@ErosBlog FWIW my experience has led me to believe it's very rare (or much more rare than people generally think) that everyone who needs to know something actually does. So sharing stuff like this is still really useful.

https://xkcd.com/1053/

@ErosBlog it does request network connection permissions, but that on it's own is not conclusive, as some apps on @fdroidorg do also check for #updates because they're built upon publicly released sourcecode and that means it's identical to the releases which if self-compiled may just check if it's the latest version and recommend users to update to that...

In fact, this can cause problems on #AppStores like #GooglePlay which disallow checking for updates that way...

Ask me how I know...

@ErosBlog I wish more software like this was promoted for #privacy and #security.

it's not that our actions are questionable, it's their intent that is.

there will never be a legitimate reason why a biometric tracking app would EVER need to permanently store my data outside of my control.

my hope is that the common users all get a taste of this to wake up and start demanding changes or start making them on their own.

@ErosBlog To answer the indirect question 💜

We do not even have a server to store user data. All data that a user inputs is stored in a database on the users phone. All calculations are run on the device itself. No cloud, no AI, no tracking (only by the person themselves). If the user wants they can encrypt with setting a password for the app.

@ErosBlog Glad to see open-source, local apps getting a mention here! Because that's really the only solution. If it's supported by ads, they have your data because they're using it to target the ads. If they have your data, it doesn't matter if they turn that data over willingly, they could also be compelled to by a court. Doesn't matter if the app asks for your state either, that's easy enough to figure out if you aren't using a VPN all the time (and even that wouldn't be a guarantee.)

And if it's not open source...you have no idea if they're collecting your data or not. If it's ad-supported the data collection is pretty much guaranteed (well, *someone* has your data if not them)...but even if it's paid and/or ad-free, a lot of devs will harvest all your data for literally no reason just because that's the way they're used to doing things and keeping you safe -- especially *from them* -- isn't often part of the design process.

Also check your device settings to ensure this locally stored data isn't getting backed up to "the cloud"! Google and Apple do have the resources to fight a demand for that data in court...but will they? Will they win? They're not just gonna outright refuse a lawful order. They do turn over data regularly.

Security is always a balance between risk and convenience.
If the risk has substantially changed, then it might be worth reconsidering how you balance that. If you're very worried, maybe even keep the data on paper that you burn as needed. Or on an old phone that you keep offline. Or in a regular calendar or notepad app, possibly in code, using non-obvious event names or something like that. Make it harder to harvest and process in bulk.

@lopezsanchez That's not a problem that I personally am ever going to face but, yeah, it's a solid position.

Unfortunately it generalizes to the proposition that a smart phone is literally too dangerous to own or use absent a supporting culture that valorizes and defends personal liberty and privacy for everyone. It's WILDLY irresponsible and dangerous to own a smartphone under fascism. Which leads to the need for making very hard choices indeed during a fascists-ascendant period.