AquaMail Forum

English => General Discussion => Topic started by: ksuuk on November 05, 2020, 10:34:47 am

Title: Aqua Mail is spying on us.
Post by: ksuuk on November 05, 2020, 10:34:47 am
Hi,

Since June 17, 2020, version 1.25.0-1610 Aqua Mail includes trackers:
firebase-settings.crashlytics.com
firebaseinstallations.googleapis.com

Users find out the trackers and demanded to remove them, Aqua Mail first ignored, then promised to remove them.

Now 5 months, and several versions later the trackers are still there. Despite of Aqua Mail promised to remove them, nothing is happened, trackers are still there.

This is clear sign, that Aqua Mail will not remove trackers and keeps spying on us.
Title: Re: Aqua Mail is spying on us.
Post by: dries.dokter on November 05, 2020, 10:49:21 am
In settings About, there is the possibility to uncheck send usage statistics and send crash report.

Are you saying that even if those are unchecked Aquamail is still spying on me?

Sent from my LM-G810 using Tapatalk

Title: Re: Aqua Mail is spying on us.
Post by: ksuuk on November 05, 2020, 10:55:51 am

Are you saying that even if those are unchecked Aquamail is still spying on me?


Yes, as these trackers are hardcoded:

firebase-settings.crashlytics.com
firebaseinstallations.googleapis.com
Title: Re: Aqua Mail is spying on us.
Post by: Michael Maslarov, Aqua Mail on November 05, 2020, 02:07:46 pm
Hi ksuuk,

This is a very disrespectful claim and very disrespectful to all of the team members that work day and night to make Aqua Mail such a great app. "Aqua Mail is spying on you!", this is simply not true and it's a false claim!

My apology but we talked about this issue so many times. We are as transparent as possible. Aqua Mail is not spying on you. This is also not analytics. This is a Google issue, not Aqua Mail's. Ask them why every service that we developers have to use is so hard to contain to not connect to their services. Maybe you will claim why Aqua mail needs internet or Android to run. Here is one of the answers we received from them stating that it's expected behavior:

"In addition, we would like to know if the "firebaseinstallations.googleapis.com" request is made every time the app is started even when Crashlytics is disabled in the manifest file.

If it does end up being the latter, then that's an expected behavior that our engineers are aware of, and we’ll address it down the road. Our priorities, however, could change from time to time, and I’m unable to give you a definite timeline as to when this would be available."

If you'd like to help us out, please share with us any information that you may find out how we can go around this issue. Maybe you can find info on how somebody else fixed this with Crashlytics. We are nagging Google for over a few months now with this issue and they are just arrogant enough not to make any move on fixing it. Also if you have unchecked the boxes for analytics and you still see the requests please send us the log.
Title: Re: Aqua Mail is spying on us.
Post by: ksuuk on November 05, 2020, 03:16:44 pm
Hi ksuuk,

This is a very disrespectful claim and very disrespectful to all of the team members that work day and night to make Aqua Mail such a great app. "Aqua Mail is spying on you!", this is simply not true and it's a false claim!

My apology but we talked about this issue so many times. We are as transparent as possible. Aqua Mail is not spying on you. This is also not analytics. This is a Google issue, not Aqua Mail's. Ask them why every service that we developers have to use is so hard to contain to not connect to their services. Maybe you will claim why Aqua mail needs internet or Android to run. Here is one of the answers we received from them stating that it's expected behavior:

"In addition, we would like to know if the "firebaseinstallations.googleapis.com" request is made every time the app is started even when Crashlytics is disabled in the manifest file.

If it does end up being the latter, then that's an expected behavior that our engineers are aware of, and we’ll address it down the road. Our priorities, however, could change from time to time, and I’m unable to give you a definite timeline as to when this would be available."

If you'd like to help us out, please share with us any information that you may find out how we can go around this issue. Maybe you can find info on how somebody else fixed this with Crashlytics. We are nagging Google for over a few months now with this issue and they are just arrogant enough not to make any move on fixing it. Also if you have unchecked the boxes for analytics and you still see the requests please send us the log.


I especially made new topic, as this issue keeps pop constantly, but Aqua Mail avoids it.

The code belongs to Aqua Mail, not to  Google.  Based -  https://firebase.google.com/docs/crashlytics/get-started it's analytics code and it's needed manually to add into app. If so, then why Aqua Mail developers added it at all and why they can't remove it from code? And if developer does something, without understanding what it does, then I suggest hire better developers.

Screenshot added.
Title: Re: Aqua Mail is spying on us.
Post by: Michael Maslarov, Aqua Mail on November 05, 2020, 06:57:45 pm
You are clearly not reading what I am writing, and you are clearly uninformed about what Crashlytics is used for. Also sending a log is not sending a screenshot from AdGuard. Does it make any sense for me to continue writing? You can either choose to help for real or stop spreading false accusations.
Title: Re: Aqua Mail is spying on us.
Post by: ksuuk on November 05, 2020, 07:12:46 pm
You are clearly not reading what I am writing, and you are clearly uninformed about what Crashlytics is used for. Also sending a log is not sending a screenshot from AdGuard. Does it make any sense for me to continue writing? You can either choose to help for real or stop spreading false accusations.

You did not answer, what was changed in code since 1.25.0-1610, when these trackers appeared?

And are You seriously saying, that for 5 moths Aqua Mail developers can't install AdGuard or similar app or dump the traffic and figure out what is going on? This is kind of scary, if developers don't know what their app does.

BTW, I have a lot apps in my phone and only Aqua Mail is connecting to these trackers. How others can and Aqua Mail can't ?
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 05, 2020, 07:39:27 pm
Hi ksuuk,

This is a very disrespectful claim and very disrespectful to all of the team members that work day and night to make Aqua Mail such a great app. "Aqua Mail is spying on you!", this is simply not true and it's a false claim!

My apology but we talked about this issue so many times. We are as transparent as possible. Aqua Mail is not spying on you. This is also not analytics. This is a Google issue, not Aqua Mail's. Ask them why every service that we developers have to use is so hard to contain to not connect to their services. Maybe you will claim why Aqua mail needs internet or Android to run. Here is one of the answers we received from them stating that it's expected behavior:

"In addition, we would like to know if the "firebaseinstallations.googleapis.com" request is made every time the app is started even when Crashlytics is disabled in the manifest file.

If it does end up being the latter, then that's an expected behavior that our engineers are aware of, and we’ll address it down the road. Our priorities, however, could change from time to time, and I’m unable to give you a definite timeline as to when this would be available."

If you'd like to help us out, please share with us any information that you may find out how we can go around this issue. Maybe you can find info on how somebody else fixed this with Crashlytics. We are nagging Google for over a few months now with this issue and they are just arrogant enough not to make any move on fixing it. Also if you have unchecked the boxes for analytics and you still see the requests please send us the log.

That is not true, it is added in by Aqua mail developers. App developers choose to add what they want from google offering. Instead of being defensive, address the problem by simply removing it from the source! It is not that difficult unless there is other motives by AM with this data!

If you want us to fix the problem as you state, make the source code public, and I'll gladly show you where you have it in your code. You can run your own catlogs and see the calls made, it is not difficult. Frankly I'm inclined to decompile your code and show you where it exists to shut this nonsense down. Playing ignorant is no excuse and when this other user has asked for 5 months to remove this and AM chose to ignore the request says a lot. Over the past 5 months there have not been any extraordinary changes to keep all your developers busy from resolving this matter!

As mentioned "You did not answer, what was changed in code since 1.25.0-1610, when these trackers appeared?"
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 05, 2020, 07:42:42 pm
You are clearly not reading what I am writing, and you are clearly uninformed about what Crashlytics is used for. Also sending a log is not sending a screenshot from AdGuard. Does it make any sense for me to continue writing? You can either choose to help for real or stop spreading false accusations.

You did not answer, what was changed in code since 1.25.0-1610, when these trackers appeared?

And are You seriously saying, that for 5 moths Aqua Mail developers can't install AdGuard or similar app or dump the traffic and figure out what is going on? This is kind of scary, if developers don't know what their app does.

BTW, I have a lot apps in my phone and only Aqua Mail is connecting to these trackers. How others can and Aqua Mail can't ?

Well said, it is smoke and mirrors frankly. They likely did not assume people who care about privacy would bring this up.

The lack of shame in the response says it all
Title: Re: Aqua Mail is spying on us.
Post by: Michael Maslarov, Aqua Mail on November 05, 2020, 09:53:37 pm
Did you guys clear data after you unchecked the statistics box and then started AM again? Did these trackers appear again? If they do we need the log from our app.

We reproduced that if you uncheck the statistics in the settings and then go to the app settings and clear data, then start the app again the Crashlytics are not starting, I think we mentioned that. If you still get the same issue then please send back the log created from our app.
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 06, 2020, 10:18:56 am
Why not be transparent and remove it from the source code?

You expect all users to know this procedure, a little short sided to have a known issue and ignore it, especially since it was reported months ago.

I had also disabled this when it was first introduced years ago, but after an update from 1.24 to 1.26 it checked itself automatically unbeknownst to me. A little unpleasant surprise as you might expect. What ever changes the developers made in 1.25 is more sinister than just adding the tracker!

You need to scrub the code and remove it, transparency goes a long way. It should not take you any longer to look at the code than half the time you've spent defending the indefinable change and asking for user logs and offering a temporary fix.
Title: Re: Aqua Mail is spying on us.
Post by: Michael Maslarov, Aqua Mail on November 06, 2020, 12:44:45 pm
I told you why we are not removing the code, it's bringing a lot of value for Aqua Mail to be stable which has brought a lot of benefits to all Aqua Mail users.

Transparent means, that I and the others from the team are here to explain what exactly this code is used for and why it is so badly needed. Transparent doesn't mean that we do what you think we should do. This doesn't give you the right to post misleading accusations. Again I think that you are not reading anything of what I am saying above. Also, transparent means that we are trying to figure out how to stop all pings that Google triggers when it shouldn't be doing- we have successfully contained the majority of them but just these two are still left. Transparent means to keep you in the loop of our communication with Google on how we are trying to resolve it.

I'm saying it again Crashlytics has helped tremendously in finding and resolving crashes faster and more efficiently. Many times problems are fixed much faster. Crashlytics is not a marketing tool. This is transparency.

Did you try and do what I suggested anyway? Prove me wrong and show me that you want to help and stop avoiding my question.

Title: Re: Aqua Mail is spying on us.
Post by: Michael Maslarov, Aqua Mail on November 06, 2020, 12:49:43 pm
Just to ask one more thing:

"I had also disabled this when it was first introduced years ago, but after an update from 1.24 to 1.26 it checked itself automatically unbeknownst to me. A little unpleasant surprise as you might expect."

What does "this" mean, the statistics box or the crashlytics box?
Title: Re: Aqua Mail is spying on us.
Post by: ksuuk on November 06, 2020, 02:53:30 pm
I told you why we are not removing the code, it's bringing a lot of value for Aqua Mail to be stable which has brought a lot of benefits to all Aqua Mail users.

Ok, this is clear, You admitted that Aqua Mail lied to us -  https://www.aqua-mail.com/forum/index.php?topic=7884.msg44388#msg44388

"Yes we know. As Nadia communicated, we added a fix for the initialization of the Facebook SDK in the Pro version.

A setting in the next version of the app will specifically disable Crashlytics.

In general Crashlytics help us track, prioritize, group together and fix stability issues that erode Aqua Mail's quality, in real-time. Crashlytics are anonymous.

Again a setting will allow you to disable these in the next app version."

I'm saying it again Crashlytics has helped tremendously in finding and resolving crashes faster and more efficiently. Many times problems are fixed much faster. Crashlytics is not a marketing tool. This is transparency.


I read all release notes and could not found any specified fixes,  so I'd like to know what problems exactly did You find out and fixed faster?
Title: Re: Aqua Mail is spying on us.
Post by: Mukossan on November 06, 2020, 04:40:53 pm
I told you why we are not removing the code, it's bringing a lot of value for Aqua Mail to be stable which has brought a lot of benefits to all Aqua Mail users.

Ok, this is clear, You admitted that Aqua Mail lied to us -  https://www.aqua-mail.com/forum/index.php?topic=7884.msg44388#msg44388

"Yes we know. As Nadia communicated, we added a fix for the initialization of the Facebook SDK in the Pro version.

A setting in the next version of the app will specifically disable Crashlytics.

In general Crashlytics help us track, prioritize, group together and fix stability issues that erode Aqua Mail's quality, in real-time. Crashlytics are anonymous.

Again a setting will allow you to disable these in the next app version."

I'm saying it again Crashlytics has helped tremendously in finding and resolving crashes faster and more efficiently. Many times problems are fixed much faster. Crashlytics is not a marketing tool. This is transparency.


I read all release notes and could not found any specified fixes,  so I'd like to know what problems exactly did You find out and fixed faster?
Wow, this thread is extremely entertaining!
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 06, 2020, 08:16:11 pm
So you write sloppy code and rely on tracking/spying to resolve the ineptitude of your developers? Ok good to know. So Mobisystems hires nothing but the best.

Let's get something clear, you had every chance to at minimum disable this and your team did not.
To make matters worse your update automatically checked off the send crash reports box. I kept wondering why is this blasted app creating logs, now I know.

I guess the thousands of other apps on the store must have better developers who don't write code filled with bugs or perhaps use other debug tools like you are supposed to do to resolve issues. What an idea huh!

It looks like you got caught lying, and now your defense is we use it for debugging? Transparency is doing what you said you would 5 months ago, not blaming users who bring up your lack of transparency and honesty to do the right thing!

Ok, this is clear, You admitted that Aqua Mail lied to us -  https://www.aqua-mail.com/forum/index.php?topic=7884.msg44388#msg44388


Title: Re: Aqua Mail is spying on us.
Post by: Philip on November 06, 2020, 09:06:40 pm
I have just checked, and Send Crash Reports (which I definitely had unchecked in Setting) has somehow become checked again. This is dishonest behaviour on MobiSystems' part.

I unchecked it and then restarted AquaMail, and my Blokada logs immediately showed an attempted connection to firebase-settings.crashlytics.com. This, again, is simply dishonest behaviour.

I used to recommend AquaMail to people as the best email client when the question was asked on various internet forums, on reddit, and when asked by friends. From now on, I fear that I will have no option other than to strongly recommend that people avoid it.
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 06, 2020, 09:09:42 pm
I have just checked, and Send Crash Reports (which I definitely had unchecked in Setting) has somehow become checked again. This is dishonest behaviour on MobiSystems' part.

I unchecked it and then restarted AquaMail, and my Blokada logs immediately showed an attempted connection to firebase-settings.crashlytics.com. This, again, is simply dishonest behaviour.

I used to recommend AquaMail to people as the best email client when the question was asked on various internet forums, on reddit, and when asked by friends. From now on, I fear that I will have no option other than to strongly recommend that people avoid it.

this is exactly what I saw and reported above. This is just pure dishonesty and the simple solution is fix the issues they introduced in 1.25 and beyond.

The lack of candor and arrogance on their part is downright shameful. I will not recommend this app to anyone until it is resolved.
Title: Re: Aqua Mail is spying on us.
Post by: ksuuk on November 07, 2020, 01:36:03 pm

The lack of candor and arrogance on their part is downright shameful. I will not recommend this app to anyone until it is resolved.

BTW, some have recompiled latest version and removed a lot of crap:

Optimized graphics and cleaned package resources for fast load and small size;
Cleaned trackers [adcolony, adjust, aerserv, amazon adv, applovin, chartboost, crashLytics, flurry, inmobi, integral, firebase, doubleclick, facebook, mopub, moat, tag, millennial, unity, myTarget, etc];
Disabled / Removed unwanted Permissions + Receivers and Services;
Analytics / Crashlytics disabled;
AOSP Compatible.


So it's doable, but as we all know for now, Aqua Mail won't do it, and as the amount of crap is very spooky, seems we, pro users must spread the word and start using recompiled and cleaned versions.
Title: Re: Aqua Mail is spying on us.
Post by: Mukossan on November 07, 2020, 01:45:21 pm

The lack of candor and arrogance on their part is downright shameful. I will not recommend this app to anyone until it is resolved.

