, so they end up listed on that page, even when they are never used and no data is sent their way. Example of another developer encountering that issue with Expo: FreeCBT inherited several other tracker/analytics/internet-access-y tools from Quirk. I'm not very familiar with any of these, and since I'm not adding new features I certainly don't check any of them regularly. Removing these would be totally fine, I'd like to do it eventually, and I wouldn't be opposed to any pull requests doing so:
Probably the same story with most of the required permissions: I haven't deliberately added them. I'd be open to removing them (or PRs removing them), if it can be done without breaking things. That said, I am not a mobile app expert and am very wary of breaking things.
The last kind of internet access that FreeCBT uses is for automatic updates to the FreeCBT code via Expo. FreeCBT automatically updates itself to match what's in the github repository, without going through appstore/play store review processes. Small and infrequent changes, usually. The internet permission's regrettable for an app that deals with such sensitive data, but I'm not going to turn off this auto-updating. Without it, releasing any change to freecbt is incredibly tedious, with many manual steps to update the app stores - and as an unpaid volunteer, I'm sorry but I'm just not going to do that. Your CBT exercises and other personal data should never leave your device.
Yes: automatic updates, explained above, ensure the code on github is what ends up on your phone. The release date shown on the play store is usually not relevant - the automatic updates described above don't affect it. I hope that helps? Feel free to ask more questions; privacy's important! |
|
That's a great post, @erosson ; thanks a lot for taking the time to address those details. I feel like this can sound like a lot of nitpicking, especially since our privacy is being daily breached in many ways when we use computers/phones. But I do believe that it is still important to show that alternatives are not only possible, but awesome; just like FreeCBT ! Sadly, I don't know enough code to remove the existing trackers; but I'd be glad to help to make more visible the idea that FreeCBT might be the only free and private app for CBT journaling once they're gone. Internet access for auto-updates seems reasonable to me. Thanks again for the explanation, and have a nice day ! |
I ran exodus privacy (link to their website) on my phone and they linked a report for FreeCBT which can be found here: https://reports.exodus-privacy.eu.org/en/reports/142251/
According to this report there is no app on my entire phone with more trackers. Is this correct? Maybe it's overly zealous or something. There are also a lot of unlikely permissions (like the internet permission?) but those are much more transparently listed on the Play Store page.
Anyway, thank you for reading & big thank you for keeping this app alive!
The text was updated successfully, but these errors were encountered: