Closed Bug 1183654 Opened 10 years ago Closed 10 years ago

fennec-39.0.multi.android-arm.apk performs undocumented tracking at app.adjust.com

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Version:
39 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: chaos, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0 Build ID: 20150629114848 Firefox for Android Steps to reproduce: 1. Install fennec 39.0 2. Capture network traffic. 3. Connect to Wi-Fi Actual results: The network capture shows that Fennec connects (via HTTPS) to app.adjust.com. (I don't even need to start the browser; just connecting to Wi-Fi is enough.) A MITM attack shows that a GET request is issued which includes (among others) the following parameters, identifying me uniquely: android_id, android_uuid, mac_sha1, mac_md5 Expected results: Fennec should not have opened a network connection without my consent. Fennec should not track me at third parties without my consent. Such behavior stands in stark contrast to "No Surprises" and "User Control" among Mozilla's Data Privacy Principles: https://blog.mozilla.org/privacy/2014/11/11/mozillas-data-privacy-principles-revisited/ There does not seem to be much documentation available, what is happening here. The behavior is different from what I read there: https://people.mozilla.org/~nalexander/adjust_docs/mobile/android/base/fennec/adjust.html https://gecko.readthedocs.org/en/latest/mobile/android/base/fennec/adjust.html Note that I installed the apk directly, no Google Play Store on my phone. Thus, adjust.com should not not be contacted according to the above URLs.
(In reply to chaos from comment #0) > There does not seem to be much documentation available, what is happening > here. The behavior is different from what I read there: > https://people.mozilla.org/~nalexander/adjust_docs/mobile/android/base/ > fennec/adjust.html > https://gecko.readthedocs.org/en/latest/mobile/android/base/fennec/adjust. > html > > Note that I installed the apk directly, no Google Play Store on my phone. > Thus, adjust.com should not not be contacted according to the above URLs. The second link actually says that it will be used on startup, not just when installed from the Play Store. I don't work on Android, so I don't know much else. Paging some of the Android folks who have more detail here.
Component: Untriaged → General
Flags: needinfo?(nalexander)
Flags: needinfo?(mark.finkle)
Flags: needinfo?(margaret.leibovic)
Product: Firefox → Firefox for Android
Version: 39 Branch → Firefox 39
(In reply to chaos from comment #0) > User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 > Firefox/39.0 > Build ID: 20150629114848 > Firefox for Android > > Steps to reproduce: > > 1. Install fennec 39.0 > 2. Capture network traffic. > 3. Connect to Wi-Fi > > > Actual results: > > The network capture shows that Fennec connects (via HTTPS) to > app.adjust.com. (I don't even need to start the browser; just connecting to > Wi-Fi is enough.) > A MITM attack shows that a GET request is issued which includes (among > others) the following parameters, identifying me uniquely: android_id, > android_uuid, mac_sha1, mac_md5 > > > Expected results: > > Fennec should not have opened a network connection without my consent. > Fennec should not track me at third parties without my consent. Such > behavior stands in stark contrast to "No Surprises" and "User Control" among > Mozilla's Data Privacy Principles: > https://blog.mozilla.org/privacy/2014/11/11/mozillas-data-privacy-principles- > revisited/ > > There does not seem to be much documentation available, what is happening > here. The behavior is different from what I read there: > https://people.mozilla.org/~nalexander/adjust_docs/mobile/android/base/ > fennec/adjust.html > https://gecko.readthedocs.org/en/latest/mobile/android/base/fennec/adjust. > html Hey! I wrote the relevant docs. You're seeing case 1 in the docs: * Fennec is release channel; * Fennec is built by Mozilla (MOZILLA_OFFICIAL=1); * and Android started the App. I agree that this is both surprising and uncontrollable. For surprising, Fennec team tried really hard to do the right things. We reached out to Mozilla's planning mailing lists pretty early [1] and documented what we do [3] (which you already found). I thought we blogged about this publicly, but now I can't find a link! (I think mfinkle will know for sure, or wbowden.) For uncontrollable, this decision was a complicated calculus, balancing: * a real need (or desire) to understand the nature of Fennec installs; * an extremely tight engineering schedule; * the reality of trying to track installs on the Android platform. Opting in to this collection was not a good option given this scenario. You can read most of the discussion on the mailing lists and in Bug 1143888 and sub-tickets. I hope this at least convinces you that Fennec team was not trying to be sneaky or underhand. You may, of course, disagree with the actions and outcomes. [1] https://groups.google.com/d/msg/mozilla.dev.platform/J1r-JvzEtcM/tuXzZJm9C1IJ [2] https://groups.google.com/d/msg/mozilla.dev.platform/H3uTszqKvzE/NLaR9p36XkQJ [3] https://gecko.readthedocs.org/en/latest/mobile/android/base/fennec/adjust.html
Flags: needinfo?(nalexander)
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(wbowden)
I mid-aired with nalexander, but he basically said exactly what I was going to say. Out of curiosity, where did you install this build from? If you installed a release build directly from our ftp server, it won't have updates enabled, so it won't receive critical security updates.
Flags: needinfo?(margaret.leibovic)
This was also noted in the release notes for 38.0.5 https://www.mozilla.org/en-US/firefox/android/38.0.5/releasenotes/ and was included in the Play Store description for that release.
(In reply to :nalexander from comment #2) > * and Android started the App. That's a surprising point, which is actually documented, but easy to mis. In the docs it looks like a restriction concerning when tracking happens. Yet, in reality it means: Whenever you connect to the Internet. > * a real need (or desire) to understand the nature of Fennec installs; > * an extremely tight engineering schedule; > * the reality of trying to track installs on the Android platform. I can understand that desire. Yet, install tracking is different from tracking users at every Wi-Fi connect. > I hope this at least convinces you that Fennec team was not trying to be sneaky or underhand. Yes. Many thanks for pointers and explanations. I'm a long-time Firefox user, on different platforms, but I missed that discussion. I doubt that many users are aware, but that's just my guess, of course. > You may, of course, disagree with the actions and outcomes. I added the following line to /system/etc/hosts and uninstalled the browser: 127.0.0.1 app.adjust.com
(In reply to :Margaret Leibovic from comment #3) > Out of curiosity, where did you install this build from? I installed that from F-Droid: https://f-droid.org/
(In reply to chaos from comment #6) > (In reply to :Margaret Leibovic from comment #3) > > > Out of curiosity, where did you install this build from? > > I installed that from F-Droid: https://f-droid.org/ Oh, interesting. I didn't know about that site. Thanks for the link.
Flags: needinfo?(wbowden)
Flags: needinfo?(mark.finkle)
Bug 1208240 allows this tracking to be disabled, like FHR. We also have documentation on Adjust here: https://gecko.readthedocs.org/en/latest/mobile/android/base/fennec/adjust.html
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
https://gecko.readthedocs.org/en/latest/mobile/android/base/fennec/adjust.html now returns a 404 error. Where is the new documentation about it?
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.