search

Medvedev91 / timeto.me

App with pomodoro, checklists, goals, tasks, repetitive, calendar and time tracking.
https://timeto.me
GNU General Public License v3.0
218 stars 13 forks source link

Internet permission should not be required #5

Closed mariobrostech closed 6 months ago

mariobrostech commented 7 months ago

Hi,

I’m really liking this app, but one thing struck me as odd: when I went to install it on my Android device, it requested access to the Internet permission. I’m not sure why such a permission is required because there doesn’t appear any in-app functionality to warrant network access, and even if there were, I’d argue that a time-tracking app that usually handles sensitive information shouldn’t require such a permission anyway.

Could you please elaborate as to whether this permission is requested intentionally and, if so, why it is required? Again, for the purposes of maintaining user privacy and trust, if the feature isn’t significant to this app’s functionality, please consider removing this feature and its associated permissions.

Thank you in advance!

Medvedev91 commented 7 months ago

Hi!

Privacy with no compromise is one of the principles I follow. Time-tracking and task management is super sensitive information. No one should have access to it.

The app never sends any personal information! The only thing the app sends is technical data.

Technical data is used for bug reports and gives me information how many people are using the app (this is the only thing that motivates me to contribute to open source).

Here you can check which data the app sends: https://github.com/appstome/timetome-app/blob/a6fd059eb19bd82160da6abf7e8481113e0ee051/shared/src/commonMain/kotlin/me/timeto/shared/utils_kmp.kt#L100-L107

If you don't want to send even this data - use F-Droid builds.

mariobrostech commented 7 months ago

Alright, that’s totally fair and understandable; I just wanted to be sure it wasn’t being relied upon for any functionality beyond telemetry. However, I did have a few more questions relating to this.

First off, if this telemetry isn’t included in the F-Droid build, is it possible for you to remove the Internet permission from the fdroid build flavor? Having this permission present in F-Droid builds seems redundant if it isn’t being utilized at all. Perhaps this will also give users from F-Droid reassurance that the app isn’t trying to do anything in the background.

Secondly, if this telemetry is being collected in the base app, is it possible for you to:

  1. Show a dialog on first launch that summarizes what data is being collected and provide an option to opt-out. This should include a link to the Privacy Policy to clarify general data collection practices.
  2. Include a link to the privacy policy (which is already shared on the App Store and Google Play) within the app’s settings page for those who are interested to learn more.

I know that this might not be your top development priority, but I believe this is important to establish knowledge and trust among your users. Thanks in advance, and I hope that you’ll consider implementing these changes for the benefit of those concerned about their privacy.

Medvedev91 commented 7 months ago

Yes, optional telemetry is also in the backlog.

I don't send telemetry for F-Droid unless it is optional to follow https://f-droid.org/en/docs/FAQ_-_App_Developers/#can-i-track-users-from-my-app

Medvedev91 commented 7 months ago

Anyway, if you really want to get rid of intenet permission, you can remove it from here https://github.com/appstome/timetome-app/blob/a6fd059eb19bd82160da6abf7e8481113e0ee051/android_app/src/main/AndroidManifest.xml#L4

and build fdroid flavor https://github.com/appstome/timetome-app/blob/a6fd059eb19bd82160da6abf7e8481113e0ee051/android_app/build.gradle.kts#L27-L35

mariobrostech commented 7 months ago

Alright, thanks for clarifying. I presume that you want opt-in telemetry to be an option in the F-Droid build once you implement the mechanism to do so? I'd work on contributing a patch to remove the Internet permission for the F-Droid build, but if you're just going to add it back in a few releases, I don't think it'd be a good use of my time. Just let me know what your plans are, and we can go from there.

Medvedev91 commented 7 months ago

Yes, I plan to add opt-in telemetry as soon as possible for all flavors.

For now, I'm working on a "calendar-like" calendar (instead of simple list). I'll try to make it before the third quarter moon (Feb 3).

mariobrostech commented 7 months ago

Okay, thanks for the quick reply! Would you like me to close this issue, like I sis with the other one, or should I keep this open until you've implemented the opt-in telemetry?

Also, the calendar interface sounds very interesting, and I'm very interested to see how that would work! Good luck with it 🙂

Medvedev91 commented 7 months ago

For this kind of task, it's better to leave the issue open. This will motivate me to solve the issue sooner :)

Medvedev91 commented 7 months ago

The new version with calendar and optional telemetry is ready.

For Google Play and the App Store, it's already published. F-Droid will take time, but you can download the apk https://github.com/appstome/timetome-app/releases/download/v2024.02.13.480/fdroid-release.apk

Medvedev91 commented 6 months ago

Starting today on the F-Droid