BTW, some have recompiled latest version and removed a lot of crap:

Optimized graphics and cleaned package resources for fast load and small size;
Cleaned trackers [adcolony, adjust, aerserv, amazon adv, applovin, chartboost, crashLytics, flurry, inmobi, integral, firebase, doubleclick, facebook, mopub, moat, tag, millennial, unity, myTarget, etc];
Disabled / Removed unwanted Permissions + Receivers and Services;
Analytics / Crashlytics disabled;
AOSP Compatible.


So it's doable, but as we all know for now, Aqua Mail won't do it, and as the amount of crap is very spooky, seems we, pro users must spread the word and start using recompiled and cleaned versions.
Link and more information please
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 07, 2020, 07:29:16 pm
No app is safe from being reverse engineered and this should serve as a warning to AM if they refuse to make the corrections someone else will. That said there is legal issues but it looks like that site is not within CONUS, assume Russia.

I may be in the minority but I would not load that on my primary phone unless they publish the source as well to verify. As I offered I can decompile it myself and make the same changes but that requires time. If you guys decide to use that source keep an eye out on it. The user can be reputable and nothing to worry about but air on the side of caution for sure.

Hey AM, fix this issue and remove the trackers, as you can see it is not difficult!!!

Title: Re: Aqua Mail is spying on us.
Post by: ksuuk on November 07, 2020, 07:54:11 pm

Hey AM, fix this issue and remove the trackers, as you can see it is not difficult!!!

Well, they don't. So so all we can do is spread the word and warn people.

Read also - https://www.aqua-mail.com/forum/index.php?topic=7610.0
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 07, 2020, 08:10:43 pm
It's pretty pathetic when you have no idea what you have in your own app.

Nor does it explain why the app automatically checks off boxes the user unchecks and why you have to go through a song and dance to remove tracking/spying.

They got caught with their pants down. There's traceability from other threads to remove these trackers and they fail to do so!
Title: Re: Aqua Mail is spying on us.
Post by: Fabrizio on November 08, 2020, 12:29:57 pm
My personal opinion.  I find it strange to think of installing an application to write and read emails that we use every day, not trusting the official developer who developed it but trusting a person who modified it.  I am not able to understand if there can be malicious codes in an app as I am not a developer but I think it is more reliable to install the official application than a modified one. Personally I'm not using Aqua for about a year and half, more for mobisystem commercial policy than for trackers.  Because if they do as they did with office suite in a while we will find suggestions to switch to some other version of Aqua for more functions or they will eliminate some functions already present to force us to pay more money. I remember very well when they removed the font package to office suite and suggest me to buy them...
Title: Re: Aqua Mail is spying on us.
Post by: nadir husain on November 08, 2020, 01:38:45 pm
Can u share what app u are using now?  You can send me a private message if u wish. Thanks
Title: Re: Aqua Mail is spying on us.
Post by: Fabrizio on November 08, 2020, 02:34:10 pm
I'm using Nine folder that for office 365 account is more useful than Aqua. Sometime I try again Aqua but Nine is really better. Search on phone and server without sync the archive folder it's great for me. Save and read email as EML and MSG. You can print email as PDF. Different signatures for accounts. Push sync for IMAP and exchange. Conversation view. The developer is really fast to reply to you if you have issue with his app. Sync for tasks, calendar and address book for exchange. Really satisfied of it.
Title: Re: Aqua Mail is spying on us.
Post by: nadir husain on November 08, 2020, 02:36:26 pm
Thanks
Title: Re: Aqua Mail is spying on us.
Post by: Fabrizio on November 08, 2020, 07:13:21 pm
Thanks
Your welcome
Title: Re: Aqua Mail is spying on us.
Post by: Michael Maslarov, Aqua Mail on November 08, 2020, 09:55:16 pm
Congrats everyone, well this has really hit rock bottom! Just spreading unofficial and illegal versions of AM on this forum and instructions for decompiling it. SHAME!!!

Well, writing code generates errors, this is absolutely normal. There is no perfect code in the world.

We are working on finding a better solution soon, but all of you that support spreading illegal versions of AM have now lost all of my respect.

You really have underestimated how the team values the opinion of the people here and much of the development has been largely influenced by the discussions here.

I think a line has been crossed here. Sorry but maybe this will be the first time I will have to delete some comments here because this apk is unverified and might be dangerous as somebody mentioned. Also posting links for decompiling the app is absolutely not acceptable!!!

Maybe some of you haven't noticed but we have left all topics on the forum, no matter if they don't sound very well for some issues that we have over time. This forum has been kept out of censorship from the AM team although it might be better as a "sinister dictator", as some call us, to just delete the uncomfortable white pants that you have discovered that we wear. We have nothing to hide here. If we had any sinister thoughts no such topics would be let to exist here in the first place, so back off with the dramatic statements, please, and think logically!

Please keep it a little bit more professional and let's keep it friendly. The checks and unchecks that happen are not supposed to happen. So please send a screenshot and log and we will fix it! On the Crashlytics issue, we are looking into a way to keep them and fix the issue, fix will be delivered.

Title: Re: Aqua Mail is spying on us.
Post by: Michael Maslarov, Aqua Mail on November 08, 2020, 09:58:57 pm

The lack of candor and arrogance on their part is downright shameful. I will not recommend this app to anyone until it is resolved.

BTW, some have recompiled latest version and removed a lot of crap:

Optimized graphics and cleaned package resources for fast load and small size;
Cleaned trackers [adcolony, adjust, aerserv, amazon adv, applovin, chartboost, crashLytics, flurry, inmobi, integral, firebase, doubleclick, facebook, mopub, moat, tag, millennial, unity, myTarget, etc];
Disabled / Removed unwanted Permissions + Receivers and Services;
Analytics / Crashlytics disabled;
AOSP Compatible.


