| Questions this brings up: 1. What's the estimated bandwidth impact of this data collection? Many users have very limited data use, and chatty messages on play/pause/volume change wouldn't be appreciated. 2. HTTP or HTTPS? 3. How does it work with other apps (like Google Music) that might provide more music details? Like does it send more information when the id3 tags have all the fields filled in? Things like comments, encoding, etc might also be transmitted. Streaming services like Spotify probably try to trim that as much as possible, but local files could have a lot more data. 4. Can you see anything about the anonymous id that might make it not that anonymous? I mean, the device serial number alone kind of defeats an anonymous id. But there's been a fair amount of work in reidentification of anonymous data, and many developers take shortcuts when generating their "anonymous" data. (https://arstechnica.com/tech-policy/2009/09/your-secrets-liv...). 5. It's sending this data in the background, correct? 6. What does it send (if anything) during calls, emails, texts, map navigation, and voice commands? |
2. Everything is secured with HTTPS! All the analytics messages, messages to boses servers and firmware checks are all over HTTPS (The firmware file its self is downloaded over HTTP, but the URL is provided over HTTPS and the firmware may well be signed)
3. A good question that needs further investigation :)
4. The anonymous id doesn't have any glaring information at least not immediately from the analytics platforms documentation https://segment.com/docs/spec/identify/ however yes the other meta-data defeat the purpose of an anonymous id.
5. It is definitely sending the data while the app is in focus, and i believe while the app is open but not in focus. I am not 100% sure here as it was a very quick test.
6. Again something else to investigate :)