"Many of these trackers are also available in the Apple iOS app store, though <i></i>technical and legal barriers limit privacy and security analysis<i></i>."<p><a href="https://law.yale.edu/yls-today/news/isp-privacy-lab-publishes-research-hidden-trackers" rel="nofollow">https://law.yale.edu/yls-today/news/isp-privacy-lab-publishe...</a><p>And from <a href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html" rel="nofollow">https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.htm...</a>:<p>"As Exodus and Yale note, these trackers are almost certainly also present in iOS: the companies that make them advertise their iOS compatibility, for one thing. But iOS is DRM-locked and it’s a felony – punishable by a 5-year prison sentence and a $500,000 fine for a first offense in the USA under DMCA 1201, and similar provisions of Article 6 of the EUCD in France where Exodus is located – to distribute tools that bypass this DRM, even for the essential work of discovering whether billions of people are at risk due to covert spying from the platform."
This thread is a really interesting example of how easily humans can simultaneously hold conflicting beliefs/opinions. I'm gathering that a lot of developers and businesspeople here:<p>a) are very concerned about collection of their own data<p>b) derive material value from Crashlytics, Mixpanel and other "tracking tools" for their work<p>It's tricky to reconcile those two ideas.
The surprising part to me is that it's only 3/4. I assume the rest are not doing any real analytics.<p>Of course they are using 3rd party tools, because the software and infrastructure required to do meaningful analytics on a large user base is way beyond what any startup or independent developer can afford to invest. There aren't even decent Open Source options - Google Analytics long ago sucked the air out of Open Source in this space and choosing Open Source means running your own infrastructure, which is non-trival the moment you start having Gigabytes+ of usage data.
I can’t say I’m thrilled with using Crashlytics in my own iOS apps, but I’m not aware of any better options when it comes to crash tracking. A handful of crashes come in through Apple’s opt in crash report sharing but when compared to the data I’m getting from Crashlytics, it’s clear that a <i>lot</i> of info is missing. If I relied only on manually submitted bug reports and what Apple is telling me, I never would’ve come to know about many of the bugs I’ve fixed. Better testing could’ve caught some of them, but many just won’t surface in any other place except out in the wild.<p>Is increased privacy worth decreased stability? I won’t claim to know the answer to that question, but I suspect it’s more murky than some think, especially when you have paid customers who expect a throughly solid product for their money.
This is a bit alarmist. I develop a popular app that has no advertising but I still ship mixpanel and crashlytics. I do that because I need to know how people are using the app in order to make the app better. That's it. If the app crashes and I don't know about it then I can't fix it and my users would hate me. Without these tools the apps would be worse.
I don't get it. If you're in IT in any role, you know this is happening. I install zero apps on my iPhone. I don't need them. Banking and other secure things are more properly done on a desktop or laptop running some form of <i>nix with proper security in place.<p>I would never access my bank or other secure website with crucial information via a mobile phone. Call me an anachronism should you wish, but I've never had the tracking worries or data leak worries others do.<p>On my </i>nix desktops, I block all ads, all tracking cookies, no third-party cookies, I whitelist my bank and Fastmail account for cookies, and I block coin mining, HTML canvassing, HTTP/S referrer, CSS history lookups, and so much more. In addition, I surf through a VPN. Why risk it?
3/4 of apps? I'm surprised it's not higher. Probably similar thing for iOS: everyone installs ads, translations, google analytics, data-mining and data-analysing tools, or feeds logs to such tools.
What alternatives are out there for mobile developers?<p>Is there an open source Android and/or iOS equivalent allowing self-hosting analytics like Piwik does for web (without a 3rd party)? Piwik does ship an Android SDK; anyone have experience to compare to 3rd party options?<p><a href="https://github.com/piwik/piwik-sdk-android" rel="nofollow">https://github.com/piwik/piwik-sdk-android</a><p>Hat tip to user johnny_and1 for mentioning ACRA for Android crash reporting elsewhere in this thread. Are there any similar libraries for iOS?<p><a href="https://github.com/ACRA/acra" rel="nofollow">https://github.com/ACRA/acra</a>
To help mitigate this situation, users can and should start to use blockers just like we do on browsers. The best and less invasive I've found so far is Blokada[1].<p>It works as a fake VPN giving you the power use blocklists to filter all your connections.<p>Downside is that I believe in doesn't work if you already use a VPN.<p>So far it has helped me block 80.921 ads and trackers. As a bonus it saved me 242.79MB.<p>By default it whitelists Google Analytics, so if you don't want that you should disable the whitelist or configure it.<p>[1] <a href="http://blokada.org/index.html" rel="nofollow">http://blokada.org/index.html</a>
I wonder if there is a comparable study for iOS apps? Or are there iOS versions of "Tinder, Spotify, Uber and OKCupid" better than the Android counterparts.<p>> Both of these trackers have been profiled by Privacy Lab and can be identified by <i>Exodus scans</i>.<p>I have tried looking up Exodus but can't find any info. Anyone knows what this tool and how does it work?
I wish I could edit the hosts file of Android devices without root. Barring that, I wish I could force a DNS server for both wi-fi and mobile data links, which I believe also requires root.<p>Either one of these options would allow the use of DNS blackholing for adware/malware domains. Without it, protecting yourself on mobile is that much more difficult.
This is completely normal, just like any (web,ios) app, apps are generating analytics point to know how the app is doing, and where to improve. If an app doesnt have a 3rd party analytics tool, you can be almost certain they are using an inhouse tool.<p>These tools never really track individual users outside of the app context.
Only 3/4? That only means the "researchers" didn't try hard enough on the remaining 1/4.<p>100% of every app you use, mobile or web, has user behavior tracking.
"Third party tools." Ads. They're called ads. Don't beat around the bush. Google won't fix the problem because their business is selling ads.
Am I the only person who doesn't mind being tracked? I don't use an ad-blocker or VPN and allow all cookies.<p>I see it as a fair trade for reading articles, watching videos, playing games, etc. without paying any money out of my own pocket.<p>EDIT: Why the down votes with no replies on this?