Feature Request: Option to disable all internet communication #6
Comments
|
Hi @Ilsidur, Yes, we're discussing an option to opt-out or even opt-in to usage stats. As the team's time is limited we're optimizing a list of developed features using these stats to know what's being used and where to put more effort in the short term. You can check what events are observed here: https://github.com/twofas/2fas-ios/blob/main/TwoFAS/TwoFAS/Data%20Controllers/Analytics/AnalyticsController.swift As for the URLs: Firebase with Crashlytics: app-measurement.com, ocsp.pki.goog, firebaseloggin-pa.googleapis.com, device-provisioning.googleapis.com, fcmtoken.googleapis.com, firebase-setting-crashlytics.com, firebaseinstallations.googleapis.com Our API: Apple's iCloud (checking availability): Check if you have the newest version: Stats from Apple (you can opt-out in system settings): Thanks for the idea. We'll investigate the possible options. I'll close the issue for now. |
Hi everyone,
first of all I'd like to thank you for your great app and for your decision to go open-source. Your app and your website are amazing, very transparent and explain everything perfectly.
Getting to the point: In your security-section you state out, that your app does not collect personal or private data and that you only use statistical information that is collected through Firebase. To do that, your app has to connect to a whole bunch of different domains. In the last days of using the app it connected to 11 different domains: api2.2fas.com, app-measurement.com, gateway.icloud.com, ocsp.pki.goog, firebaseloggin-pa.googleapis.com, itunes.apple.com, metrics.icloud.com, device-provisioning.googleapis.com, fcmtoken.googleapis.com, firebase-setting-crashlytics.com, firebaseinstallations.googleapis.com
The issue I'd like to express is, that there are some people (like me) who'd love for their OTP-App to not connect to the internet at all. While most of the domains are for using Firebase of course and while I totally trust you when you say that you don't collect personal information, there is hardly a way for me to monitor that (as I am not able to audit your code). I know that you need the collected information for several reasons. That's why I'd suggest an additional feature that is easy to implement and that would allow for your users to chose, wheter the app may or may not connect to the internet. Of course you'd lose a certain amount of information that you could otherwise collect. However, I'd assume that many people would still voluntarily grant you access to the statistical information while at the same time you'd make your app far more attractive for people, who want their OTP-App to not share any information with anybody. I'd argue that there are some people who would even do an in-app-purchase (or something like that) to get this feature and that you'd be able to convice even more people that you're serious when you say that you care about the privaxcy of your users.
I'm looking forward to reading your thoughts about my proposal. Thanks for your time!
Best regards
Ilsidur
The text was updated successfully, but these errors were encountered: