Protektoid and ACRA: Privacy-friendly crash reporting

Protektoid et ACRA : gestion de crash orienté privacy

Quick introduction

Why a crash management system?

Many applications use crash reporting tools in order to improve user experience.

These reports are either automatically sent or sent after user approval. Most of the time, the first approach is chosen, in order to maximize the number of reports and provide fixes as fast as possible.

How does it relate with the privacy?

The crash management platforms are mostly turn key proprietary solutions. One can for instance mention Crashlytics, Apphance and Apteligent. These are really powerful tools, easy to set up and provide really good features for the developers.

However, if we say "turn key solutions", it also means a potential loss in flow control for privacy related user data: IP address, last name, first name, email and others. Knowing that, setting up a crash management platform may produce undesired data flows.

Protektoid and crash management: ACRA, Application Crash Reports for Android

The beginings

To not hide anything, the first internal testing sessions of Protektoid relied on Crashlytics, thanks to it is straightforward setup instructions and the lack of needs, at this stage of the project, to consider privacy issues regarding the data privacy of the crash reports, the experience was really good!

However, and as it has been confirmed by both public known stories and the Crashlytics terms and conditions regarding data privacy (http://try.crashlytics.com/terms/ and http://www.iubenda.com/blog/consent-from-users-and-developers-to-data-processing-and-transfer/), we decided Crashlytics could not satisfy our needs regarding the control we want to have over data privacy for the production stage of the project.

The  framework we setup: a privacy focused crash management system

Learning from our experience, we decided to use the great Open Source framework ACRA, which stands for Application Crash Reports for Android. This project is hosted on github at the address https://github.com/ACRA and contains the following repositories

  1. https://github.com/ACRA/acra, the Android plugin
  2. https://github.com/ACRA/acralyzer, for data storage and crash report submission management
  3. https://github.com/ACRA/acra-storage, for crash report display

Which security?

Of course, we will not detail here all the security strategy we defined to setup the ACRA framework. However, you can find detailed recommendations on  https://github.com/ACRA/acralyzer/wiki/security & https://github.com/ACRA/acralyzer/wiki/Setting-up-a-reverse-proxy. We followed them and even more.

Why ?

After talking about ACRA framework, the first questions I can foresee is "What is the point?" or "These are only technical questions".

Our answer is quite simple: with our choice, all the data generated by the crash reports remain on Protektoid servers. We do not talk here about "Data Control" or other. The goal is to maintain the certainty that user related data remains where they are, that is our servers, and where they are declared and supposed to be.

You will check on protektoid website and the privacy policies the mention regarding data storage in France and the declaration to the French data protection authority CNIL. Without ACRA, this would have not been possible to say so: most of the turn key solutions are for instance subject to the  "safe harbor" law, these solutions being for most of them developed by companies in the Silicon Valley.

Next

We would like to extend our review of the ACRA framework and also analyse choices made by the other Android applications, which often under-evaluate the consequences of their choices regarding crash management tools.

Do you have an application you would like to be reviewed regarding this topic? Feel free, ask your questions in comments or contact us.

Comments