GDPR compliance: data transfers to Sentry and glitchtip.akylas.fr

[rutherfordiumless]

Hello, this seems to be a fine scanning app, and I would like to recommend it to a customer. However, it is a EU based company, so GDPR compliance is essential.

I checked for possible unlawful data transfers (Art 5(1)(a) GDPR) and violations to the principle of purpose limitation (Art 5(1)(b) GDPR) which are very common for free apps. Unfortunately, besides the questionable use of Sentry mentioned in the privacy statement (transfers of personal data to a third country, possibly violating Art 44–50 GDPR; and possible unlawful identification and tracking of users, violating Art 5(1)(a) GDPR, I detected a transfer to glitchtip.akylas.fr (88.141.112.51, France) during or after scanning. What is the purpose of this data transfer to glitchtip.akylas.fr? What kind of data is transferred?

Would it be possible to create a variant of the app without these data transfers? I understand that the origin of the app is in France, and it is intended for use in the EU, so I assume that compliance with EU laws should be of interest.

[farfromrefug]

@rutherfordiumless thanks for elevating this:

• fdroid/github apks are built without sentry at all!
• only playstore and appstore builds are built with it.
• it is only for crash reports, helping me fixing bugs as fast as possible
• glitchtip.akylas.fr is my personal server. Glithtip it an open source alternative to sentry. I use it because it is much smaller without all the performance/tracking i dont need.
• It is my server and i regularly delete all data (no personal data).
• in the version in publishing right now you ll be able to opt-out from a debugging settings section.

Does that answer your question?

[rutherfordiumless]

Hello @farfromrefug !

Thank for the explanations and your transparency. This is very rare.

And your change is good news and an excellent service. I tested the new functionality, and all data transmissions are gone, indeed.

Thank you very much!