Hacker Read top | best | new | newcomments | leaders | about | bookmarklet login
Three quarters of Android apps track users with third party tools (www.theguardian.com) similar stories update story
174.0 points by dberhane | karma 1553 | avg karma 6.0 2017-11-28 12:56:02+00:00 | hide | past | favorite | 102 comments



view as:

I wonder if there is a comparable study for iOS apps? Or are there iOS versions of "Tinder, Spotify, Uber and OKCupid" better than the Android counterparts.

> Both of these trackers have been profiled by Privacy Lab and can be identified by Exodus scans.

I have tried looking up Exodus but can't find any info. Anyone knows what this tool and how does it work?



Does anyone know why Firefox uses DoubleClick?

https://reports.exodus-privacy.eu.org/reports/177/


My suspicion is that this is a false-positive. If you go to about:config and search for doubleclick there is an entry called: browser.urlbar.doubleClickSelectsAll

Use is self-explanitory in the name.

This twitter thread indicates same:

https://twitter.com/rnewman/status/934861503630643204

Also, LeanPlum is explained here:

https://support.mozilla.org/en-US/kb/send-usage-data-firefox...

Quote:

Firefox for Android, Firefox for iOS, Firefox Rocket and Firefox Focus collect data about installations and retention using a third-party tracking framework called Adjust and Leanplum. This helps Mozilla determine the origin of the installation by answering the question, "Did this user on this device install the application in response to a specific advertising campaign performed by Mozilla?"


Having worked in a few agencies and departments that do both iOS and Android apps, whenever possible, they want parity between the two. So if the Android app is doing it, odds are better than not that the iOS app is also doing it to the extent allowed by Apple.

mobile dev here.

From my anecdotal experience I can tell you that whatever data we collect on Android we collect on iOS too (crashes, usage, etc) .


3/4 of apps? I'm surprised it's not higher. Probably similar thing for iOS: everyone installs ads, translations, google analytics, data-mining and data-analysing tools, or feeds logs to such tools.

The real price of "free"

Nonsensical statement. Paid applications do this too.

I don't get it. If you're in IT in any role, you know this is happening. I install zero apps on my iPhone. I don't need them. Banking and other secure things are more properly done on a desktop or laptop running some form of nix with proper security in place.

I would never access my bank or other secure website with crucial information via a mobile phone. Call me an anachronism should you wish, but I've never had the tracking worries or data leak worries others do.

On my nix desktops, I block all ads, all tracking cookies, no third-party cookies, I whitelist my bank and Fastmail account for cookies, and I block coin mining, HTML canvassing, HTTP/S referrer, CSS history lookups, and so much more. In addition, I surf through a VPN. Why risk it?


I'm not sure why you are being downvoted here. I learned a lot from your post! I set up my cookies to stop 3rd party and delete at the end of a session. I also learned about /etc/hosts and blocked a ton of bad stuff at the system level. You are awesome, thank you!

It will never be reasonable, feasible, or worth discussing that e.g. every day users run a linux only locked down desktop and never use their mobile phones. Every time a privacy topic comes up, there is always someone to come in and say "uninstall windows and OSX, delete all of your social media accounts and block the entire Internet, quit your job that requires you to use these devices and services, run your own mail server, if you REALLY care about privacy you'll essentially stop using the Internet, cut yourself off from all of society and make your devices unusable" -- which can offer advice for people looking to do this but adds little to the discussion around tracking, privacy, data security.

If you try to fight against advertisers and privacy-invading trackers and malware alone you will always lose. They are huge companies. They bribe your computer manufacturers to auto-install malware. They infect your operating systems. They have CAs. They have millions to spend on thousands of brilliant engineers who will work around anything you come up with to attack your security and privacy. An answer must be feasible for almost everybody so that we can all enact it collectively, technical or not, or it is no answer at all.


Very true. I mean, I have an iPhone for work. And a dumb cellphone for personal stuff. I do use social media with family and close friends, but that's from notebook and desktop. I don't mix social and work on the same devices, and I'd be out of work if I did.

However, I strive on such insecure channels to be very uninteresting. I restrict everything that's potentially controversial to channels that are more private and anonymous, using VPNs and Tor. I share about that stuff with nobody who knows who I am in meatspace. And vice versa.

So it's not that I'm "cut[ting] [my]self off from all of society". But I am revealing different aspects of myself to society through channels that would take considerable effort to link. That is, I compartmentalize.

I realize that I've gone to extremes. But for me, it's mainly become a hobby. Or rather, LARP. Still, anyone can start compartmentalizing. Just get a used low-end gaming machine, install Linux and VirtualBox, and learn to use VMs. Run a VPN client in the host, and learn enough iptables to lock it down. Run Linux VMs with other VPN clients, to get nested VPN chains. Run Whonix VMs to connect via Tor.


That's rather impressive. Unfortunately, I believe I've made the sacrifice of security for convenience and I may need to reevaluate that sooner than later.

Congratulations. You have the technical acumen to do that — along with, at a guess, 0.0001% of the population of the entire planet.

Not really a solution, seen in that light, is it?


For most users though you actually get better security guarantees if you do that stuff on an iPhone/iPad (or Chromebook I suppose).

This is such a non-story.

How so? Everybody screams bloody murder whenever the topic of telemetry is brought up and this is telemetry on a massive scale.

You're right, but I guess it seems to be a non-story to developers because the first thing you do prior to launch is add telemetry for user behavior and app performance.

Exactly. Every website and every mobile app, android and iOS, where the devs and/or product management are competent at all, are tracking your behaviors. That is how they know whether each and every feature is working well or not. The articles on this recently are just making a stink over nothing.

Imagine trying to run any kind of business without being able to observe how your customers are interacting with your product? I get that it is surprising and creepy but people just need to get over it because it isn't going anywhere and it is actually very valuable and good. If there is anything to be upset about here it is that that tracked information is frequently sold to 3rd parties without user consent which I'm all for legal restrictions on.


That is how they know whether each and every feature is working well or not.

How does this explain the "quality" of Snapchat and Tinder?


"Third party tools." Ads. They're called ads. Don't beat around the bush. Google won't fix the problem because their business is selling ads.

And Apple won't even let you know this is going on. https://news.ycombinator.com/item?id=15809283

Crashlytics isn't ads. It's crash reporting. Mixpanel isn't ads, it's analytics.

Quote in the article, directly from Crashlytics:

> "and get insight into your users, what they’re doing, and inject live social content to delight them."

It's also analytics, and ads.


I guess that's a feature it offers, but like most people I've used it solely for crash reporting.

The surprising part to me is that it's only 3/4. I assume the rest are not doing any real analytics.

Of course they are using 3rd party tools, because the software and infrastructure required to do meaningful analytics on a large user base is way beyond what any startup or independent developer can afford to invest. There aren't even decent Open Source options - Google Analytics long ago sucked the air out of Open Source in this space and choosing Open Source means running your own infrastructure, which is non-trival the moment you start having Gigabytes+ of usage data.


Exactly this. We're constantly told not to "roll our own X", making paid offerings like Azure App Insights, which is more robust than any hand-rolled solution we could ever develop, so appealing.

We're not trying to sell the user, or their data. We just want to know which features are being used and whether or not it's meeting our performance criteria, thus doing the user a favor by meeting those criteria.


The problem is not informing the user that you use SDKs from third party providers, although using them for login services (Facebook, Google+, twitter) or tracking (Crashlytics, Microsoft App Insights). The other problem is not knowing exactly what these SDKs can collect. They basically have the same permissions as the apps that include them. Crashlytics will collect and send location data alongside bug reports if the crashed app has this permission. (Source: Study on the most popular 200 apps in Germany done on real network traffic. We don't know if the study will be available for the public.)

We are currently pushing for legislation changes in Europe. Users should be informed about SDKs and data destination. Europe has 3 main data sinkholes, Ireland (EU data centres for US companies), Netherlands (Akamai) and Germany (probably selection bias). Nobody knows where the data ends up afterwards and under which legislation it falls.


This is certainly a good move. The Facebook SDK for example is widely used by many apps for Facebook ad performance tracking and analytics and that's something he public should be aware of.

See https://medium.com/ios-os-x-development/libraries-used-in-th... for example


Oh well then, if it's hard then feel free to violate my privacy instead, I'd hate to inconvenience you, the developer! /s

We really need to get over this notion that developer time is the most important thing in the world, it's having negative affects on privacy, performance and probably more. Gigabytes of usage data is really not that much anyway, but even if it is, you don't need to track every single user, just a representative sample.

And don't forget the age old option of not doing analytics, except for marketing purposes I've rarely seen analytics provide more value than it's worth.


haha

I came to say exactly this

Mobile engineer here, I don't know any mobile app without some form of tracking because at the very least you want to know when your app crashes and have a way to get the stacktrace.

Enter firebase crashreporting / crashlytics


Am I the only person who doesn't mind being tracked? I don't use an ad-blocker or VPN and allow all cookies.

I see it as a fair trade for reading articles, watching videos, playing games, etc. without paying any money out of my own pocket.

EDIT: Why the down votes with no replies on this?


Why do you think it's a fair trade? Your personal information, privacy and security is worth so much more than a few measly videos or games.

If the two parties engaged in a transaction know all of the information about the transaction and the transactions consequences and still agree, then by definition, it must be a "fair" trade, where "fair" means fair to both parties engaging in the transaction.

Only if both parties have perfect and complete information about the true costs. In this example, he's selling himself way short, his entire online privacy for a few silly videos.

Is there a way to get more value in exchange for my online privacy? Would be interested to find out a way to get more value out of an asset I don't value highly.

No. It's a flawed premise, since you are not actually part of the negotiation. You are not the customer, you are the product being traded.

The only way you can change this is to insist on your privacy being respected, by using tools to inhibit tracking, and by voting with your wallet, by choosing services and vendors who respect your right to privacy.


>You are not the customer, you are the product being traded.

Yes and this is fine with me. I don't see why this is such an abhorrent concept. I want something (content) without paying (money) for it. Instead I pay with access to my data and behavior.


And you're perfectly fine with not being able to negotiate the price? You're a base commodity, traded between two entities that you have very little actual information about, and you have no way of influencing the price for which your data is sold, or where it goes.

To me, that is outrageously dystopian.


> And you're perfectly fine with not being able to negotiate the price?

Yes. They have content I want that I'm not willing to give up. I have no leverage in this situation.


Personally, I disagree.

I don't have a lot of money but I like reading articles and playing games.

I don't place any significant value on my personal information, privacy, and security, so why not trade it away? I'd much rather do that than have to start paying for games, news, articles, etc.


Because you're selling it for way way too cheap.

Can you give examples of who's paying the most?

No, because they don't want you to have this information. You are not supposed to be an informed partner, just a product being sold and traded, like a sack of grain.

And this doesn't deeply disturb you?


No, not at all. I get what I want (games/articles/videos) and I give up something I don't value at all.

The idea of telling me, "you're undervaluing it!" and then saying there's no way to get more value out of it seems ridiculous.


"Many of these trackers are also available in the Apple iOS app store, though technical and legal barriers limit privacy and security analysis."

https://law.yale.edu/yls-today/news/isp-privacy-lab-publishe...

And from https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.htm...:

"As Exodus and Yale note, these trackers are almost certainly also present in iOS: the companies that make them advertise their iOS compatibility, for one thing. But iOS is DRM-locked and it’s a felony – punishable by a 5-year prison sentence and a $500,000 fine for a first offense in the USA under DMCA 1201, and similar provisions of Article 6 of the EUCD in France where Exodus is located – to distribute tools that bypass this DRM, even for the essential work of discovering whether billions of people are at risk due to covert spying from the platform."


The data the trackers can gather is more restricted but the principle remains the same. I've installed various of different kinds for my customers. Most of them are simply tracking what users do in an application to see how they can be improved but I've seen an app that uploaded your whole contacts book immediately (when it was still allowed, not the case anymore).

I'm not too much in the know about Android permissions. I know it improved a lot lately but I think still some permissions are still accepted silently on install.

Gathering data about the movements of your users within your application can really be helpful, I draw the line where things get shared with third parties or excessive data is gathered.


In four years of developing iOS apps I can't think of a single client that didn't want some kind of third party analytics service installed. This is SOP for pretty much anybody trying to drive user growth on mobile and isn't specific to one platform or the other.

Would it be more pro-privacy than anti-developer if Apple sensible integrated such analytics into its platform?

Apple does now offer integrated analytics in iOS but it's pretty limited compared to what the third party services offer so it's not really a viable replacement for most people yet.

Worse still - on iOS there's no way to block this kind of stuff. On Android there's both VPN and hosts file based blockers as well as extremely capable tools like XPrivacy for those who really want to get down and dirty.

Try launching one of the top games with XPrivacy installed. You get to click allow for the dev's server and block to 5+ 3rd party analytics, crash reporting and ad services. I'm sure many of these provide developer value, but there's definitely a harm to user privacy.


Try Adguard's DNS content blocker. I bought the pro version to control access with a custom VPN, and that enables it to filter your cellular traffic, not just wifi. The app runs a local VPN on your iPhone, and you can block analytics domains. Here are some things I've blacklisted and prevented common apps from connecting to: settings.crashlytics.com data.flurry.com graph.facebook.com google-analytics.com adobemobiledev.sc.omtrdc.net api.leanplum.com

So you can deny connections to a lot of shady websites, and in total I'm blocking around 100 different domains.

No more web fonts from Google, no Facebook or social media connections through apps or websites, and it's great.


Only 3/4? That only means the "researchers" didn't try hard enough on the remaining 1/4.

100% of every app you use, mobile or web, has user behavior tracking.


Nonsense. Here are some of the apps I use:

- AOSP email client

- Silence

- F-droid

- Simon Tatham's Portable Puzzle Collection

I don't think any of those are tracking my behaviour.


Oh common, even you have to believe your statement is hyperbolic. What about the little crud apps people write for convenience? I wrote a weather app that scrapes data that I look at but made it faster so I don't need to load the entire website every time I want to review it. 0 tracking what-so-ever. I've come across several apps published by friends that do the same and couldn't imagine it's hardly a strange thing to write an app and not want to see it as some sort of monetization scheme.

I wish I could edit the hosts file of Android devices without root. Barring that, I wish I could force a DNS server for both wi-fi and mobile data links, which I believe also requires root.

Either one of these options would allow the use of DNS blackholing for adware/malware domains. Without it, protecting yourself on mobile is that much more difficult.


You can do this with the VpnService API, and there are multiple apps that do this for you. Example (not an endorsement — do your own research): https://github.com/x-falcon/Virtual-Hosts

I wish root were easier to get on my own damn phone

Agreed. I don't mind the requirement of root, just as I'm glad my desktop has a root account that's not the default account. That said, the effort required to obtain root on my own device is silly. It should simply be a switch in the "Dev Tools" settings screen, which is already hidden from plain consumers.

I've long thought about setting up a service that people can connect to with their mobiles or other devices (who don't want or can't root) that basically sanitizes their connection: strips out ads, beacons, tracking cookies, etc.

Or, set up virtual desktops that people can connect to that also use VPNs that could allow people to originate their traffic from a given region.

I'm primarily interested in created a sanitized stream more than anything. People have a right to surf without being tracked.


you'd need them to install a custom root cert if you wanted to MITM their secure traffic, and still wouldn't be able to do much with any app or service that pins or bundles its own certs without going through PKI system though?

I guess you could just block that traffic and let people deal with the breakage, maybe. I wonder how common it actually is.


I think you can use DNS66 for WiFi and LTE. It creates a VPN, which is really just a local proxy that you have on all the time. All traffic goes thru it.

Shoutout to this service - from what I can tell it is the least concerning of several options in terms of data leakage and trust. At the least, it seems to work after testing several domains blacklisted through Steven Black's host file on Github.

This is a bit alarmist. I develop a popular app that has no advertising but I still ship mixpanel and crashlytics. I do that because I need to know how people are using the app in order to make the app better. That's it. If the app crashes and I don't know about it then I can't fix it and my users would hate me. Without these tools the apps would be worse.

Yep, I agree completely. I work on a relatively well known app, and we use Crashlytics to monitor crashes (duh), and other tracking software to reduce friction in the app.

We don't care who tapped button A instead of button B, we just want to know how many people tapped button A instead of button B.


You don't care, but we can be reasonable sure that Crashlytics has access to that data.

Even if they don't use it that with ill intent themselves (there's really no way to know one way or the other), we can also be reasonably sure that it won't stay secure with them forever.


All the data is anonymous, though: the only identifying info we're sending them is an internal Customer ID.

I believe the point of the article is that the data belongs in 3rd party hands. You might not be doing anything nefarious with the data, but that data does not belong to you and it is outside of your control to protect your users.

Given IP addresses, device identifiers, application identifiers, and timestamps - these 3rd party applications now have some pretty valuable signals that can be aggregated with other signals from other tracking methods to create a detailed profile linking users across devices, browsers, and geo locations.


many of those third parties do not own the data - the data is owned by whoever's account (will obviously vary).

That is like saying Facebook does not own the content uploaded to it. These analytic tools are the ones doing the collection, at the end of the day it is their data that they allow you to use.

no it's entirely unlike that. From the Amplitude MSA

https://amplitude.com/msa/

All Customer Data is, or shall be, and shall remain the property of Customer. Customer Data shall not be used by Amplitude or its agents other than in connection with providing the Service or support under the terms of the applicable Order Form and this Agreement. Customer hereby grants Amplitude a non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to use, collect, transfer and process, the Customer Data for the sole purpose of Amplitude providing the Service and support to Customer under the terms of the applicable Order Form and this Agreement. In addition, Customer shall own all right, title and interest to the Results obtained by Customer through Customer’s use of the Service. For purposes of this Agreement, “Results” shall mean the data based on Customer Data resulting from Customer’s use of the Service.


You might have a good excuse, but don't deny what is really going on here.

These "free" analytics services have a dark side. The price for using them is that they get to build profiles of your users, with varying degrees of invasiveness. And once you sign up with them, you are selling out your users.


I wouldn't use Crashlytics. I use ACRA (https://github.com/ACRA/acra) for a project that has around 30k active installs.

I also wouldn't use Crashlytics due to a study that we've conducted in the last 3 months on 200 of the most used apps in Germany. We have collected real network traffic with a setup consisting of Wireshark and sslsplit (https://github.com/droe/sslsplit). We have discovered that Crashlytics will send GPS location data alongside bug reports. Probably it tries to collect as much data as possible.


Something like a trackblocker could be the next step for privacy concerned companies. Or an opt-in variety.

That is already a thing. There are lists you can subscribe your adblocker to. They also cover Malware, Badware, Resource Abuse (Bitcoin Miners), Anti Cookie, Anti Social, Anti Adblock and more.

Sorry for not being clear. I mean a track blocker that blocks applications from tracking you. Of course I've took measures in my browsers already.

Spotify windows app. I wonder what it gets to spy on.

To help mitigate this situation, users can and should start to use blockers just like we do on browsers. The best and less invasive I've found so far is Blokada[1].

It works as a fake VPN giving you the power use blocklists to filter all your connections.

Downside is that I believe in doesn't work if you already use a VPN.

So far it has helped me block 80.921 ads and trackers. As a bonus it saved me 242.79MB.

By default it whitelists Google Analytics, so if you don't want that you should disable the whitelist or configure it.

