
Forensic Investigation – The Shocking State of Privacy in Safety Apps - marinosbern
https://parachute.live/blog/forensic-investigation-the-shocking-state-of-privacy-in-safety-apps
======
p49k
FYI, this post is essentially an advertisement. The one app found to be the
“good” one which doesn’t share data is also the same company that did the
research and published the report, which means they could have manipulated any
number of data points to get the result that favors them, such as the criteria
for what a “top 20” app is, the number of apps to analyze (20), etc.

Feel like it should be disclosed in the title; maybe my fault, but I got
pretty far into reading this before realizing it was essentially an ad.

~~~
marinosbern
Thanks so much for taking the time to look at this. I absolutely understand
your concerns and I would be equally skeptical if I was reading this.
Ultimately, anyone is free to repeat this analysis independently and see for
themselves. Everything presented in our report is evidenced, recorded and
cross-checked very extensively over a long period of time in anticipation of
this. You'll also notice that we try to include as many references as possible
to independent analyses and articles

Re manipulation of app pool, we searched very extensively both on our own and
using outside services like AppFollow and AppFigures to get global rankings
and these really were the top 20 we could find. You'll see that by the last
one, we are reaching single-digit ratings, so we capped it at that. There are
some other apps that match the "safety" keyword, but are not relevant to this
study. For example an enterprise app for managing OSHA reports or a passive
police scanner. If you can point us to an app that should be on the list, we
will happily update this

Re more disclosure, this definitely should be read critically and with the
understanding that we are one of the people in the space. From my point of
view, I see the word "Parachute" on the URL, nav bar logo and author before
getting to the title of the blog post. If you have a suggestion on how to
better elucidate this, please let me know. We do believe that companies have
the right to shine light on something, even if it's in the space in which they
operate, but the reader should be fully aware of this at all times

~~~
rndgermandude
>If you have a suggestion on how to better elucidate this, please let me know.

Put it in the actual text. I don't necessarily look at urls, navbars, logos,
authors.

Prefixing the text with something like the following would go a long way:
_Notice: This analysis was performed by Parachute, one of the companies
competing in this space. We tried to keep it fair and balanced, regardless,
and invite the readers to fact-check our statements and data, which we have
made available as well._

~~~
marinosbern
Done! Thanks so much for suggesting!

------
smolder
I don't think this is at all shocking when there's no public awareness, no
laws against it outside the EU, no consumer recourse, and no indication that
anyone wants to fix it.

~~~
Jon_Lowtek
Europa is fighting for privacy at least since the 80s with the ratification of
its data protection convention and one might believe it to be "an EU thing"
because neither the USA nor China care much about it, but there are many other
countries that agree and established such laws. Look no further than
Argentina, Senegal or Singapore for examples in your region of the world. I
believe it is of utmost importance that people understand this "protection of
personal data" is not some annoying european law that forces ad-tech to make
cookie-banners, it is literally the title of article 8 in the Charter of
Fundamental Rights of the European Union. It is, for us, a fundamental human
right, and you should demand that it is one of yours, too.

------
sloshnmosh
I found an advertising SDK inside the factory installed AVG "antivirus"
Android app that could: #Determine the users location #access the phones text-
to-speech API's and view any custom words added by the user #access and read
anything the user copied/pasted to/from pasteboard (clipboard) #Record audio
from the phones microphone

~~~
gruez
FYI if you're making a list you need to put two newlines after each item,
otherwise all the items gets squished into one line. Properly formatted:

#Determine the users location

#access the phones text-to-speech API's and view any custom words added by the
user

#access and read anything the user copied/pasted to/from pasteboard
(clipboard)

#Record audio from the phones microphone

------
7174n6
They are misusing the term "Forensic" which is the application of a science
for the purpose of law. Did they do this to further a criminal or civil
action? It seems they just did some testing - maybe they have the
"investigation" part correct.

------
ajphdiv
I’m not seeing a lot of insight in this article or how the analysis was done.
Also, the use of the term forensic bothers me. Does the author understand the
meaning of the word? Where’s the crime?

------
Jon_Lowtek
From Parachutes privacy policy:

> GDPR: _Parachute’s privacy practices exceed the level set by GDPR and
> similar legislation. Because Parachute does not install any cookies and does
> not use any tracking, analytics, marketing or advertising services, it is
> does not need to display any annoying privacy-related forced consent popup
> notices._

This is just sad. Ad-tech is pulling all its strings to push public opinion
against pro-privacy legislation and you take their story for a ride towards
self promotion. Let me reword this for you:

\----

GDPR: Parachute believes strongly in the privacy practices set by GDPR and
similar legislation but is neither incorporated in any nation with such laws,
nor does it subjugate itself to a legal framework of adequacy, with the sole
exception of this privacy policy. Privacy Shield Certifications are a scam
anyway. Parachute offers a direct contact for privacy related issues, but does
not accept the authority of your local data protection agency.Please note that
with the ToS you accept the governing Law of the State of New York, and with
our second "legal text privacy policy" you explicitly authorize the export of
personal information to the USA.

AdTech: The Parachute app does not use any tracking, analytics, marketing or
advertising services, including persistent cookies, which would require
additional explicit consent. If you are wondering why there is no annoying
privacy-related consent gathering popup, that is because we believe in privacy
and data minimization and only use what is absolutely essential to provide our
service.

Essential Third Party Services: ...

