OSMAnd is spyware that leaks your travel history to the OSMAnd developers, even if you have analytics/telemetry turned off!
https://github.com/osmandapp/OsmAnd/issues/15058
https://github.com/osmandapp/OsmAnd-iOS/issues/2115
This unethical and consent-violating data leak exists in both the iOS and Android versions. It's not an accident - they are deliberately phoning home with a unique identifier.
@sneak @coolboymew valid concern, but your wording makes it sound as if they added this for the sole purpose of tracking individuals and don't intend to do anything about it. Let's give them some time to respond before starting drama.
That's cool I thought they nuked anything other than Swift because Apple.
@sneak I have analytics disabled and it pings download.osmand.org on ios privacy report. It happens during a live update or download - it should not be sending IDs (but I havent checked with a proxy to inspect https). Can't wait to hear back from them though, as I've been a long time fan of OsmAnd and a premium subscriber... 😬
@lambdagoat the lead dev says it doesnt require consent because it's just a random id. he doesn't get it.
@sneak thanks for the update, that really sucks. I will rethink my subscription then
@sneak this is horrible
@trashcatt the lead dev thinks that it doesnt need consent because it is just a random id lol
@sneak It looks like it only happens when downloading maps for later offline use, not continuously? So it could track the maps you're interested in, and maybe where you are while planning a trip, but not where you actually go?
@hans it sends a unique and permanent tracking id on every map download.
@hans client ip is city level geolocation. when you send a persistent unique id from changing client ips over time, i know which cities you were in, and when.
@hans this has nothing to do with which maps you download. you don't seem to understand ip geolocation.
Sure, maybe OsmAnd could work without that ID, but again, I find your claim far fetched.
@hans it’s fine if you don’t care about your own personal privacy but that doesn’t give anyone license to track people who do (and don’t consent to such tracking)
It's a good thing that you told the world about this, so that people have a choice. Not going to be easy, I think, because every alternative that I know of is a far bigger privacy risk, but hey. But telling the world by calling it "spyware" and "leaking travel history" is a bridge too far, I think.
@hans that's because you don't understand tracking. it is objectively tracking regardless of whether you comprehend it as such or not. the idea that it needs informed consent is your clue.
@hans if it weren't literally designed to discern one user from another, no unique identifier would be necessary.
@sneak holly molly I will read about it tomorrow. I use this app for cycling tracking.
@sneak years ago they had a weird response against a request to allow showing tagged surveillance cameras in OSMAnd
@sneak it seems to have been fixed back in October, which is great since I use it a lot
@waterbear not fixed. read the issue.
@sneak well I read this and I came up with:
"Sneak: you are wrong. It is time to admit you came to wrong conclusions and time to publicly show you are able to learn when presented with new facts. Thank you."
https://github.com/osmandapp/OsmAnd/issues/15058#issuecomment-1214373629
