Hacker News new | past | comments | ask | show | jobs | submit login
Forensic Investigation – The Shocking State of Privacy in Safety Apps (parachute.live)
71 points by marinosbern on May 18, 2020 | hide | past | favorite | 13 comments



FYI, this post is essentially an advertisement. The one app found to be the “good” one which doesn’t share data is also the same company that did the research and published the report, which means they could have manipulated any number of data points to get the result that favors them, such as the criteria for what a “top 20” app is, the number of apps to analyze (20), etc.

Feel like it should be disclosed in the title; maybe my fault, but I got pretty far into reading this before realizing it was essentially an ad.


Thanks so much for taking the time to look at this. I absolutely understand your concerns and I would be equally skeptical if I was reading this. Ultimately, anyone is free to repeat this analysis independently and see for themselves. Everything presented in our report is evidenced, recorded and cross-checked very extensively over a long period of time in anticipation of this. You'll also notice that we try to include as many references as possible to independent analyses and articles

Re manipulation of app pool, we searched very extensively both on our own and using outside services like AppFollow and AppFigures to get global rankings and these really were the top 20 we could find. You'll see that by the last one, we are reaching single-digit ratings, so we capped it at that. There are some other apps that match the "safety" keyword, but are not relevant to this study. For example an enterprise app for managing OSHA reports or a passive police scanner. If you can point us to an app that should be on the list, we will happily update this

Re more disclosure, this definitely should be read critically and with the understanding that we are one of the people in the space. From my point of view, I see the word "Parachute" on the URL, nav bar logo and author before getting to the title of the blog post. If you have a suggestion on how to better elucidate this, please let me know. We do believe that companies have the right to shine light on something, even if it's in the space in which they operate, but the reader should be fully aware of this at all times


>If you have a suggestion on how to better elucidate this, please let me know.

Put it in the actual text. I don't necessarily look at urls, navbars, logos, authors.

Prefixing the text with something like the following would go a long way: Notice: This analysis was performed by Parachute, one of the companies competing in this space. We tried to keep it fair and balanced, regardless, and invite the readers to fact-check our statements and data, which we have made available as well.


Done! Thanks so much for suggesting!



Here you go — findings for LiveSafe:

Branch, Crashlytics, DoubleClick, Google Analytics, Google Tag Manager

Our understanding is that it's an enterprise app not available to consumers, which is why we did not list its findings in the report


I don't think this is at all shocking when there's no public awareness, no laws against it outside the EU, no consumer recourse, and no indication that anyone wants to fix it.


Europa is fighting for privacy at least since the 80s with the ratification of its data protection convention and one might believe it to be "an EU thing" because neither the USA nor China care much about it, but there are many other countries that agree and established such laws. Look no further than Argentina, Senegal or Singapore for examples in your region of the world. I believe it is of utmost importance that people understand this "protection of personal data" is not some annoying european law that forces ad-tech to make cookie-banners, it is literally the title of article 8 in the Charter of Fundamental Rights of the European Union. It is, for us, a fundamental human right, and you should demand that it is one of yours, too.


I found an advertising SDK inside the factory installed AVG "antivirus" Android app that could: #Determine the users location #access the phones text-to-speech API's and view any custom words added by the user #access and read anything the user copied/pasted to/from pasteboard (clipboard) #Record audio from the phones microphone


FYI if you're making a list you need to put two newlines after each item, otherwise all the items gets squished into one line. Properly formatted:

#Determine the users location

#access the phones text-to-speech API's and view any custom words added by the user

#access and read anything the user copied/pasted to/from pasteboard (clipboard)

#Record audio from the phones microphone


They are misusing the term "Forensic" which is the application of a science for the purpose of law. Did they do this to further a criminal or civil action? It seems they just did some testing - maybe they have the "investigation" part correct.


I’m not seeing a lot of insight in this article or how the analysis was done. Also, the use of the term forensic bothers me. Does the author understand the meaning of the word? Where’s the crime?


From Parachutes privacy policy:

> GDPR: Parachute’s privacy practices exceed the level set by GDPR and similar legislation. Because Parachute does not install any cookies and does not use any tracking, analytics, marketing or advertising services, it is does not need to display any annoying privacy-related forced consent popup notices.

This is just sad. Ad-tech is pulling all its strings to push public opinion against pro-privacy legislation and you take their story for a ride towards self promotion. Let me reword this for you:

----

GDPR: Parachute believes strongly in the privacy practices set by GDPR and similar legislation but is neither incorporated in any nation with such laws, nor does it subjugate itself to a legal framework of adequacy, with the sole exception of this privacy policy. Privacy Shield Certifications are a scam anyway. Parachute offers a direct contact for privacy related issues, but does not accept the authority of your local data protection agency.Please note that with the ToS you accept the governing Law of the State of New York, and with our second "legal text privacy policy" you explicitly authorize the export of personal information to the USA.

AdTech: The Parachute app does not use any tracking, analytics, marketing or advertising services, including persistent cookies, which would require additional explicit consent. If you are wondering why there is no annoying privacy-related consent gathering popup, that is because we believe in privacy and data minimization and only use what is absolutely essential to provide our service.

Essential Third Party Services: ...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: