Closed Bug 857163 Opened 12 years ago Closed 7 years ago

ADI ping for B2G partners

Categories

(Privacy Graveyard :: Partner Review, task, P1)

Product:
Privacy Graveyard
Component:
Partner Review
Platform:
x86
macOS
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: aphadke, Unassigned)

Details

(Whiteboard: under privacy review)

From Fabrice: ====== Since the marketplace has contractual obligations to provide carrier-based customizations, we need to be able to somehow serve different content to different carriers. We can't use the API the let us know which carrier we're on since it is a certified one. As far as I can see, here's a proposal: Use a carrier-specific manifestURL in the metadata.json file. Since we don't want partner-specific code to land in gaia, each carrier will have to customize it for their builds. The base url could be something like https://marketplace.firefox.com/marketplace/update.webapp and each carrier would add a parameter with a unique carrier token (?carrier=telefonica). This way, the app can use the mozApps api to retrieve its manifestURL, and build the iframe url with the carrier token. ====== Privacy Team: We need your approval/comments on the above. Right now, we have a plain vanilla URL scheme that let's us know the ADIs for B2G. Given our contractual obligations, we are needed to append a parameter to the existing ping. The partner ping is in addition to our existing vanilla ping. Is the new ping a concern for privacy? Thoughts/suggestions? -anurag
Priority: -- → P1
Assignee: ahua → rwood
Hi Anurag, do you have some time to chat with me on Vidyo about this? I want to ensure I understand this correctly, and also have some privacy-related questions for you. Thanks!
Flags: needinfo?(aphadke)
robert - sure, how about Monday, 3/31 @ 11am PST?
Flags: needinfo?(aphadke)
Whiteboard: under privacy review
Notes from my meeting with Anurag yesterday: What data will be stored? - B2G device ADI (Active Data Install) pings; these are already being stored and include device type, and user agent/Firefox OS version; however the plan is to update the ping in 1.3/1.4 to include a carrier argument Is there an existing privacy policy? - Yes, a privacy review was done previously (and a policy already exists) for the collection of the existing ADI pings; but should be updated to include the new ping format (ie. adding carrier) Reason why data is stored? - For ADI analysis, and to be able to serve different content to different carriers What users? - In theory all devices running Firefox OS How sensitive is the data? - Just adding carrier name to the existing ADI ping; already includes device type and Firefox OS version; no personal user data is included How is the data collected? - ADI pings from the device via nginx logs over mobile data link or wifi Who will have access to the data? - Anurag, and anyone who has access to the server or the dashboard; requires SSH access and must be requested specifically Will collecting this data allow for user identification? - Unlikely (slim chance) as uses device IP; data on dashboard will be in aggregate Can the user opt-out? - Yes, in the Firefox OS settings the user will be able to opt-out How long will the data be stored for? - Raw data for 6 months; dashboard may be longer but it is in aggregate Is there a plan for deletion? - Not implemented yet but under development; raw data to be deleted at 6 months
:fabrice, would you please email me a sample of the new/proposed ADI ping format? Thanks!
Flags: needinfo?(fabrice)
:stacy, apparently a privacy policy already exists for the previous implementation of the ADI ping; do you know where this policy can be found? Can it just be reapplied to the updated ping format?
Flags: needinfo?(smartin)
What are we talking about here? The current ping based on the marketplace manifest url? Or the new data reporting framework that started in bug 969101 ?
Flags: needinfo?(fabrice)
:anurag, can you answer that? Thanks!
Flags: needinfo?(aphadke)
:rwood - there's some confusion, this bug was filed in 2013-04-02 and the original intent was to get ADIs correctly. fabrice had suggestions on how to make this happen and that's what is mentioned in the description. Since then, there have been talks about having a new data reporting framework. Here's the confusion: 1. If we were to build on top of existing ADI ping, then this bug is valid. 2. If we were to use the new data reporting framework, then this is no longer valid and superceded by https://bugzilla.mozilla.org/show_bug.cgi?id=969101 AFAIK, ravi is the product owner of the ADI ping, Ravi can you clarify? -anurag
Flags: needinfo?(aphadke) → needinfo?(rdandu)
This bug is talking about the current ping (ADI ping) which is already in devices from 1.1. The new (Activation ping) is separate from this. Engg work: 969101 Privacy review: 992487 They are two different pings as their goals are different. Activation ping is to track total number of devices are sold. ADI ping is to figure the current devices that are connecting regularly on wifi to see if they need App updates. Details on the need for Activation Ping in addition to ADI ping: Product planning needs the information about devices sold (ActivationPing). Current ADI ping approximates devices active on a certain day on WiFi. Difference gives us an idea of retention of product, and engagement of user.This will help us focus on what is causing the dropoff, investigate why certain markets are doing better/worse, and making data-driven investments in improving the retention Information difference: Activation Ping has additional information on Build IDs, Country, Operator, OEM, Version of HW, Screen Size, Screen Height, Width, Pixel density. While the previous ADI ping contains the model of device. Need the additional information to figure out which geographic areas/partners we should work with to push security updates. Also, helps give App developers the various screen sizes/aspect ratios to be supported. Reliability and Cost difference: From previous versions, Partners removed ADI ping due to cost concern. Activation Ping is sent once in lifetime of device, which should have allay cost concerns.
Flags: needinfo?(rdandu)
Flags: needinfo?(smartin)
Adding Mika - she or Alina may be best to answer this: :stacy, apparently a privacy policy already exists for the previous implementation of the ADI ping; do you know where this policy can be found? Can it just be reapplied to the updated ping format?
Assignee: rwood → nobody
Mass closing as we are no longer working on b2g/firefox os.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Mass closing as we are no longer working on b2g/firefox os.
You need to log in before you can comment on or make changes to this bug.