[1] http://blokada.org/index.html


This thread is a really interesting example of how easily humans can simultaneously hold conflicting beliefs/opinions. I'm gathering that a lot of developers and businesspeople here:

a) are very concerned about collection of their own data

b) derive material value from Crashlytics, Mixpanel and other "tracking tools" for their work

It's tricky to reconcile those two ideas.


The tracking I do of my users is good. The tracking others do to me, as their user, is bad.

As an avid amateur student of human behaviour, I appreciate your keen eye for this. I actually don't think it's tricky to reconcile the two.

The people conducting the analytics are doing it 'for the right reasons'. The people being analysed don't trust anyone to do anything 'for the right reasons' or without some amount of scope creep around the edges of 'the right reasons'. Self versus someone else. I've got the best intentions, but I don't think anyone else has.

It touches on the theory of: if a company was a person it would have the traits of a psychopath / sociopath. The ends justifies the means. Grow the business, and analytics is the best way to do it, or to visualise the progress and adjust the method.

Human as part of the business: We gotta do these things to give ourselves the greatest chance of success

Human as consumer of app: Why would they possibly need access to THAT?

There are definitely multi-personalities involved. WHich seems increasingly normal. Wasn't there an HN article on that recently?

The brain is a denial-machine. It enables hypocrisy, and I can only theorise that this is due to our inability to survive if that wasn't the case.


Intuitively I'd agree that "best intentions of self vs. others" is probably the mechanism behind this type of cognitive dissonance. What I find harrowing is that in all likelihood, this is true for myself as well in ways that I'm not aware of!

Your point about denial also reminded me of an article a read a couple years ago, attempting to explain why humans deceive themselves. The soft conclusion: we deceive ourselves in order to better deceive others. In this case, we convince ourselves that we have the best intentions in order to convince others of the same. I can't find the exact article, but this is similar and refers to the same research by Robert Trivers. It's an interesting read: https://www.scientificamerican.com/article/living-a-lie-we-d...


I'm a good example of this. I'm an ad guy and a marketer, and as such I'm much more intimately familiar with how this stuff works, what it collects, and how it is used than most. I'm also going to expand what I say beyond just the world of apps, because it is really applicable to anything digital these days, whether it is in an app or on the web, because I hate thinking of those things in silos.

To be a successful marketer in this day and age, proper analytics is a non-negotiable requirement. If I was interviewing somewhere and they told me that I had to market and advertise for an app or website, but that I couldn't track things, that would be the end of that discussion. I would be set up for failure from day one. If anyone wants to make a case otherwise, I'd ask that they share their credentials as someone sufficiently experienced and qualified to make such a case, and how they would go about being successful without that data when pretty much any significant digital (or non-digital to an extent) strategy these days requires that data to measure success and optimize for it.

So there's that piece.

As an end-user, this is often a source of cognitive dissonance for me, and it has grown over the years. 8+ years ago, I had very different feelings when people talked to me about what was being tracked and how it was being used. It was less audience-centric, cross-device/channel tracking was not really a thing yet, and we didn't have anywhere near the aggressive tracking that FB and Google have today (even though some of the first signs of that were showing up publicly perhaps).

Today I'm pretty paranoid about the data out there, who has access to it, and how that data can be used, both for anti-competitive business purposes, as well as more nefarious uses, even if unintended (such as via a data breach). I run noscript at home, and Firefox with uBlock Origin at home and on my phone.

I personally don't have an issue with people collecting usage data for improving the product and their business, but there's a weird gray area for me when they start using that data against me for things like dynamic pricing, dark patterns, selling email hashes to cookie onboarding services for retargeting, etc. I also recognize that while I may not have much to hide, I know I'm pretty lucky in that regard compared to others who may not want to be identified by certain means, and I fully respect and appreciate their desires to remain untracked in that way.

For example, I am pretty upset at how Reddit is moving towards increased tracking and verification as they march towards heavier monetization. That's an example of a community with many people who NEED to remain untracked for safety purposes, and that data, were it to fall into the wrong hands, could prove dangerous for them. Likewise, the simple act of forcing the collection of it could turn them away from such a platform which could indirectly cause them harm (suicidal users seeking help, abuse victims, whistle-blowers, etc.).

So where do I net out with all of this and how do I sleep at night? Well, for my part I do what I can to be sensitive to protecting PII, not collecting data that I'm likely to never need, and really weighing heavily the tradeoffs and risks when I implement something like the Google or FB tracking tags anywhere, and what I may pass into them. I also make an effort to set the record straight and educate people on what I know of tracking, and how to best limit collection if you are concerned, because I think it is something everyone should be educated about so they can make those decisions in an informed matter themselves.

I respect that some people hate my profession and think I'm evil, and I'm never going to win those people over, nor do I really feel the need to. But I'll say that to be competitive with marketing a product or service in this day and age, you dramatically hurt your chances of success if you DON'T have some decent tracking, and so the realities of the situation often dictate what happens in many businesses. My guess is the people who have such black and white views haven't ever been tasked with marketing a product in a true professional capacity, and if they have I'd love to hear their stories and what led them to their views.


Thanks for your input.

I think the best thing you could do here is to set your moral compass and follow it no matter what. That includes speaking up when the line between "market research" and "surveillance" is crossed under your watch. The fact that you aren't a mindless revenue robot (I have worked with them) is a good start.


One cannot follow their moral compass in an abusive industry - they cannot change their environment, the environment changes them.

The only thing OP can do is quit, but let's be honest here... they've been in the industry for a while and they're ok with what's happening.

How do I know that? Tomorrow they'll go to work and they will work on ads and tracking. Always follow what people do, not what they say. Posting on HN is cheap.


True. Thanks for keeping me honest.

The irony is that most people, including me, would be willing to sign up for limited tracking if and only if we had transparency and strong guarantees about data governance, sharing, deletion, and ultimate/final control by the person being tracked. The ads really are better. But greed is greed, and people can't help themselves.


I worked on a growth team so I confirm that you need data, but you can do a lot with agregate data. For example, you can run a campaign and see how that influences high-level metrics like total pagelands (using some kind of first-touch attribution model) and stuff like that. You don't always need individual user data points.

I agree that most of what I care about is typically aggregate anonymous (to me) data.

The nuance here though is that this data is often NOT anonymous or aggregate to the 3rd parties providing this tracking and collecting this data. Google and FB absolutely apply this data to an individual profile level. So while I might only see the anonymous aggregate data, my decision to include their tracking means I am making a decision on behalf of my users/visitors to share that data to parties for whom it will not be anonymous or aggregate, and it isn't a decision I take lightly.

There is obviously legal protection in the form of Privacy Policies and ToS, but I feel there's an implicit social contract here as well.


> I am making a decision on behalf of my users/visitors to share that data to parties for whom it will not be anonymous or aggregate, and it isn't a decision I take lightly.

A suggestion: that decision should be evaluated under the assumption that:

1) data doesn't go away (any data collected or sent to a 3rd party is usually permanent)

2) theft and accidental leaks happen, and

3) we don't know the worst ways data - of any type - can be abused, because those techniques haven't been invented yet (powerful analysis techniques are being invented at an incredible rate).

The combination of these properties means that collecting and storing data creates unbounded risk. At any point in the future someone might invent a truly horrific way to abuse the stored data that was collected perhaps decades earlier.

Humans are used to information being transient. Information decayed over time as memories were forgotten, paper/parchment/etc decayed over time. Books had to be copied to they risked being lost forever when the library burned. Claude Shannon's digital signals fundamentally changed all of that as they made it possible to automatically preserve information perfectly. Unfortunately, human intuition hasn't caught up to the idea of permanent data.

The question "Should I trust $THIRD_PARTY with this data?" misses the full nuance of what is actually being risks. A better question is "Should we trust $THIRD_PARTY and anybody who buys/steals/subpoenas/etc it from $THIRD_PARTY with this data? What if they have analysis capabilities far more advanced than current techniques?".


