OSMAnd is spyware that leaks your travel history to the OSMAnd developers, even if you have analytics/telemetry turned off!

github.com/osmandapp/OsmAnd/is

github.com/osmandapp/OsmAnd-iO

This unethical and consent-violating data leak exists in both the iOS and Android versions. It's not an accident - they are deliberately phoning home with a unique identifier.

Long thread, but that claim seems far fetched.
Follow

@hans it sends a unique and permanent tracking id on every map download.

@sneak That doesn't imply it "leaks your travel history", that's what is far fetched. It can "track" which maps you download, that's not travel history, is it?

@hans client ip is city level geolocation. when you send a persistent unique id from changing client ips over time, i know which cities you were in, and when.

@sneak I've downloaded a lot of maps of areas I've never been to. So unless they actually follow my GPS coordinates, I don't see it as "leaking travel history".

@hans this has nothing to do with which maps you download. you don't seem to understand ip geolocation.

@sneak I've read the thread on Github, and I think I understand enough to know that this kind of "tracking" isn't a problem. I don't wear a mask and pay with cash only while doing groceries because the cashier could track my purchases either.

Sure, maybe OsmAnd could work without that ID, but again, I find your claim far fetched.

@hans it’s fine if you don’t care about your own personal privacy but that doesn’t give anyone license to track people who do (and don’t consent to such tracking)

@sneak Again, I don't see this as tracking. I have a serious problem with online tracking, that's why I never visit sites like Google or Facebook, but an enterprise setting an ID do check the number of maps I download and nothing else, is not a privacy concertn. Not for me, at least.

It's a good thing that you told the world about this, so that people have a choice. Not going to be easy, I think, because every alternative that I know of is a far bigger privacy risk, but hey. But telling the world by calling it "spyware" and "leaking travel history" is a bridge too far, I think.

@hans that's because you don't understand tracking. it is objectively tracking regardless of whether you comprehend it as such or not. the idea that it needs informed consent is your clue.

@sneak

that's because you don't understand tracking.



Yeah, let's go with that.

@hans if it weren't literally designed to discern one user from another, no unique identifier would be necessary.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!