Individuals are tracked by Google Analytics.
robdyke opened this issue · comments
Describe the bug
Individuals are tracked by Google Analytics.
When accessing the Privacy Policy tracking code is passed from the application to the covid19.nhs.uk website which is processed by Google Analytics. Data captured could be used to re-identify an individual.
Expected behaviour
Individuals are NOT tracked by Google Analytics
Further tracking links found in StatusContent.json.
Expected outcome:
Individuals are NOT tracked by Google Analytics
The firebase analystics framework also permits personalized adverts intergration with Google Analytics. This has not been opted out - See https://firebase.google.com/docs/analytics/configure-data-collection for further details on this.
Just want to point out that this is also a violation of the #GDPR as the user was never given the opportunity to consent to this tracking or manage what data is collected.
Wow, sort this out lads.
FYI, the same discussion is happening in the Android app issues and has some more discussion points: ukhsa-collaboration/COVID-19-app-Android-BETA#11
Thanks for all the comments. As we say in the blog
The public version of the app does not use any third-party analytics. In order to improve the app, we need to collect information about what happens if it crashes. This will use the operating system's default error-reporting tools.
Our closed Beta will collect some volunteers' data for performance analytics and A/B testing. The libraries required for these analytics may still be present - but deactivated - in the public version of the app.
I agree that we probably don't want UTM trackers on the links.
@edent Thanks for clarifying. I'm just curious if your deactivating also takes care of cases where 3rd party SDK's hook into events even without even being initialized? Similar to the Facebook SDK which was further highlighted in the past week with the analytics related crash.
@ay8s I'll check whether there are any side-effects of deactivating APIs. To be absolutely clear, we aren't using the Facebook SDK.
@ay8s I'll check whether there are any side-effects of deactivating APIs. To be absolutely clear, we aren't using the Facebook SDK.
👍 Should’ve made it clear in my comment it was just an example of an SDK that runs code even if it’s not initialized. I’m not sure if Google Analytics does the same, personally think there’s a high chance it does.
Just for observation and transparancy after looking at the Android issue ukhsa-collaboration/COVID-19-app-Android-BETA#11 I noticed they mentioned the use of Microsoft App Center Analytics. This has also been implimented in the iOS app as well.
Thanks for all the comments. As we say in the blog
The public version of the app does not use any third-party analytics. In order to improve the app, we need to collect information about what happens if it crashes. This will use the operating system's default error-reporting tools.
Our closed Beta will collect some volunteers' data for performance analytics and A/B testing. The libraries required for these analytics may still be present - but deactivated - in the public version of the app.I agree that we probably don't want UTM trackers on the links.
Are you saying there is a different code base for the public release?
Thanks for all the comments. As we say in the blog
The public version of the app does not use any third-party analytics. In order to improve the app, we need to collect information about what happens if it crashes. This will use the operating system's default error-reporting tools.
Our closed Beta will collect some volunteers' data for performance analytics and A/B testing. The libraries required for these analytics may still be present - but deactivated - in the public version of the app.I agree that we probably don't want UTM trackers on the links.
Are you saying there is a different code base for the public release?
There is an internal branch which is used for releases. https://github.com/nhsx/COVID-19-app-iOS-BETA#releases
Thanks for all the comments. As we say in the blog
The public version of the app does not use any third-party analytics. In order to improve the app, we need to collect information about what happens if it crashes. This will use the operating system's default error-reporting tools.
Our closed Beta will collect some volunteers' data for performance analytics and A/B testing. The libraries required for these analytics may still be present - but deactivated - in the public version of the app.I agree that we probably don't want UTM trackers on the links.
Are you saying there is a different code base for the public release?
There is an internal branch which is used for releases. https://github.com/nhsx/COVID-19-app-iOS-BETA#releases
If there is a hidden internal branch for releases, is there a potential for code not found in this repository to make it's way into a build that's hidden from the public?
well there's been no updates to this repo in 9 days (except a readme) so im guessing the project is no longer being worked on or this isn't actually an open source project
So everyone is reviewIng code that may or may not be used in production. In effect this is a closed source project where no one can be certain what’s actually being coded. Or do you plan to release the final production code?
Also it seems you’re capitalising on the support of the community under false pretences, hardly a great start in being open and transparent.
I think no matter what happens, we the community need to get access to one of these APK's and tear it apart to see what kind of tracking is really involved.
I'm working as hard as I can to get the updated code on here. We have a lot of competing demands on our time. I want to make sure that we get an updated version of Android and iOS up this week. We have limited resources and - as you can imagine - prepping the code for release, making sure it is in a suitable condition, removing the personal details of the people working on it, responding to media questions, answering vulnerability reports etc, isn't a simple process.
My mission is to make these things as open as possible. I'm sorry for letting you down like this.
Please do not guess, presume or assume; (and I am saying this to myself as well). Fact (non fake!) based evidence only :-p. Hurrah for Edent; and @edent, please do not apologise to the community.
@edent, as mentioned by @philipswift. You don't need to apologise to the community and although most of the responses will be emotionally charged due to the nature of this application and the air surrounding it on design and security, we accept you're likely making the best of a bad situation.
I would hope that you don't feel personally attacked by some of these comments as they're likely more targeted at those driving the project as opposed to working on it.
I wish to echo @Matthew-Beckett there's no need to say sorry to us. Your doing the best with the resources you have and as a community we will do what we can to provide feedback. I can only imagine a small part of the stress your going though at the moment. It goes without saying but please take care of yourself and your team as well.
@edent I think it would be valuable for a clarification on the purpose of this repository and it's use in the wider project.
Specifically, the build process for the application going forward and the process for quelling concerns that this repository is in fact not indicative of the code which will be pushed via OS storefronts.
@Matthew-Beckett at the moment, these repos are copies of the code from the initial public beta in the Isle of Wight. These repos used to let people see the code, examine it, and report back their bugs and suggestions.
We read every issue and PR and - where suitable - we copy them to an internal tracker.
When the app is released to the wider public, the source code will appear here.
This code is indicative of the code published to app stores - but is missing API keys etc.
Hope that answers your question.
We read every issue and PR and - where suitable - we copy them to an internal tracker.
So your not using GitHub for tracking? Just as a proxy?
When the app is released to the wider public, the source code will appear here.
Will it? Or will it be a public branch?
This code is indicative of the code published to app stores - but is missing API keys etc.
If we disassemble the public build will we get teh same thing as what is published?'
Hope that answers your question.
It makes it seem like your just using GiitHub to take feedback and not really integrating yourself with the community; It feels like marketing and doublespeak and not true collaboration.
So your not using GitHub for tracking? Just as a proxy?
We do all the development on GitHub. As is common with lots of project, we use a separate issues tracker.
Will it? Or will it be a public branch?
I want to publish a public branch. But we also have to protect our teams from abuse and attacks.
If we disassemble the public build will we get teh same thing as what is published?'
Yes.
I'm pasting this message in every active GitHub issue, so you may receive duplicate notifications.
Today, I'm happy to announce that NHSX has released the full git commit history for the Isle of Wight Beta apps.
- Android - https://github.com/nhsx/COVID-19-app-Android-BETA
- iOS - https://github.com/nhsx/COVID-19-app-iOS-BETA
As discussed, we have redacted API keys, sensitive domain names, and some of the developers' personal details. I am still waiting on final approval to publish the server-side code.
I would like to personally thank the community for your comments, bug reports, and vulnerability disclosures. They all went into helping the development process.
The beta trial of this app has now ended and we've moved to the next phase of app development. It is our intention to publish the source code of future apps as the binaries are released to the public.
Once again, thank you for being part of this.
Terence Eden
Head of Open Technology - NHSX