I really appreciate that the project is not abandoned and there will be new releases
I’ve already seen the new Android version and like the clean look and the dark mode
Unfortunately the new version also includes trackers and sends data to Google servers which is a no-go for me. I don’t want to get tracked within apps I’m using – especially not if the apps are syncing only with my own self-hosted infrastructure.
As I never gave my consent to any of this, to me thats a clear breach of the GDPR in european countries. For now I was able to disable them using App Manager and RethinkDNS on Android but this is not possible for everyone (technical know-how, non-rooted and Apple devices).
Maybe you overthing this kind of decision as I’m sure people using Everdo might be more privacy-aware than the average user and this might be a show-stopper.
As part of Everdo’s commitment to improve application stability, the new version of the Android app includes a library that provides crash reporting through Google’s Crashlytics service. The analytics change coincided with the dark mode update because of how big and risky it is. The choice of Google for this is motivated by the quality of their integration with Android apps and rollout process. Something else could be used instead, like Sentry, but it’s still essentially automated crash reporting. The crash reports don’t include any user identifiers or data created by users. They just show technical things like which screen or button caused the crash. This has nothing to do with Google’s advertising and user tracking infrastructure.
Not to derail this topic too much but I want to clarify this. Not all data processing must rely on user consent. In particular, the collection of crash analytics data is in line with GDPR Article 6(1)(f) under “legitimate interests” since it directly benefits the users through improved application stability and it doesn’t collect more data than necessary for this purpose.
My understanding of privacy protection might differ from yours here.
I totally understand the necessity of some kind of “backchannel” for developers to debug their apps while running in the wild. So this is nothing I’m arguing against. But I do not get why this is neither opt-in nor opt-out. If I would not prevent this with third party apps the new Android version would always contact Google servers for whatever reason and this is not how I interpret privacy protection.
As the GDPR is for protecting personally identifying data (which IP addresses are) every contact to Google servers sends personally identifying data to them. This is a fact.
The “legitimate interests” in article 6 (1)(f) of GDPR is something which can be interpreted broadly and every party will find reasons to make their decision look like its “the right one”. At the end its your app, your company and you decide.
I just wanted to point out that any kind of implementation which sends user data without any notice, user consent or the possibility to opt-out significantly reduces trust for me. There are plenty of (especially FOSS) apps out there which showcase how "privacy protection and user data collection” can be “done right” - for example by starting to send data to third parties only after user consent.
So at the end for me this is also a question of how much someone respects a user and if he prioritizes the souvereignty of users over (personal) goals.
I think it’s a bit unfair to frame it this way. Personally I would prefer to have none of this data and there are easier ways to improve app profitability than to hunt for crashes. When making the choice to collect crash data, the balance is between the benefit to the users from the increased quality vs the small privacy impact given the nature of the data being collected.
At the same time I agree that there should be a setting to disable crash reporting. This will be implemented.
This was not meant to personally insult you, sorry if I sent signals like that.
I don’t really get why you are talking about profitability here. My concern was about privacy, not profitability.
As this is your perspective I’m fine with what you are saying. I just shared mine to let you know that I personally DO care about every little piece of data being shared with big companies. So for you it might be just “crash data”. For me it’s another brick in the wall making big for-profit companies “stronger” and more relevant – apart from the privacy issues I already pointed out.
And that’s why I always would let the user decide if he wants to share this kind of information or not and not just start connecting to third-party servers sending them unknown data.