> My guess is the people who have such black and white views haven't ever been tasked with marketing a product in a true professional capacity

This is so, so true and in such a broad way. I've had this thought gnawing at me for ages that these people who are doing seemingly evil things (think James Comey, Ajit Pai) have likely been tested in ways I never have. Who knows how I would handle being in their situation? I don't think it excuses or absolves true wrongdoing, but it does give me some sympathy or at least reasonable doubt of malice. This an elementary concept, but it never seems to get mentioned.

To be clear, I'm not one of the people who categorically hates your profession. I'm an advocate of privacy, I avoid most types of social media, use uBlock, etc. But I can see it being hard to figure out where the line is, and how to not cross it. I've never worked in the consumer/media/ads world and had to face the "what to track" dilemma head-on.


You can turn that argument on its head: you've never worked in consumer/media/ads because it's an abusive industry which self-selects for certain types of individuals that don't care about the privacy of others.

Nowadays they notice the public's displeasure and feel obliged to pay some lip-service, right before going back to abusing the trust of their customers.

I understand it's hard for marketing professionals to resist with so much pressure coming at them. That's why I think they should be supported by laws forbidding their abusive practices. Then it should be much easier to say no. Bonus: shostack wouldn't be bothered by all that cognitive dissonance.


If you really cared about privacy you would have quit your job and would have found a decent way of making a living. You’re just making excuses and you’re trying to elicit sympathy.

It costs next to nothing to add a toggle in an app which disables analytics. If the company’s too lame to have an on-boarding screen where they ask the user for permission, they could even hide it in the settings.

And yet almost no companies do any of the above, because the only thing they care about is money. Crushing these abusive marketing efforts with regulation is the only workable solution, we've already seen what the industry's best effort looks like with "Do Not Track".


I've seen apps that asked me to submit a crash report. That seems like a better solution than monitoring all the data all the time.

But I don't think it is REALLY about improving the app.


Everyone has bills to pay, I understand. You're not doing anything really evil like joining the SS.

I can’t say I’m thrilled with using Crashlytics in my own iOS apps, but I’m not aware of any better options when it comes to crash tracking. A handful of crashes come in through Apple’s opt in crash report sharing but when compared to the data I’m getting from Crashlytics, it’s clear that a lot of info is missing. If I relied only on manually submitted bug reports and what Apple is telling me, I never would’ve come to know about many of the bugs I’ve fixed. Better testing could’ve caught some of them, but many just won’t surface in any other place except out in the wild.

Is increased privacy worth decreased stability? I won’t claim to know the answer to that question, but I suspect it’s more murky than some think, especially when you have paid customers who expect a throughly solid product for their money.


It's not privacy vs stability, that's a favourite red herring around here.

The problem is your development process is not capable of producing stable enough software. I don't know why that's the case, but you should work on that first.

Deming: "Inspection does not improve the quality, nor guarantee quality. Inspection is too late. The quality, good or bad, is already in the product. As Harold F. Dodge said, “You can not inspect quality into a product"". This goes even more for crash-reporting quality into a product.


I see what you’re getting at, but the reality is that there’s only so far massaging and rethinking your process can take you. No matter what you do, some number of bugs are going to find their way through. There’s going to be unforeseen combinations of variables and edge cases you’d never predict. The best one can ever do is reduce the frequency of occurrence to a minimum. Bugs are an inevitability, and I’d rather not be at the mercy of my users when it comes to finding out about them.

What alternatives are out there for mobile developers?

Is there an open source Android and/or iOS equivalent allowing self-hosting analytics like Piwik does for web (without a 3rd party)? Piwik does ship an Android SDK; anyone have experience to compare to 3rd party options?

https://github.com/piwik/piwik-sdk-android

Hat tip to user johnny_and1 for mentioning ACRA for Android crash reporting elsewhere in this thread. Are there any similar libraries for iOS?

https://github.com/ACRA/acra


This is completely normal, just like any (web,ios) app, apps are generating analytics point to know how the app is doing, and where to improve. If an app doesnt have a 3rd party analytics tool, you can be almost certain they are using an inhouse tool.

These tools never really track individual users outside of the app context.


Legal | privacy