The intended audience for this app would avoid the app if it put them at risk of being identified as using it. We are providing audio downloads over HTTPS from archive.org, so that the local ISP cannot associate the users with this app in particular.
Since audio downloads will already require that users grant Internet access permission, is there any reason to NOT use Analytics?
Also, does the particular analytics service make a difference? For example, if I use Firebase, the config file includes
I don’t know if the “unique-id-of-my-sensitive-app” portion is visible to the ISP (e.g. sent to DNS lookup) or if the HTTPS connection to firebaseio.com is made first, and then the app ID transmitted securely.
On the other hand, Amplitude just has a hex string to transmit, hopefully securely.
What we don’t want is that the local ISP can tell a user is using this particular app.
If your audio is FCBH audio, then you should use FCBH Digest Analytics. Even if it isn’t, I would recommend using FCBH Digest Analytics.
- It is low impact on the user (~300 bytes)
- It is a summary of events that happened over a day period instead of individual events – what do you really care about?
- The app will queue the reports until the device becomes back on-line (even if app has been closed or device rebooted)
- FCBH has a nice dashboard
- Reports are file uploads to an S3 bucket in asia (so not tracking to some analytics service)
Sounds great! But how does the upload to the S3 bucket work? Could the local authorities download the app, make note of where it connects to online (that S3 bucket), and then know that any user in country who connects in the same way must be a user of the app? Or might any number of unrelated apps out there connect to the same server in Asia, and the contents that route the data to FCBH Analytics are transmitted securely? If the local authorities want to identify all users of the app, is there any way that they can do this if we use FCBH Analytics? What about Amplitude?
I have similar questions as @Dan_Em does here. I’m generally find including Analytics in an app but the translation project leader has been hesitant for similar reasons as mentioned here.
Granted, I think that if local authorities were suspicious of a specific user and wanted to see if they had the app, they may just take the person in for questioning and get their phone unlocked by some method…I think this is a higher risk than a broad scale effort to identify all users of an app. The analytics options mention that the information collected is non-identifiable per user but that probably doesn’t alleviate the concern.
I don’t know if you have any other thoughts about security/privacy in the app, but I would definitely be interested to hear them. I see your line of reasoning – if someone installs your app from an app store (I presume that’s what you’re doing) , and the audio always comes from archive.org, and your analytics are not traceable, then maybe there are no assets that are publicly visible on the wire.
This app only accesses the Internet if you choose to stream or download the audio. It does so securely, confidentially and anonymously from GitHub to best ensure your privacy. Storing or accessing the audio files requires storage access permissions. The app does not use analytics or contain ads.
@jkurian I was told by @richard that there was recently a conversation about this topic. Could you speak into this issue? Or provide a summary of the conversation? Or was it part of your recent EMDC seminar on Google Ads? Many thanks.
I believe I was in the meeting with folks from FCBH. They said if you are concerned for people using the app, then don’t worry about reporting analytics. Obviously, the safety of the users are way more important than statistics.
Yes, I agree statistics aren’t worth risking someone’s safety.
But I’m wondering if anyone at FCBH (or anyone else for that matter) has done the research themselves or has asked cybersecurity experts if this is a real concern or just a concern birthed out of watching too many spy movies…