PatrykMis
commented
1 year ago After conducting some research, I came across a promising library for crash reporting on Android: ACRA. Considering SpeakTouch's focus on user privacy and security, ACRA seems like an intriguing option. With ACRA, SpeakTouch could potentially have a crash reporting feature without requiring internet permissions, aligning well with our commitment to a minimal and non-intrusive user experience.
It's worth noting that the implementation might involve some manual work, such as creating a custom ReportSender to manage the storage and retrieval of crash reports without requiring internet permissions.
Irineu333
I'm against implementing libraries like Crashlytics into the Speak Touch project, even if they were fully open source. The only thing I would consider is fully libre, open-source software that uses fully free (as in freedom) and open services. Given that Speak Touch is an accessibility service, gathering content from the screen and user input, we must prioritize user privacy and security. Here are some key points from my perspective:
Privacy and Permissions
Speak Touch operates effectively as an accessibility service without the need for additional permissions, ensuring a seamless and trustworthy user experience for individuals relying on screen readers. We should focus on accessibility and usability without unnecessary features that may compromise privacy, user experience, and most importantly, security, as we cannot take full responsibility for the security, bugs, and potential vulnerabilities of used libraries.
Security Risks of Internet Permissions
Introducing internet permissions for an app that handles sensitive user input and screen output poses inherent security risks. We need to be mindful of potential vulnerabilities that could compromise the integrity of the data processed by Speak Touch.
While crash reporting tools are valuable for identifying and addressing issues, they introduce additional risks as they interact with various components of the app. It's crucial to minimize potential attack surfaces, especially in the context of accessibility services. Before opting for internet permissions, let's explore alternative security measures, such as comprehensive code reviews, the use of static analysis tools, and regular monitoring for security updates in the libraries we use.
Legal Compliance
User Trust and Optics
Users, particularly those relying on screen readers, will place a high level of trust in Speak Touch. Security vulnerabilities could have severe consequences for these users. It's essential to prioritize their trust and the reliability of the app.
Other
Some crash reporting services may come with associated costs. Evaluate whether the benefits justify the financial investment.
Alternative Approaches
Considering the privacy and security concerns associated with crash reporting libraries, let's explore alternative approaches for gathering feedback and bug reports. One effective method could be establishing communication channels via social platforms such as Matrix (Element) and/or Telegram (like the group which is unofficially already functional but public). These platforms provide a direct line of communication between users and developers, enabling real-time discussions about issues, feature requests, and general feedback. Additionally, we can implement a user-friendly local bug reporting feature within Speak Touch. This feature would empower users to generate bug reports locally, giving them the option to share, save, or send the report via their preferred email application. This approach not only respects user privacy but also allows for more direct and transparent communication, fostering a collaborative environment between the development team and our users. I'm sure good, FLOSS libraries already exist.