Privacy Warning: Bus Deployment Checker App
-
SECURITY NOTICE:
Please note that if you are using the android app "Bus Deployment Checker", your personal information WILL be sent to the developer.
This includes:1. Email address
2. Phone number
3. IMEI (serial number) of your phone
4. Phone model
If you are concerned about your privacy, please DO NOT install this app.
This also infringes the PDPA legislation.
To the developer: Kindly remove the communication of personal identifiable data (your license checking), u don't need it for the app to work. Great job on the functionality though.
-
Glad my phone doesn't run on Android...
-
Hi, developer here
I needed a way to get more detailed stats on the usage of the app (unique users, device info etc) as the google developer console is vague at best, but in hindsight, this probably wasn't the brightest idea.
The license checking is actually done by Google. I do not keep track of any licesing information at all.
Also, I think this does not violate PDPA in any way whatsoever. If you can provide evidence to the contrary, I'll be happy to look into it.
I'll look into other ways of getting the info I need without violating the privacy of the users.
If you have any suggestions, please do provide them.
Thanks!
-
Originally posted by Bus Stopping:
SECURITY NOTICE:
Please note that if you are using the android app "Bus Deployment Checker", your personal information WILL be sent to the developer.
This includes:1. Email address
2. Phone number
3. IMEI (serial number) of your phone
4. Phone model
If you are concerned about your privacy, please DO NOT install this app.
This also infringes the PDPA legislation.
To the developer: Kindly remove the communication of personal identifiable data (your license checking), u don't need it for the app to work. Great job on the functionality though.
Never tried though, but thanks for the notice..
-
Originally posted by matthew5025:
Hi, developer here
I needed a way to get more detailed stats on the usage of the app (unique users, device info etc) as the google developer console is vague at best, but in hindsight, this probably wasn't the brightest idea.
The license checking is actually done by Google. I do not keep track of any licesing information at all.
Also, I think this does not violate PDPA in any way whatsoever. If you can provide evidence to the contrary, I'll be happy to look into it.
I'll look into other ways of getting the info I need without violating the privacy of the users.
If you have any suggestions, please do provide them.
Thanks!
Currently, i observe that this is being communicated through to your webapp at azure.
Perhaps one of the easiest way u could do this is by putting the email + imei (these two should be unique enough) thru a sha256 hash instead of sending the full data to your webapp. This should prevent any storage of personally identifiable info.
That along with the phone model should be enough for identifying unique users?
-
Thanks for the suggestion!
The thing is that I use the email to identify unique users, and imei/phone number to identify a unique device. However, I agree that the data should be hashed. I'll look into hashing the data for starters, thanks!
-
-
Thanks!
-
Are you the developer?
-
Originally posted by ^tamago^:
Are you the developer?
Mettew5025is the devaloper