Mysplash added Bugly analytics and crash reporting with version 3.7.1; the manifest needs to be updated.
I’ve also opened an issue with the developer because there is no disclaimer about it and this violates GDPR.
Ref: About Bugly · Issue #77 · WangDaYeeeeee/Mysplash · GitHub
This won’t update since versionName/Code were not yet updated: https://github.com/WangDaYeeeeee/Mysplash/blob/3.7.5/app/build.gradle#L10
This Bugly also seems to be proprietary. Anyone knows what is Bugly Software License, Version 1.0? The link to the license text is broken.
I found this on github but I think it’s outdated, and there’s no license: GitHub - BuglyDevTeam/Bugly-Android
So I think it IS proprietary. Holy crap.
This is terrible. This is the third time I find some dev sneaking in analytics into an app after it’s been accepted by F-Droid, we need to do something about it, like analyzing the generated APK with ClassyShark to make sure it doesn’t contain trackers there were not declared in the manifest. Personally I would ban third party analytics altogether.
1 Like
https://github.com/WangDaYeeeeee/Mysplash/search?q=bugly&unscoped_q=bugly with cleartextTrafficPermitted.
Slightly different than com.thirtydegreesray.openhub_30 (OpenHub): a tencent aar inclusion https://github.com/ThirtyDegreesRay/OpenHub/blob/f5db8c0544c02ba04eef3c9a92aadfe4f5687185/app/build.gradle#L166
(“half-halted”: Check our APKs with Exodus (#566) · Issues · F-Droid / fdroidserver · GitLab )
I’m surprised that that issue has been open for more than a year.
Seriously, we have the most annoying lint on earth that will reject manifests for having an extra whitespace, but I can sneak in proprietary third party analytics and nobody bats an eye?
Basically, fdroid is a collaborative project : no gitlab additional reviewers => no new additional features/controls.
… bring your voice to gitlab,
was (positively) surprised by low amount of fdroid apps with trackers. It will be great if fdroid (experts) community could identify all true open source trackers in Exodus database, so this information could reach ExodusPrivacy end-users (?)
why ?
it will seriously help for scan and signature’s reliability, if we know that a tracker is open source or not (especially also because opensource can be paste & obfuscated/scrambled in apk code)
as example of possible biased integration: new Facebook debugging tool Flipper is (MIT) open source GitHub - facebook/flipper: A desktop debugging platform for mobile developers. .
This is also why, imho, fdroid should discourage use of obfuscation :
btw @dosse91, imho, your FairEmail thread should be softened/edited, especially considering M66B’s thoughtfulness and skill…
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.