Closed marek22k closed 1 year ago
German forum post from the Threema community about the same issue in their app: https://threema-forum.de/index.php?thread/7215-logger-und-tracker-der-threema-app/
Looks like it can be turned off with an SDK setting: https://github.com/threema-ch/threema-android/blob/29816f75fbbce6b6491ddd13366772d9f8ae9c55/app/src/main/java/ch/threema/app/ThreemaApplication.java#L974-L979
It seems a false positive, Warden will trigger that warning whenever it sees com.mapbox.mapboxsdk
in an app's classpath.
The Warden check is here: https://gitlab.com/AuroraOSS/AppWarden/-/blob/master/app/src/main/assets/trackers.json#L1460
Thing is we don't use MapBox in Element Android. We use MapLibre which is a fork of MapBox which, among other things, removes the telemetry code. MapLibre still uses the same package names from MapBox so Warden will trigger a warning because that classpath is actually there. But there's actually no telemetry in the source.
Thanks for the answer!
Filed this to report the false positive: https://gitlab.com/AuroraOSS/AppWarden/-/issues/25
Steps to reproduce
Install element from F-Droid, use a tracker scanner like Warden.
Outcome
What did you expect?
No trackers
What happened instead?
MapBox Tracker
Your phone model
FP4
Operating system version
CalyxOS 4.7.5 Android 13
Application version and app store
1.5.28 F-Droid