remove / reduce count of trackers

[nk4044]

Recently I was a bit shocked about this report: https://reports.exodus-privacy.eu.org/en/reports/59131/ [1]details add below

Is there any chance to reduce the amount of trackers or remove them all?

Other appreciated example osm-navigation map-apps are:

• magic earth (0 trackers) https://reports.exodus-privacy.eu.org/en/reports/63809/
• osmand (0 trackers) https://reports.exodus-privacy.eu.org/en/reports/58653/

[1] 16 trackers AppsFlyer Facebook Ads Facebook Analytics Facebook Login Facebook Places Facebook Share Flurry Google Ads Google Analytics Google CrashLytics Google DoubleClick Inmobi Moat myTracker PushWoosh Twitter MoPub

[burivuh]

This report is incorrect.

Limited tracking is done by:

1. Facebook SDK: used for paid traffic and analytics. There's no way of disabling it if we need non-organic audience growth.
2. Flurry SDK: used for product analytics only since some very old times. We are thinking about throwing it away, but in terms of year or two.
3. Google CrashLytics (Fabric) SDK: used for crash reports only, no additional data is provided, not a "tracker" in general.
4. Appsflyer SDK: used for deeplinking only, no additional data is provided, not a "tracker" in general.
5. myTracker SDK: used for product analytics as it is de-facto standard internal statistics for all My.Com projects.
6. PushWoosh SDK: used for push notifications only, no additional data provided, not a "tracker" in general.
7. MoPub SDK: used for ads serving mediator, no personal data provided.

Others SDK are non-existant (Inmobi, Moat, Google Analytics) in our app, are not trackers at all (Facebook Login and so on) or are disabled (Google Ads and so on).

[dimqua]

I personally consider any Facebook and Google SDKs (and related to them) as trackers, since I do not want any connections to these corporations at all, whatever the reasons they used are.

@IzzySoft what's your scanner says?

[linux019]

@burivuh I agree there is a lot of bloatware analytics in maps.me after 2 years of use of maps I have to delete more than 32K of junk files in /data/data/com.mapswithme.maps.pro/files/.Fabric folder and you are saying that it's the "Limited tracking"?

https://i.imgur.com/VnLUay9.png

[IzzySoft]

@dimqua the app is certainly not in my repo – if it contains the above list of trackers. So I cannot tell you what my scanner says. And I'd count that collection as extremely invasive to my privacy. Especially with a navigation app, I'd never use it. Admitted, for a collection of the worst trackers it might lack CallDorado – but I beg your pardon: Why should I allow Facebook, Google and Twitter to know about my very whereabouts? Plus Flurry and Moat. Thanks – but no, thanks.

Nothing personal, and no offense meant: but that looks as if using the privacy image of OSM to cover up tracking. I'd strongly discourage usage of this app as long as any of the above trackers is present.

Apologies for my harsh words – but that's my opinion. If you want details, see here and check above list.

[dimqua]

I asked because there were doubts about the accuracy of Exodus Privacy. But thanks for the info anyway.

[IzzySoft]

My scanner uses the same principles (static analysis). But I cannot cross-check, as this project doesn't even offer an APK in its releases (and the link from the readme gives a 404). Sure, noone is save from false positives – but 16 false positives in the very same APK? That's not likely. Apart from that, @burivuh already confirmed all of them except for the 2 Google Ad libraries, inMobi and Moat.

Results from my scanner as well as from Exodus tell what libraries have been found in the code – not what functionalities of them are used. The latter is hard to say (requires reverse engineering, which many of those proprietary libraries forbid per their license) – especially given the fact those libraries are not open source, and thus neither should be used in open source projects, as that makes those projects tainted.

I recommend complete removal. If you need analytics/crash reports, there are open source libraries for that (like ACRA). They might not be that "shiny" – but at least they respect the users' privacy. Which cannot be said for any of the above.

[dimqua]

The official apks: https://maps.me/apk/ But these are different from the Play Store version and a bit outdated ATM.

[contrapunctus-1]

There is a fork on F-Droid with no trackers or proprietary components - https://f-droid.org/app/com.github.axet.map

Of course, I hope MAPS.ME removes them from the Play Store version, too.