"Analytics
Our iOS application can send analytics to our analytics providers: Segment and Amplitude. We do not track or store any personal information in our analytics. Instead, we ask Apple to generate a unique deviceID which we use as a unique token for analytics purposes. Our analytics are 100% anonymous."
I feel like a unique ID isn't enough to protect your identity from an analytics provider, especially if they're receiving analytics on you from multiple sources.
Exactly. They just have to correlate device type & OS version & IP address & date/time to have a pretty good idea of which other apps (& their “unique” IDs you have).
The more they do it the more they can narrow it down, until they reach the point where they have a set of IDs that only ever come from the same device/version, IP address as well as very similar times of day.
No, because we've designed protection against collecting IP address, device type and OS. We don't use any SDK from Segment, Amplitude, or any third party analytics. Our iOS app only sends a device UUID, an event name (user:opened:app) and some event properties (not personal information). Someone should feel free to reverse-engineer our network requests to confirm what I'm saying.
Also, let's talk about IP address.
We have a CloudFlare worker that sits between our app and our analytics proxy (which role is to send data to Segment). And this worker from Cloudflare is a piece of code that removes the user ip address from the request made to our proxy, hosted on Heroku.
How can I confirm what you are saying is true regarding the IP address, other than taking your word for it (I heard that worked great with Facebook)?
Why does your privacy policy mention third-party analytics then? Why do you mention “Segment sends the data to Amplitude” in another one of your comments if you claim here that you don’t use any third-party analytics service?
Also, just wondering - why do you need to send anything in the first place? People have been building software just fine for decades before this whole “analytics” plague started going around, and I didn’t notice software quality being improved by it (if anything software has gone significantly downhill).
1/ What do you mean confirm what I'm saying for the IP address exactly?
2/ I said we don't use any (mobile) SDKs from 3-parties analytics, but we do use their backend (Segment, Amplitude). We send the requests from our anonymous proxy directly to their servers.
I was worried that mobile SDKs would leak other data (iOS version, device size, ...) that I don't want to know about. And as a general rule we don't like to use SDK/code from 3parties for security reasons.
3/ We use analytics to track how many users are using the app, and how many users are using the cleaning features. This data does help us to make strategic decisions.
1) I mean how can I prove what you’re saying is true as a user? As far as I’m concerned the app is sending a packet to a domain name you control. Nothing guarantees me this is actually a Cloudflare server running your code to remove my IP address. Ten years ago I would’ve just trusted you, but in today’s day and age where everything tries to stalk you in one way or another with full impunity, trust no longer exists.
2) Good thinking!
3) Doesn’t the App Store give you stats on how many people downloaded their app?
Also I’m concerned about “strategic decisions” - so it’s a business behind this app then. What’s the business model? Last time we had a business claiming to unsubscribe you from newsletters... turns out they were actually sharing data with marketing companies, so I’m rightfully concerned.
1/ I’m thinking about ways to have trustable 3-parties audit us. Open for more ideas. What do you think?
3/ yes, unroll.me made the wrong calls. But for Jumbo we can’t even access your data, everything happens client-side. You could say that at some point the client will upload all your to our cloud, but that’s really not going to happen. Again, here, how to trust us? First, audits. Second, my reputation. Third, independent researchers would reverse engineering our app, and look at the networks call made. Open for more feedback
Our business model is the one of Dropbox. Pay (you or your employer) for more features.
1) your idea would probably be a lot more costly (you have to pay for the audit after all) and even then some people still wouldn’t trust it. Maybe just design your product in such a way that there’s nothing to audit? People have built software & successful businesses around that for decades without the “analytics” cancer, so please don’t tell me that you can’t do the same.
If your model is a good old “pay for good software” model, then why not just ask what features people want? Why do you feel the need to stalk what people do instead of politely asking?
And where does Segment send it to? My experience with Segment is that it's not an analytics tool, but rather a tool that provides a single API for sending data to your fifteen different analytics tools.
I'm wondering what ID they use?
If its identifier for vendor[0] then Segment (or any other analytics providers) would have more trouble connecting the dots to figure out who the person is. This is because per vendor, the ID changes.
If its the advertiser identifier[1], they can track across apps, however this is an easy fix by enabling "Limit Ad Tracking" in settings, which causes the ID to be all 0s.
What fingerprint? We don't send device OS, IP address, geolocation... Impossible to do fingerprint from only a device UUID that does not means anything.
Device UUID will still leak an usage pattern. For example, if an UUID is active in the morning and in the evening during the week but at random times during the weekend you can infer that they are working, their approximate working hours and the fact they are not working on weekends.
Just a simple example - I’m sure a data scientist can do a lot more magic given enough data.
Usage patterns can be unique enough to track the same user across different services, some of which may have the user’s PII and thus a link to the user’s identity.
Could be a good idea to send events in batches, so the app collects event counters locally and only sends it in bulk every few days (exact interval being random). That way there’s no specific date/time associated to events, just that “for the past 3 days the app has been opened X times”.
Apple actually does a really good job of making it hard for developers to track a specific device (if they want to get approved for the App Store, that is).
Correlating device type & OS version, IP address and time of access is a pretty good way to connect the dots between “anonymised” IDs. If the same IDs always show up in quick succession from the same IP and device type/version chances are it’s the same person just checking multiple apps on their phone. Time of access and IP address can be used to infer where the person lives (to a certain degree or accuracy), when they are working, etc.
"Analytics Our iOS application can send analytics to our analytics providers: Segment and Amplitude. We do not track or store any personal information in our analytics. Instead, we ask Apple to generate a unique deviceID which we use as a unique token for analytics purposes. Our analytics are 100% anonymous."