Remove Countly tracker library.

[EvanCarroll]

Because of the nature of the Flipper Zero, it seems like it should show no tracker libraries. Currently TrackerControl Android identifies Countly in the android app. It would be nice if there was a build switch to build without this, at least for F-Droid.

The metric gathering is done in MetricApiImpl

It seems like it's posting to this site, https://countly.lionzxy.ru/ which doesn't seem to exist. I'm guessing this resolves locally for development and gets set in Gradle when building

This telemetry is used in the calls to reportSimpleEvent and reportComplexEvent, which are used in things like the MiFare screen. It sounds unwise and incriminating to have a third party with all the metadata (ip, timestamp) of when they were using RFID functionality of the Flipper.

---

Aside from the normal privacy concerns, Countly goes on to say in their privacy policy,

We will refuse government and law enforcement requests for data if we believe a request is too broad or unrelated to its stated purpose. However, we may cooperate if we believe the requested information is necessary and appropriate to comply with legal process, to protect our own rights and property, to protect the safety of the public and any person, to prevent a crime, or to prevent what we reasonably believe to be illegal, legally actionable, or unethical activity.

So they could presumably "cooperate" with any "request" (not even a subpoena) from the "government and law enforcement" (not specific to the ones that have legal jurisdiction over them) handing over data if they believe the activity is merely "unethical". And without notification. That's a pretty low bar.

[LionZXY]

First of all, it is worth mentioning that all collected information is completely anonymous and does not contain user data. From the collected information it is impossible to recover the user's data or his identity. Secondly, it is worth noting that the next build of FDroid will no longer contain metrics, this is the responsibility of the environment variable "ORG_GRADLE_PROJECT_is_metric_enabled".

You can verify the purity of the metrics, since all of our code is open-source and the builds are reproducible

[EvanCarroll]

Ah, thanks for the info about the F-Droid! I only bought the Flipper after I saw the F-Droid app and because I needed a TV Remote for the bar.

But I do think you should reconsider your audience because people may get actual jail time for this. It's a whole different charge from mere trespassing to having used a criminal instrument in the act of trespassing. One of them is felony. Knowing you opened the RFID screen on the Flipper App will put you in felony territory.

And I can't see really why this information is needed. Why does the RFID screen need metric collection?

From the collected information it is impossible to recover the user's data or his identity.

I'm not sure how this can be true. A cell phone provider will tell a court the IP address of the cell phone and a break down of the traffic during 5 minute blocks of time. The IP address and this database is sufficient to implicate a user in a crime.

[EvanCarroll]

@LionZXY F-Droid is still showing telemetry is enabled on the build,

https://f-droid.org/packages/com.flipperdevices.app/

Anti-Features This app has features you may not like. Learn more! This app tracks and reports your activity

[Wjxfi]

@LionZXY I don't want to download your app because of this. Please remove it from the f-droid build.

[EvanCarroll]

@Wjxfi don't be a dick, @LionZXY has quite obviously tried to remove the tracker libraries for just us F-Droid users. It seems like he is trying though not successful. I also want the trackers removed. F-Droid is doing the right thing by saying that there are trackers. And @LionZXY seems to be doing the right thing by acknowledging this is something at least some of his users are very passionate about and trying to scrub them.

The real take away here is that F-Droid is adding tremendous value by at least pointing out that there is potentially incriminating telemetry on the app. Moreover, for the time being you can use TrackerControl to block the telemetry.