So it's doable, but as we all know for now, Aqua Mail won't do it, and as the amount of crap is very spooky, seems we, pro users must spread the word and start using recompiled and cleaned versions.

FYI you must have overslept the past few updates where we have officially removed most of these trackers:
https://reports.exodus-privacy.eu.org/en/reports/147534/

Stop spreading fake news and accusations and double check your info.
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 08, 2020, 11:30:38 pm
Wow, so now you are threatening censorship, way to go. You should take your own advise and "think logically"
Realize this AM forum is not the only place it is discussed. Maybe you should bring more attention to this, go ahead and censor and watch this make the rounds on Reddit and Google forums! Apps demise is only as good as its developers candor.

Lets get the facts straight since it eludes you!

1. No one posted instructions for decompiling, not sure where you come up with that. I mention b/c your developers are incapable of removing trackers, I would show you where in the source the tracker is located so you could remove it and do the job your team promised 5 months ago, no where did anyone provide a link for instructions to decompile!

2. Posting an unofficial/illegal version out of mother russia has security implications as I stated above, and I agree with you for once, should not be done on this forum. It also serves no benefit if the fix is not rolled into the truck and release pipeline. That said, AM shortcomings has driven third party coders to mitigate what AM failed to take care of 5 months ago so the blame goes back to AM. No one creates copies or modifies a working app if they don't have to.

3. Who said writing code does not generate errors? I stated there is plenty of tools to debug code, spying/tracking users does not have to be one of them, if you want to use these trackers in a Beta release you should be more than welcome to do so, however this is a production release and it is downright unethical what is happening here.


"You really have underestimated how the team values the opinion of the people here and much of the development has been largely influenced by the discussions here."
Explain how 5 months ago this was reported and conveniently fell through the cracks? How much did AM value the opinions of users who did not want to be tracked?




"Please keep it a little bit more professional and let's keep it friendly. The checks and unchecks that happen are not supposed to happen. So please send a screenshot and log and we will fix it! On the Crashlytics issue, we are looking into a way to keep them and fix the issue, fix will be delivered."

Concur, take your own advice and start being transparent by resolving the problem instead of constantly asking for Logs and a screenshot. You know the issue with the trackers, remove them, simple as that, learn to debug without it or hire more competent developers as the majority of apps on google play don't rely on them to write bug free code.

The check box issue, again you have the source, look at the change logs, investigate what changed in the code to induce the behavior. You have test devices, if you want logs use those devices. Constantly asking for user logs and a screenshot of a checked box shows you have zero intention of fixing the issues and are just buying time hoping people forget.

If you want help send me the source and an NDA/PIA, I'll show you where these issues are located with enough time. I want to see these issues resolved in the main pipeline not some side loaded code from russia.

Title: Re: Aqua Mail is spying on us.
Post by: Michael Maslarov, Aqua Mail on November 09, 2020, 12:38:57 am
You are twisting my words, so why should I even bother? Your solutions suggest completely removing crashlytics or their benefit to be minuscule so that it's better to not have it at all. And yes you posted content that it's not a good idea to be on our Official forum.

If you have any beneficial info on fixing the issue feel free to PM me. If anybody has such info in that matter feel free to PM me.
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 09, 2020, 12:48:32 am
Once again the facts are hard for you to grasp and admit...

I specifically point point out facts and ways for your team to move forward, yet you respond with nonsense and no evidence to the contrary. You sound like trump trying to yell louder or change the course of the conversation when the facts don't support your argument.


Answer the questions and you might actually gain the respect and trust of the people who are pointing out deficiencies with the app. Asking people to PM you is not transparent, but hey neither was your team's decision to continue to force the spying when it was reported 5 months ago or the multiple users who have reported the check box issue.

I will keep my comments public in light of transparency, if AM wants to continue to hide and hope people forget like they did 5 months ago, I promise you it will not look good for AM at the end.
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 09, 2020, 12:57:49 am
Here is an idea, stop speaking for the app developers, you are a bean counter as far as I'm concerned, probably have no clue how to even code. Unless your profile is incorrect, let's get feedback from the developers. Maybe this is why you keep asking for useless screenshots or logs....

You are not doing a very good job as a salesman or customer service relationship manager, stick to finance!

https://www.linkedin.com/in/michael-maslarov-ba620b97/

Business Development Director at MobiSystems, Inc.


About

Experienced professional with a demonstrated history of working in the information technology and services industry. Skilled in Sales, Business Development, Customer Relationship Management (CRM) and Sales Management. Strong sales professional with a Master's Degree focused in Finance Managment from New Bulgarian University.
Title: Re: Aqua Mail is spying on us.
Post by: ksuuk on November 09, 2020, 09:55:48 am
As I offered I can decompile it myself and make the same changes but that requires time.
You can decompile (http://www.decompiler.com/) it easily. Looking at the code and understanding the logic will indeed require time though.

Well, I decompiled and searched word "firebase" in these builds:

AquaMail-market-1.24.0-1577-stable-19f003cf4
Word "firebase" matched - 1961 times

AquaMail-market-1.25.0-1610-stable-57df9e5e3.apk - when trackers first appeared in the AdGuard log.
Word "firebase" matched - 2021 times

AquaMail-market-1.27.0-1699-stable-834d89368
Word "firebase" matched - 4012 times

So as You see, the amount of "firebase" is increasing, not decreasing in the latest build.
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 10, 2020, 07:03:45 am
Let's see how the bean counter spins his way out of this one. You can't make this stuff up sadly. The truth and lack of transparency will always win out.
Title: Re: Aqua Mail is spying on us.
Post by: Michael Maslarov, Aqua Mail on November 10, 2020, 04:04:46 pm
arf8 yes I am not a developer, congrats on finding that, you must have had enlightenment to copy-paste my name in Linkedin :) You discovered my secret.

I never said I am a developer. And yes I am using my name here so that anybody can find me on Linkedin and see who is there on the other side when writing here.

Second, I will repeat, there's been a huge lie being said here for AM spaying anybody so I had to take part in this.

Bottom line is that when we first introduced Crashlytics and when you uncheck the "send crashes box" no crash reports are sent and we are not getting info.

As I am not a developer, the AM team members who have better customer support and development skills will answer your concerns.

My observation so far is that you, aka arf8, are not reading what's being said, you are constantly looking for confrontation... as I said before this is not the place for such behavior.

ksuuk, so with the increase of the firebase words what do you imply? You know that libraries from firebase are used and they( Firebase/Google) can add in these libraries as many firebase words as they need when they make updates, so what's your point here?

Again I will say, keep the discussion with respect to the other party, this isn't a gladiator arena.
Title: Re: Aqua Mail is spying on us.
Post by: Philip on November 10, 2020, 04:20:48 pm
Bottom line is that when we first introduced Crashlytics and when you uncheck the "send crashes box" no crash reports are sent and we are not getting info.
So why, when I uncheck Send Crash Reports and then restart AquaMail, do my Blokada logs immediately show an attempted connection to firebase-settings.crashlytics.com?

(On another point, if you are contemplating removing users' comments from the forum, you may wish to read about the Streisand Effect before you do so!)
Title: Re: Aqua Mail is spying on us.
Post by: Michael Maslarov, Aqua Mail on November 10, 2020, 06:02:32 pm
Bottom line is that when we first introduced Crashlytics and when you uncheck the "send crashes box" no crash reports are sent and we are not getting info.
So why, when I uncheck Send Crash Reports and then restart AquaMail, do my Blokada logs immediately show an attempted connection to firebase-settings.crashlytics.com?

(On another point, if you are contemplating removing users' comments from the forum, you may wish to read about the Streisand Effect before you do so!)

You will get the answer it is very logical but I can't explain in detail, but no crashes are sent. About the comments, the post with the link to the illegal AM version is already removed.
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 10, 2020, 06:56:33 pm

Michael, respect starts with you listening to the users and responding honestly. The only person here not reading what is being said is you!
Looking to conceal the truth by censoring posts, trying to take this conversation private by PM. These strategies might work where you come from, but when you release a public app it does not work that way.

Since you are NOT a developer and have no idea what is going on, perhaps you should stop asking for useless screenshots and logs which your developers already have access to.

Stop defending the indefensible and unethical practices which AM promised to resolve 5 months ago. Enough with the smoke and mirrors! As I stated there are thousands of apps which do not rely on these spying/tracking tools to debug code, your excuse on behalf of the developers at AM points a light at their inefficiencies as competent developers.

As Philip pointed out and as I have seen both in my non-rooted device with ad blocker, and catlogs on my rooted device the data is being queried by AM. So please stop the lies and cover up as the data points to the facts and your opinion is moot!

Title: Re: Aqua Mail is spying on us.
Post by: Catman51 on November 10, 2020, 06:57:55 pm
Exactly
Title: Re: Aqua Mail is spying on us.
Post by: Nedialko Kondev, MobiSystems, AquaMail Support on November 11, 2020, 10:26:23 pm
Hi All,

Anton (our developer) and myself have dedicated two weeks in testing and going about this in order to figure out the best possible solution.

We can confirm that:
    • No actual tracking is happening.
    • How? Anton and myself managed to capture the request that poses a concern using the app some of you mentioned (AdGuard) > there is no tracking information in this request.

What does this request do/what is this request:
    • It sends the app version (name and code) and firebase id.
    • We see no personal data or behavioral information in it.
    • It’s an initialization request of the firebase crash service.
    • Anton tried to stop it > it was not possible > he then contacted Google about it > they said it’s an expected behavior, so… not a lot of info there.
     
Note: Google’s SDK initializes this > we’re not using it, so it should not be doing that at all! Once the “Send usage stats” and “Send crash reports” boxes are disabled, we stop collecting any info/data until and only if the boxes are checked again by the user.

    • The Firebase API doesn't provide us with a way to stop this request.

How/when is this sent:
    • This initialization requests is sent rarely if at all.
    • We did reproduce it by erasing the app’s storage.

Can this be stopped:
    • The now unfortunate and infamous checkboxes in app settings stop the statistics.
    • A restart of the app may be required to fully stop them > so once the boxes are unchecked > kill Aqua Mail > reopen it.
    • We were not able to stop the particular request “firebase-settings…” using the checkboxes, but, as mentioned, it’s not a tracking request and there is no security concern here.

Anton, Nadia and myself are monitoring Google releases and if they decide to fix this issue we are going to include it in Aqua Mail ASAP. This is an issue on Google’s end. We’ve done absolutely everything in our power to remedy it.

Having said all that, we can research a way to collect crashes ourselves to make the app completely independent from firebase crashlytics but this is something that is out of the programming scope for the next 3-4 months. If we begin looking into such a feature, we'll definitely let you know.

As of the moment we will not be removing the firebase crashlytics api.
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 11, 2020, 10:43:56 pm
You still failed to provide a reasonable response to why the app checks off the boxes when a user unchecks them?

Lets not play coy here, the simple solution is to remove firebase API as thousands of other developers have done on Google Play.

If your sole response is "we use it for debugging" than perhaps you and Anton should hire more competent developers who can debug code and troubleshoot problems using other tools than firebase a tracking/spying offerings which most users "Uncheck" anyway to minimize traffic and overhead which serves them Zero benefit as a paying user.

The lame response, "we will not remove this ..." shows every intent on your part to use this tool for what it is, Tracking and Spying. Especially given the fact users uncheck these options but the app by itself enables them upon an update.

This is Unethical pure and simple. Yet you an Anton failed to spend any time to look into why the app behaves this way.

Stop blaming Google and the smoke and mirrors BS with independent tracking/spying API being months out, we both now AM will not resolve this.

This is an AM problem, created by AM developers inept at debugging code without tracking/spying on users, unethically forcing this via check boxes which users uncheck yet they magically check themselves upon an app update which you failed to address hoping to sweep the issue under the rug.

This is why third party developers remove this garbage and create scrubbed copies, b/c AM is unable to release a production app without it. Have you heard of Beta apps on a different release cycle? Maybe your development team is not as competent as one expects, or yet your lack of transparency says it all when you fail to address the checkbox issue. As a developer you and your team should be ashamed of your response.
Title: Re: Aqua Mail is spying on us.
Post by: Justin on November 12, 2020, 12:31:23 am
As of the moment we will not be removing the firebase crashlytics api.
Hi, I'm not a developer. As a user:

Though there is a menu item to disable sending crash reports, you announce to ignore this setting and will send reports from user device? This is what you said? I can't believe...

And what about other connections? There are many attempts daily to connect to "firebaseinstallations.googleapis.com".

See screenshot as example.
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 14, 2020, 02:04:43 am
When unethical practices are brought to light this is when you would expect them to ignore the issues until the PR gets bad enough and spreads on other forums forcing them to address the issue.

Crickets on the check box issue. Lack of candor is amazing
Title: Re: Aqua Mail is spying on us.
Post by: Mukossan on November 14, 2020, 12:22:57 pm
Still eating popcorn and enjoying the entertainment...
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 18, 2020, 03:06:05 am
A new release and crickets on the checkbox and deliberate spying/tracking!

Must be like trump hiding in the bunker avoiding all scrutiny.
Title: Re: Aqua Mail is spying on us.
Post by: Nedialko Kondev, MobiSystems, AquaMail Support on November 18, 2020, 01:25:50 pm
Still eating popcorn and enjoying the entertainment...

You made my day, thank you for seeing the silly side of things :)


A new release and crickets on the checkbox and deliberate spying/tracking!

Must be like trump hiding in the bunker avoiding all scrutiny.

This is not a bug and if it is, it's not reproducible. Maybe some edge case or we're missing something specific? We installed an older version of the app (on Android 9 & 10), went back to 1.23 > we did not disable anything there > then started updating > from version 1.25 we disabled the checkboxes > these stayed disabled after every update.
 
If you can give us the exact steps to reproduce this, please do.
Title: Re: Aqua Mail is spying on us.
Post by: Justin on November 18, 2020, 02:04:32 pm
I never had an issue with re-enabled checkboxes.

But unfortunately my question about "firebaseinstallations.googleapis.com" was ignored:
https://www.aqua-mail.com/forum/index.php?topic=7964.msg44806#msg44806
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on November 18, 2020, 07:11:47 pm
How convenient, you can't reproduce it even though multiple users reported it ::)

Here is an idea get some competent developers that don't rely on spying and tracking to debug code. Like the thousands of apps on play who don't use it and have far more complicated code than a simple email app!
Title: Re: Aqua Mail is spying on us.
Post by: dwolf on January 05, 2021, 04:05:55 pm
Wow.. okay, now I am really thinking I made a big mistake with this app. I only chose it bc it was one of a few that supports identities (which I can't get to work) and it was privacy and security friendly.. which seems to NOT be the case. If you are using google firebase APIs AT ALL... you can't call your app private or secure. That is just a simple and plain fact. And yes, I AM a developer. I don't use any of these APIs and it does not hinder my ability to develop apps, or debug apps. Google firebase is not private, not even in the slightest.

But I also find it troubling to see the company responding with such arrogance and defensiveness. Even worse, when confronted with the truth, the answer was "we're not going to remove it". That was enough for me to hear.

Uninstalled. Will stick with K9 until something better comes along.
Title: Re: Aqua Mail is spying on us.
Post by: arf8 on January 05, 2021, 08:37:16 pm
This company can care less about privacy.  Like you said we all know what firebase from google is used for.

Title: Re: Aqua Mail is spying on us.
Post by: PhilK on February 26, 2021, 05:43:42 am
This company can care less about privacy.  Like you said we all know what firebase from google is used for.


I'm a longtime Aquamail user and signed up for the forum today because for the first time in a long time I had an issue I need to address.

But I could not avoid seeing this trainwreck of a thread by gratuitously disrespectful and dramatic people that seem to be spoiled by what appears to be relative freedom in this vendor forum compared to most I've seen in the last 20 years.

First of all: anyone truly concerned with privacy should either heavily modify Android to cut down on what amounts to the most spying OS in the world in stock form, or avoid Android entirely.

Regarding Firebase in particular: it is the latest element of Google's longstanding effort to armtwist developers into including various proprietary, closed-source blobs into their apps in order to maximize Google's control and tracking of users and the user experience.

Firebase was originally a 3rd-party tool for analyzing app behaviour, but over the last few years after Google purchased that company, they have increasingly folded more and more functionality into it (eg push messaging) which used to be separate components, and by blending them all together, including components that are essential for almost any app which wants to be included on Google Play, Google gets to armtwist developers into including all the other, potentially unnecessary and unwanted parts, many of which feed tracking data to Google constantly. (Eg, a developer used to be able to just include the push messaging, otherwise known as C2D messaging or Google Cloud Messaging) and leave the analytics part out, but now the Cloud Messaging part is called Firebase Cloud Messaging and it's thoroughly intertwined with Firebase Analytics and so on.)

Every year Google forces app devs to continuously update their target API level or else be threatened with having their apps kicked out of Gplay entirely. Thing is, often times those newer API levels prescribe certain services that are not privacy-friendly. This is the Google way, this is the Google business-model.

I for one am grateful to see that the staff here are even entertaining such aggressive complaints in their public fora, most companies would have shut it down long ago. It seems from what I am reading here that they have actually made some positive changes in respect to trackers to the code as well. That's great!

But amongst that, people would rather refuse to make a trivial effort to help by sending the logs requested, while continuing to berate the company. Smdh.

Title: Re: Aqua Mail is spying on us.
Post by: arf8 on February 26, 2021, 05:49:31 am
I'm not going to debate your comments, there's a lot of misinformation, just end it
Title: Re: Aqua Mail is spying on us.
Post by: PhilK on February 26, 2021, 06:13:13 am
 ;D  ;D
Title: Re: Aqua Mail is spying on us.
Post by: Nedialko Kondev, MobiSystems, AquaMail Support on March 01, 2021, 02:33:26 pm
;D  ;D

Did you manage to resolve the issue? Please contact us via the help center here: https://www.mobisystems.com/help-center/aqua-mail/

Or directly email use at support@aqua-mail.com with the details.
Title: Re: Aqua Mail is spying on us.
Post by: grosOurs on March 09, 2021, 07:12:51 pm
Hello,
I am *not* responding to this forum’s line of discussion, I am writing this personal point of view about another topic ended more than *two years* ago (topic 7013) :
What’s the “good” about having a “pro version” with a different build from a “free version” one?

I am sorry to say that Kostya Vasilyev, Nedialko Kondev, MobiSystems, Aqua Support, Aqua Dev Team, aren’t my heroes today : They just missed *one* point to be everybody’s heroes tomorrow.

@Nedialko : You said it yourself : “I didn’t want this to happen, but it happened”

You are the “good ones”, but you are not “alone in the world”, and when We start playing with Your “good old” app, many things (accorded by the operating systems, the many libs, many dependencies) also “start playing” before You get an hand on the “option” (I do like that word … it’s funny !) in the settings panel of the app that says : “Hold on, stop that crap; I don’t need that in my life”.
We (your –futur- customers) cannot wait anymore that, we all understand that,
even if you think you can “handle and control” such situations as “How come the default value for that option button changed again ? Who did that ? I didn’t want this to happen !”, 
there is and will be too many “slightly different interests” from FireThatThing.com helper libs and others,
... “good guys” or “bad companies” THAT IS NOT THE POINT, ...
that Your software reputation and access to Our private data, equipment … and life … are depending on.

We need and You can provide with your business  model :
-   A “free version” that provides interests, new ideas, financial support through ads, etc.
-   A “pro version” that ensure security and no “unwanted” behavior (and we mean NONE)
A “pretty good” solution (proposal), 2 years ago by CTK, liquid_ter, etc., if I can resume was :
-   It’s “so easy” to build two different packages (pro version/free version) that if You DON’T DO it, you will be RESPONSIBLE for the current situation where “many things” are out of control.
Title: Re: Aqua Mail is spying on us.
Post by: grosOurs on March 09, 2021, 07:15:00 pm
I’d like you (I am begging you in fact)
to have a “second thought” about building TWO (and even more later on, when all dev team will have more tools 😊 to manage such) versions of your software:

-   A free version with “all goodies” from “anywhere” if you want, with “limitations” that you’ll try to keep in line with your “best wishes” … and “ads”

-   A “pro version”, built in a very different way :
o   That is “a separate built” from the “free version”
o   That has no option, no code what-so-ever to “fix” to prevent “unwanted” behavior “belonging to the free version” ….. Don’t think twice : If “it can happen”, “it will one day or another”, If “it is not depending on us”, “it will happen one day for sure !”

-   A “pro version”, that can have an option in its settings panel (off by default 😊) :
o   To let “willing” customers accept to send reports :
     Crash -> Dump -> Send -> YOUR dev Team  to help us having “great experience” by feedback to YOU through FireThatThing helper libs
o   It is OK ! Sent only to your team  !!! because if the libs aren’t open-source, You will ask FireThatThing.com a “commercial license to use” of THEIR “pro version” !!!! … that one (of course !) that DOESN’T contain ANYTHING “not needed” in the “pro version”
(that is … a different built from their “free version librairies”)… and so on.

-   A “pro version” that meets the US-EU Privacy Shield Act for personal data AND email content:
o   That’s “less powerful” than what a good spirit could imagine as “wonderful”
o   But when your customers are buying that “pro version” … they KNOW for sure that Your software won’t “by mistake” (“oups, that option changed state, how come ?”)
“Take care” of their personal data in a “unwanted” and “unwilling” way.

-   A “pro+ version” that does all the “I need that sugar function and more”
o   Less “privacy”
o   More functionalities and “goodies”
o   Clearly stated : Good reputation

@ Nedialko : Please, please, give it a try. Could change the world around you.
Have a nice day (and see the good side of things).
Best regards,
Eric