Hi All
That would be my first post, following a surprise discovery about the duckduckgo App privacy blocker reporting the openHAB Android app trying to send quite a load of personal information to google, as shown below, on tha DDG app screenshot
This seems quite new for me, has anyone noticed similar behaviour or would know why these data are sent though the app ?
Best regards,
Lvmt
Hi,
the app uses Googles FCM for crash reporting, but the data send there doesn’t include your physical address (e.g. postal code). For Sitemap webview widgets Google Maps is used, which might leak information to Google, if you use it.
I don’t know how DDG creates this report, but it seems wrong to me. If you want to avoid Google, don’t use the Play Store and download openHAB from F-Droid, where both Google dependencies have been replaced: openHAB | F-Droid - Free and Open Source Android App Repository
Thank you for the feedback ! I’ll try the Fdroid version and watch the DDG logs.
Best
After a week of the F-Droid version, there are no more reports from DDG!
Thanks a lot !!!
I don’t know where from did the tracking come, I don’t use the webview and I can’t recall regular crashes.
Best,
LM
Would it also not send anything to google if we simply disabled crash reporting?
And is crash reporting disabled by default?
I do not remember if I disabled it manually or not.
In any case we can’t disable/remove FCM because it’s used for notifications. Whether or not or what kind of data the FCM lib sends once enabled unfortunately is completely out of our control. Large amounts of data in the OP screenshot definitely is not needed for either notifications or crash reporting, but on the other hand, we don’t know whether the output of the app is legit either.
My first post was wrong: FCM is used for push notifications and Firebase Crashlytics is used for crash reports. You can disable Crashlytics in the app settings.
But there’s also a more basic version of crash reports when not using Crashlytics in the Play Store Console (the place where you can manage your app). According to View crashes and application not responding errors - Play Console Help the user needs to opt-in to enable these reports.
Who knows which data is sent to Google by using the Play Store anyway…
Another option that I have been using for over a year now is a project called obtanium.
It allows you to easily download, compile and install directly from the github source pages.
It’s as easy as copying and pasting the github url and then the app will be updated/maintained via obtanium, just like an app store.
I have the openhab app installed that way, along with nearly all my apps.
If you look around, people have concerns about the way apps are signed on the f droid repos. Not saying it’s a problem specifically with the openhab app, but might be a good idea to read around before switching anything and everything you use over to the f droid repos.
I still use the f droid repos (with droidify as a front end), as sometimes the obtanium app can’t resolve a valid install method from a github. For example I have OsmAnd+ installed through droidify. It’s a map/gps app with locally stored map data.
