Closed Bug 833995 Opened 11 years ago Closed 2 years ago

Complete Privacy-Policy Review for Android App Not Responding (ANR) Reporting

Categories

(Privacy Graveyard :: Product Review, task, P2)

Product:
Privacy Graveyard
Component:
Product Review
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: jchen, Assigned: ahua)

References

(Blocks 1 open bug)

Details

(Whiteboard: review in process) 

Initial Questions:

Project/Feature Name: Android App Not Responding (ANR) Reporting
Tracking  ID:
Description:
App Not Responding (ANR) dialogs present a bad user experience for Fennec users, and they can be caused by a variety of bugs. In order to determine and fix the causes of ANRs, we need telemetric data about the origin of the ANRs.

The reporting process involves sending thread stacks and logs through telemetry when ANRs happen. This is the Fennec equivalent of the "chrome hang" telemetry already present on desktop Firefox Nightlies.

There will be a client side and a server side. The client side will gather the stacks and logs and use existing telemetry system to report. The server side will process the newly added telemetry fields and save the data for further analysis.

Security-wise, there should not be too much concern, because we reuse much of the existing telemetry code for reporting. The data-gathering part of the client side may need additional review for security.

Privacy-wise, ANR reporting is part of telemetry, and the user already has control over enabling telemetry. However, the prompt given to the user may need to change, or the user may need to be prompted separately because the stacks and logs contain more sensitive information than regular telemetry data.

Additional Information:

Urgency: a week
Key Initiative: Firefox Mobile
Release Date: 
Project Status: development
Mozilla Data: Yes
New or Change: New
Mozilla Project: none
Mozilla Related: 
Separate Party: No

Privacy Policy: Yes
Privacy Policy Link: http://www.mozilla.org/en-US/legal/privacy/firefox.html
User Data: Yes
Data Safety  ID: 
Legal  ID:
Tom can you take a look at this and let me know if we need a technical review?
Flags: needinfo?(tom)
Curtis: not sure if we'll need a technical followup yet. I'm going to look at some normative stuff first.

Hi Jim, you mention that ANR reports are more sensitive than typical Telemetry info. It sounds to me like the contents might be closer in content to a crash report, if they contain stacks/traces/logs; do you agree? I don't see any existing setting on Fennec to control crash reporting; do we do any crash reporting on Fennec right now?
Group: mozilla-corporation-confidential
Flags: needinfo?(tom) → needinfo?(nchen)
(In reply to Tom Lowenthal [:StrangeCharm] from comment #2)
> Hi Jim, you mention that ANR reports are more sensitive than typical
> Telemetry info. It sounds to me like the contents might be closer in content
> to a crash report, if they contain stacks/traces/logs; do you agree? I don't
> see any existing setting on Fennec to control crash reporting; do we do any
> crash reporting on Fennec right now?

Hi Tom, yes, ANR contents are very similar to crash reports.

And yes, Fennec does report crashes similar to desktop: when it crashes, a crash reporter dialog appears that asks the user whether to send the crash report. If the user consents, we send the data to our Socorro server. AFAIK, there is not a global setting; the user is prompted per crash.

On the other hand, ANR reports go through the Telemetry system, which IS controlled by a global setting. Telemetry reports are sent to our Metrics data server, not Socorro, and as long as the global setting is enabled, reports are sent in the background. Of course, we can make ANR reporting a special case and prompt the user per ANR.

Note that ANR reporting will likely only be enabled on Nightly and Aurora builds, which have Telemetry on by default (we do let the user know of this fact).

Also as a precedent, on desktop Nightlies we have a similar feature called "chrome hangs" which report stack information through Telemetry almost exactly like ANR reporting, although ANR reports are a little more sensitive because they contain logs as well as stacks.

Thanks! Let me know if you need any further information.
Flags: needinfo?(nchen)
Jim, can you find an hour to talk with me about this feature, and different options?
(In reply to Tom Lowenthal [:StrangeCharm] from comment #4)
> Jim, can you find an hour to talk with me about this feature, and different
> options?

Hi Tom, I'm available most days. Can we talk on IRC (I'm jchen in #privacy) and schedule a time? Or just talk about the feature on IRC if you have the time. Thanks!
What we concluded after discussing with Tom on IRC,

1) Testing release (Nightly/Aurora) users can expect automatic collection of ANR reports, as long as we make it clear in our Telemetry notice.

2) On the other hand, official release (Beta/Release) users may not expect automatic collection of ANR reports. They are asked to report ANRs to the Play Store each time, so they may not expect further reporting to us, whether we prompt them or not.

3) Considering this difference, we can enable automatic ANR reporting on Nightly/Aurora, but we should disable it on Beta/Release.

4) We should change the Telemetry opt-out notice in Nightly/Aurora to reflect the information sent in ANR reports.
I'm going to mark this incomplete while we wait for a new and exciting string. Once the string is confirmed, we can mark this complete.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
Blocks: 839683
Tom is no longer with Mozilla - sounds like we have to make some changes to make this work - Jim I'll find some time for you to talk to Alina and I.
Assignee: bugs → ahua
Jishnu - Thanks for catching this. 

Jim - I was planning to follow up with you on this. We'll schedule a meeting with you soon to discuss.
Status: RESOLVED → REOPENED
Resolution: INCOMPLETE → ---
Just to update this, we are now collecting full C stacks using the profiler's stack walking mechanism in Fx 24
Whiteboard: review in process
privacy triage: bug is still valid.
Priority: -- → P2

This bug lies at rest in the graveyard.

Status: REOPENED → RESOLVED
Closed: 11 years ago2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.