You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
first of all I'd like to thank you for your great app and for your decision to go open-source. Your app and your website are amazing, very transparent and explain everything perfectly.
Getting to the point: In your security-section you state out, that your app does not collect personal or private data and that you only use statistical information that is collected through Firebase. To do that, your app has to connect to a whole bunch of different domains. In the last days of using the app it connected to 11 different domains: api2.2fas.com, app-measurement.com, gateway.icloud.com, ocsp.pki.goog, firebaseloggin-pa.googleapis.com, itunes.apple.com, metrics.icloud.com, device-provisioning.googleapis.com, fcmtoken.googleapis.com, firebase-setting-crashlytics.com, firebaseinstallations.googleapis.com
The issue I'd like to express is, that there are some people (like me) who'd love for their OTP-App to not connect to the internet at all. While most of the domains are for using Firebase of course and while I totally trust you when you say that you don't collect personal information, there is hardly a way for me to monitor that (as I am not able to audit your code). I know that you need the collected information for several reasons. That's why I'd suggest an additional feature that is easy to implement and that would allow for your users to chose, wheter the app may or may not connect to the internet. Of course you'd lose a certain amount of information that you could otherwise collect. However, I'd assume that many people would still voluntarily grant you access to the statistical information while at the same time you'd make your app far more attractive for people, who want their OTP-App to not share any information with anybody. I'd argue that there are some people who would even do an in-app-purchase (or something like that) to get this feature and that you'd be able to convice even more people that you're serious when you say that you care about the privaxcy of your users.
I'm looking forward to reading your thoughts about my proposal. Thanks for your time!
Best regards
Ilsidur
The text was updated successfully, but these errors were encountered:
Hi everyone,
first of all I'd like to thank you for your great app and for your decision to go open-source. Your app and your website are amazing, very transparent and explain everything perfectly.
Getting to the point: In your security-section you state out, that your app does not collect personal or private data and that you only use statistical information that is collected through Firebase. To do that, your app has to connect to a whole bunch of different domains. In the last days of using the app it connected to 11 different domains: api2.2fas.com, app-measurement.com, gateway.icloud.com, ocsp.pki.goog, firebaseloggin-pa.googleapis.com, itunes.apple.com, metrics.icloud.com, device-provisioning.googleapis.com, fcmtoken.googleapis.com, firebase-setting-crashlytics.com, firebaseinstallations.googleapis.com
The issue I'd like to express is, that there are some people (like me) who'd love for their OTP-App to not connect to the internet at all. While most of the domains are for using Firebase of course and while I totally trust you when you say that you don't collect personal information, there is hardly a way for me to monitor that (as I am not able to audit your code). I know that you need the collected information for several reasons. That's why I'd suggest an additional feature that is easy to implement and that would allow for your users to chose, wheter the app may or may not connect to the internet. Of course you'd lose a certain amount of information that you could otherwise collect. However, I'd assume that many people would still voluntarily grant you access to the statistical information while at the same time you'd make your app far more attractive for people, who want their OTP-App to not share any information with anybody. I'd argue that there are some people who would even do an in-app-purchase (or something like that) to get this feature and that you'd be able to convice even more people that you're serious when you say that you care about the privaxcy of your users.
I'm looking forward to reading your thoughts about my proposal. Thanks for your time!
Best regards
Ilsidur
The text was updated successfully, but these errors were encountered: