Author Topic: Aqua Mail is spying on us.  (Read 30262 times)

arf8

  • Sr. Member
  • ****
  • Posts: 285
Re: Aqua Mail is spying on us.
« Reply #30 on: November 08, 2020, 11:30:38 pm »
Wow, so now you are threatening censorship, way to go. You should take your own advise and "think logically"
Realize this AM forum is not the only place it is discussed. Maybe you should bring more attention to this, go ahead and censor and watch this make the rounds on Reddit and Google forums! Apps demise is only as good as its developers candor.

Lets get the facts straight since it eludes you!

1. No one posted instructions for decompiling, not sure where you come up with that. I mention b/c your developers are incapable of removing trackers, I would show you where in the source the tracker is located so you could remove it and do the job your team promised 5 months ago, no where did anyone provide a link for instructions to decompile!

2. Posting an unofficial/illegal version out of mother russia has security implications as I stated above, and I agree with you for once, should not be done on this forum. It also serves no benefit if the fix is not rolled into the truck and release pipeline. That said, AM shortcomings has driven third party coders to mitigate what AM failed to take care of 5 months ago so the blame goes back to AM. No one creates copies or modifies a working app if they don't have to.

3. Who said writing code does not generate errors? I stated there is plenty of tools to debug code, spying/tracking users does not have to be one of them, if you want to use these trackers in a Beta release you should be more than welcome to do so, however this is a production release and it is downright unethical what is happening here.


"You really have underestimated how the team values the opinion of the people here and much of the development has been largely influenced by the discussions here."
Explain how 5 months ago this was reported and conveniently fell through the cracks? How much did AM value the opinions of users who did not want to be tracked?




"Please keep it a little bit more professional and let's keep it friendly. The checks and unchecks that happen are not supposed to happen. So please send a screenshot and log and we will fix it! On the Crashlytics issue, we are looking into a way to keep them and fix the issue, fix will be delivered."

Concur, take your own advice and start being transparent by resolving the problem instead of constantly asking for Logs and a screenshot. You know the issue with the trackers, remove them, simple as that, learn to debug without it or hire more competent developers as the majority of apps on google play don't rely on them to write bug free code.

The check box issue, again you have the source, look at the change logs, investigate what changed in the code to induce the behavior. You have test devices, if you want logs use those devices. Constantly asking for user logs and a screenshot of a checked box shows you have zero intention of fixing the issues and are just buying time hoping people forget.

If you want help send me the source and an NDA/PIA, I'll show you where these issues are located with enough time. I want to see these issues resolved in the main pipeline not some side loaded code from russia.


Michael Maslarov, Aqua Mail

  • Administrator
  • Jr. Member
  • *****
  • Posts: 62
Re: Aqua Mail is spying on us.
« Reply #31 on: November 09, 2020, 12:38:57 am »
You are twisting my words, so why should I even bother? Your solutions suggest completely removing crashlytics or their benefit to be minuscule so that it's better to not have it at all. And yes you posted content that it's not a good idea to be on our Official forum.

If you have any beneficial info on fixing the issue feel free to PM me. If anybody has such info in that matter feel free to PM me.

arf8

  • Sr. Member
  • ****
  • Posts: 285
Re: Aqua Mail is spying on us.
« Reply #32 on: November 09, 2020, 12:48:32 am »
Once again the facts are hard for you to grasp and admit...

I specifically point point out facts and ways for your team to move forward, yet you respond with nonsense and no evidence to the contrary. You sound like trump trying to yell louder or change the course of the conversation when the facts don't support your argument.


Answer the questions and you might actually gain the respect and trust of the people who are pointing out deficiencies with the app. Asking people to PM you is not transparent, but hey neither was your team's decision to continue to force the spying when it was reported 5 months ago or the multiple users who have reported the check box issue.

I will keep my comments public in light of transparency, if AM wants to continue to hide and hope people forget like they did 5 months ago, I promise you it will not look good for AM at the end.

arf8

  • Sr. Member
  • ****
  • Posts: 285
Re: Aqua Mail is spying on us.
« Reply #33 on: November 09, 2020, 12:57:49 am »
Here is an idea, stop speaking for the app developers, you are a bean counter as far as I'm concerned, probably have no clue how to even code. Unless your profile is incorrect, let's get feedback from the developers. Maybe this is why you keep asking for useless screenshots or logs....

You are not doing a very good job as a salesman or customer service relationship manager, stick to finance!

https://www.linkedin.com/in/michael-maslarov-ba620b97/

Business Development Director at MobiSystems, Inc.


About

Experienced professional with a demonstrated history of working in the information technology and services industry. Skilled in Sales, Business Development, Customer Relationship Management (CRM) and Sales Management. Strong sales professional with a Master's Degree focused in Finance Managment from New Bulgarian University.

ksuuk

  • Full Member
  • ***
  • Posts: 120
Re: Aqua Mail is spying on us.
« Reply #34 on: November 09, 2020, 09:55:48 am »
As I offered I can decompile it myself and make the same changes but that requires time.
You can decompile it easily. Looking at the code and understanding the logic will indeed require time though.

Well, I decompiled and searched word "firebase" in these builds:

AquaMail-market-1.24.0-1577-stable-19f003cf4
Word "firebase" matched - 1961 times

AquaMail-market-1.25.0-1610-stable-57df9e5e3.apk - when trackers first appeared in the AdGuard log.
Word "firebase" matched - 2021 times

AquaMail-market-1.27.0-1699-stable-834d89368
Word "firebase" matched - 4012 times

So as You see, the amount of "firebase" is increasing, not decreasing in the latest build.
« Last Edit: November 09, 2020, 11:10:07 am by ksuuk »

arf8

  • Sr. Member
  • ****
  • Posts: 285
Re: Aqua Mail is spying on us.
« Reply #35 on: November 10, 2020, 07:03:45 am »
Let's see how the bean counter spins his way out of this one. You can't make this stuff up sadly. The truth and lack of transparency will always win out.

Michael Maslarov, Aqua Mail

  • Administrator
  • Jr. Member
  • *****
  • Posts: 62
Re: Aqua Mail is spying on us.
« Reply #36 on: November 10, 2020, 04:04:46 pm »
arf8 yes I am not a developer, congrats on finding that, you must have had enlightenment to copy-paste my name in Linkedin :) You discovered my secret.

I never said I am a developer. And yes I am using my name here so that anybody can find me on Linkedin and see who is there on the other side when writing here.

Second, I will repeat, there's been a huge lie being said here for AM spaying anybody so I had to take part in this.

Bottom line is that when we first introduced Crashlytics and when you uncheck the "send crashes box" no crash reports are sent and we are not getting info.

As I am not a developer, the AM team members who have better customer support and development skills will answer your concerns.

My observation so far is that you, aka arf8, are not reading what's being said, you are constantly looking for confrontation... as I said before this is not the place for such behavior.

ksuuk, so with the increase of the firebase words what do you imply? You know that libraries from firebase are used and they( Firebase/Google) can add in these libraries as many firebase words as they need when they make updates, so what's your point here?

Again I will say, keep the discussion with respect to the other party, this isn't a gladiator arena.

Philip

  • Jr. Member
  • **
  • Posts: 77
Re: Aqua Mail is spying on us.
« Reply #37 on: November 10, 2020, 04:20:48 pm »
Bottom line is that when we first introduced Crashlytics and when you uncheck the "send crashes box" no crash reports are sent and we are not getting info.
So why, when I uncheck Send Crash Reports and then restart AquaMail, do my Blokada logs immediately show an attempted connection to firebase-settings.crashlytics.com?

(On another point, if you are contemplating removing users' comments from the forum, you may wish to read about the Streisand Effect before you do so!)

Michael Maslarov, Aqua Mail

  • Administrator
  • Jr. Member
  • *****
  • Posts: 62
Re: Aqua Mail is spying on us.
« Reply #38 on: November 10, 2020, 06:02:32 pm »
Bottom line is that when we first introduced Crashlytics and when you uncheck the "send crashes box" no crash reports are sent and we are not getting info.
So why, when I uncheck Send Crash Reports and then restart AquaMail, do my Blokada logs immediately show an attempted connection to firebase-settings.crashlytics.com?

(On another point, if you are contemplating removing users' comments from the forum, you may wish to read about the Streisand Effect before you do so!)

You will get the answer it is very logical but I can't explain in detail, but no crashes are sent. About the comments, the post with the link to the illegal AM version is already removed.

arf8

  • Sr. Member
  • ****
  • Posts: 285
Re: Aqua Mail is spying on us.
« Reply #39 on: November 10, 2020, 06:56:33 pm »

Michael, respect starts with you listening to the users and responding honestly. The only person here not reading what is being said is you!
Looking to conceal the truth by censoring posts, trying to take this conversation private by PM. These strategies might work where you come from, but when you release a public app it does not work that way.

Since you are NOT a developer and have no idea what is going on, perhaps you should stop asking for useless screenshots and logs which your developers already have access to.

Stop defending the indefensible and unethical practices which AM promised to resolve 5 months ago. Enough with the smoke and mirrors! As I stated there are thousands of apps which do not rely on these spying/tracking tools to debug code, your excuse on behalf of the developers at AM points a light at their inefficiencies as competent developers.

As Philip pointed out and as I have seen both in my non-rooted device with ad blocker, and catlogs on my rooted device the data is being queried by AM. So please stop the lies and cover up as the data points to the facts and your opinion is moot!


Catman51

  • Newbie
  • *
  • Posts: 37
Re: Aqua Mail is spying on us.
« Reply #40 on: November 10, 2020, 06:57:55 pm »
Exactly

Nedialko Kondev, MobiSystems, AquaMail Support

  • Administrator
  • Sr. Member
  • *****
  • Posts: 250
Re: Aqua Mail is spying on us.
« Reply #41 on: November 11, 2020, 10:26:23 pm »
Hi All,

Anton (our developer) and myself have dedicated two weeks in testing and going about this in order to figure out the best possible solution.

We can confirm that:
    • No actual tracking is happening.
    • How? Anton and myself managed to capture the request that poses a concern using the app some of you mentioned (AdGuard) > there is no tracking information in this request.

What does this request do/what is this request:
    • It sends the app version (name and code) and firebase id.
    • We see no personal data or behavioral information in it.
    • It’s an initialization request of the firebase crash service.
    • Anton tried to stop it > it was not possible > he then contacted Google about it > they said it’s an expected behavior, so… not a lot of info there.
     
Note: Google’s SDK initializes this > we’re not using it, so it should not be doing that at all! Once the “Send usage stats” and “Send crash reports” boxes are disabled, we stop collecting any info/data until and only if the boxes are checked again by the user.

    • The Firebase API doesn't provide us with a way to stop this request.

How/when is this sent:
    • This initialization requests is sent rarely if at all.
    • We did reproduce it by erasing the app’s storage.

Can this be stopped:
    • The now unfortunate and infamous checkboxes in app settings stop the statistics.
    • A restart of the app may be required to fully stop them > so once the boxes are unchecked > kill Aqua Mail > reopen it.
    • We were not able to stop the particular request “firebase-settings…” using the checkboxes, but, as mentioned, it’s not a tracking request and there is no security concern here.

Anton, Nadia and myself are monitoring Google releases and if they decide to fix this issue we are going to include it in Aqua Mail ASAP. This is an issue on Google’s end. We’ve done absolutely everything in our power to remedy it.

Having said all that, we can research a way to collect crashes ourselves to make the app completely independent from firebase crashlytics but this is something that is out of the programming scope for the next 3-4 months. If we begin looking into such a feature, we'll definitely let you know.

As of the moment we will not be removing the firebase crashlytics api.

arf8

  • Sr. Member
  • ****
  • Posts: 285
Re: Aqua Mail is spying on us.
« Reply #42 on: November 11, 2020, 10:43:56 pm »
You still failed to provide a reasonable response to why the app checks off the boxes when a user unchecks them?

Lets not play coy here, the simple solution is to remove firebase API as thousands of other developers have done on Google Play.

If your sole response is "we use it for debugging" than perhaps you and Anton should hire more competent developers who can debug code and troubleshoot problems using other tools than firebase a tracking/spying offerings which most users "Uncheck" anyway to minimize traffic and overhead which serves them Zero benefit as a paying user.

The lame response, "we will not remove this ..." shows every intent on your part to use this tool for what it is, Tracking and Spying. Especially given the fact users uncheck these options but the app by itself enables them upon an update.

This is Unethical pure and simple. Yet you an Anton failed to spend any time to look into why the app behaves this way.

Stop blaming Google and the smoke and mirrors BS with independent tracking/spying API being months out, we both now AM will not resolve this.

This is an AM problem, created by AM developers inept at debugging code without tracking/spying on users, unethically forcing this via check boxes which users uncheck yet they magically check themselves upon an app update which you failed to address hoping to sweep the issue under the rug.

This is why third party developers remove this garbage and create scrubbed copies, b/c AM is unable to release a production app without it. Have you heard of Beta apps on a different release cycle? Maybe your development team is not as competent as one expects, or yet your lack of transparency says it all when you fail to address the checkbox issue. As a developer you and your team should be ashamed of your response.

Justin

  • Sr. Member
  • ****
  • Posts: 334
Re: Aqua Mail is spying on us.
« Reply #43 on: November 12, 2020, 12:31:23 am »
As of the moment we will not be removing the firebase crashlytics api.
Hi, I'm not a developer. As a user:

Though there is a menu item to disable sending crash reports, you announce to ignore this setting and will send reports from user device? This is what you said? I can't believe...

And what about other connections? There are many attempts daily to connect to "firebaseinstallations.googleapis.com".

See screenshot as example.
« Last Edit: November 12, 2020, 12:33:10 am by Justin »

arf8

  • Sr. Member
  • ****
  • Posts: 285
Re: Aqua Mail is spying on us.
« Reply #44 on: November 14, 2020, 02:04:43 am »
When unethical practices are brought to light this is when you would expect them to ignore the issues until the PR gets bad enough and spreads on other forums forcing them to address the issue.

Crickets on the check box issue. Lack of candor is amazing