Some period tracking apps will share your data. Stay safe, use one from @fdroidorg without Internet permission.
Possible options are:
All of these apps don't ask for internet permission and thus can't share your data. Drip goes the extra mile and explicitly opts out of Android's backup framework so your data won't be backed up on Google servers.
Please boost for those who need it!
@malte @SylvieLorxu @fdroidorg
In their website why does it say "previous version" under the F-Droid download link ? Are they not updating the F-Droid package anymore ? If that's the case then someone should let them know, the F-Droid version is very important for protecting people's privacy & freedom, F-Droid can even work on the Tor network to prevent ISPs from snooping on user's data.
@futureisfoss @malte @fdroidorg Looking through issues, they seem a bit understaffed, the Google Play release is also almost a year and a half old. Luckily, with an app that is fully offline, there is no real security concern with a lack of updates.
I am not completely sure what the exact issue is, but I found these related issues:
@andrej @fdroidorg Yup! And I believe they're allowed to force you to unlock the device with your finger, but not with your code (see https://www.androidauthority.com/open-sesame-police-can-unlock-smartphones-using-fingerprint-totally-legal-now-690684/).
So yes, you should always use PIN unlock on your device. Good point!
@inference @fdroidorg @SylvieLorxu Ah, thanks for explaining. Is this feature turned on by default or is it opt-in ? I know a lot of people who uses their google account to backup their contacts and stuff, I hope that's different from this android backup thing, because I don't think they want all their app data to be backed up.
@inference @fdroidorg @SylvieLorxu @futureisfoss To my knowedge this doesn't mean one has to entirely disable it (ALLOW_BACKUP:FALSE) but, at lest with newer Android versions (11+?) the dev can decide to only allow D2D (device-to-device) but not D2C (device-to-cloud). That way backup systems like Seedvault (e.g. coming with LOS) can at least create local backups, while nothing goes to Google (or other clouds) by accident.
@futureisfoss @fdroidorg It is, as most of the Android "syncing with Google" features, easily accidentally enabled without realizing. See https://support.google.com/android/answer/2819582?hl=en for more information and details of how to turn it off.
Google offers 25MB of storage per app, for most apps that will be enough for literally all of its data. For example, in a note app, this would easily fit every single note you made. All apps are opted into this unless they explicitly opt out: https://developer.android.com/guide/topics/data/backup#Choosing
@futureisfoss @fdroidorg As is typical of Google, they went full in on convenience without caring about privacy. And because this is the default, users are used to their settings and data being restored when they switch to a new phone and will get upset if an app doesn't do that (because it opted out). They've created a "doomed if you do, doomed if you don't" scenario and didn't create proper libraries for apps to ask the user what they want.
TL;DR (updated): If you use Android older than version 9 "Pie", Google can get access to your app data through cloud backups, even if the app itself shares nothing with Google. There's also the possibility that Google could be lying about their encryption. #privacy
Because this thread was broken Im adding this post back to the thread as you suggested-
Think, unless your using a real old device, Googles app data backups are all now end to end encrypted and have been for a few years
So, it is important people use Android lock screens!
And even though theoretically your data should indeed be pretty safe, it is still good to be aware it leaves your device as you can never know 100% surely if things on someone else's system are as promised.
@SylvieLorxu can you please list some examples of what apps sharing what data? I'm compiling a list of examples for a seminar about the importance of privacy and risks of unregulated data collection.
@Krash Well, this toot was a response to https://www.vice.com/en/article/y3pgvg/the-1-period-tracker-on-the-app-store-will-hand-over-data-without-a-warrant
However, this is not the first time such a thing happens. See also https://www.wired.com/story/your-digital-trails-polices-hands/ for example, where user data from the app Muslim Pro was sold to US government agencies.
While it doesn't tell you which data is collected and sold, @exodus has an amazing list of which popular third-party trackers are in which apps.
And the problem with apps having internet access is that they can share your data (without you knowing, because let's be honest, nobody reads all the terms and conditions and they're purposefully written to be hard to read). Given abortion is now illegal in many parts of the US, stuff like this is dangerous: https://www.vice.com/en/article/y3pgvg/the-1-period-tracker-on-the-app-store-will-hand-over-data-without-a-warrant
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!