Shared publicly  - 
 
Pretty cool spyware there br0

But seriously, this stuff is important to us. Some awesome things are coming soon, but we really need to understand our userbase today. You can't make good decisions unless you have the right data.

The data that CMStats looks at is:

1. Device type
2. Country code
3. CM version
4. Device ID (one-way hash of IMEI or MAC address)
5. Carrier

Pretty generic stuff. The device ID is used to determine a unique device instance. We can't reverse it and know your IMEI or anything like that.
 
+CyanogenMod Stats

Last night, we merged a change into CM Stats that removes the opt out:
https://github.com/CyanogenMod/android_packages_apps_Settings/commit/3c052c2d927d3a668793989cf9e7d091035128b8#commitcomment-2923584

As we start growing as an organization, this sort of data becomes invaluable for CyanogenMod. Understanding our user base, their devices, CM version, and other data helps us build a better product.

The data collected is the following:
 * Anonymized/Hashed IMEI or Wi-Fi MAC address
 * Device name
 * CM Version
 * Country
 * Carrier

This type of anonymous data is already collected by most Google Play apps[1] and even Google themselves.

For an idea of the type of data we get, the pictures attached are what we see on our end.

[1] Basically every professional app out there is running Google Analytics, mine included. Google Play also collects a lot of this data for you automatically.

Update:
Not april fools.
160
9
Eric Richardson's profile photoMike Niccum's profile photoDaniel Reisinger's profile photoEustáquio Rangel's profile photo
51 comments
Jay Rott
+
1
5
6
5
 
The transparency is appreciated. I would have been a little concerned seeing this on a changelog with no explanation. 
 
I have always been opt in anyway. Thanks for the great ROM.
 
i've always opted into this. how else can i give back to the community as accurately?
 
You still can opt out simply removing the cmstats apk using any root file manager or while in recovery. 
 
In Europe +Koushik Dutta could go to jail for that. Stealing personal information is a serious crime. 
 
+Koushik Dutta you're wrong, IMEI is a univoque code used to identify phone position and owning so it's definitly a very personal data..most of apps do collect it? True..is that means is a right thing to do? Not at all..most people kill as well, accordingly is right to kill? lol plus, it will be illegal soon in USA use IMEI data, a law is being discussed about it..so reanable the choice is the only thing to do, and if you ( maiestatis) want to collect anything ASK FOR IT, community will mostly give you what you need
 
+Matteo Memnoc Did you read the article or +Steve Kondik's comment on it? Guess not. He [Steve] explains that a one way hash is created from your IMEI. If you don't understand one way and/or hash wikipedia will help...
 
+Koushik Dutta According to the EU it probably is.
They wanted to classify an IP address as " sensitive personal data ", even though most IP addresses are dynamic.
You can never tell what crazy rules these guys dream up. You can be pretty certain, however, that they don't understand technology an therefore are afraid of it.
 
Indeed I did read it, actually that part of the answer was directly related to koushik's answer, that explains the "weird" +name ;) read better next time, wikipedia can help you as well about it ;)
Paul W.
 
I've found very few apps that legitimately ask for IMEI. It's disappointing but most developers do it anyway. Even in this case, I'm not sure why the data can't actually be anonymous. That said, I'm happier giving you guys the ability to know too much about me rather than some shitty app. 
 
+Tore Julø My butt did that actually. Surprising how my ass managed to unlock my screen go to G+, go to this particular post and type that. Such a smart-ass. 
Paul W.
 
Will be interesting to see the legal implications across Europe.
 
+Paul W most of countries consider it as an illegal action, especially when it comes the "blacklist" stuff, useless if your IMEI can be in "any hands" apart from yours as it meant to be.. I'm a developer also, and this very specific topic come to my attention when I started to use OTA update feature in my roms..this very technology is based on IMEI localization to send the OTA..so it was already present in CM code for a long time..all the collected IMEI are assumabily stored somewhere, and as a matter of fact accessible to "third party People" , and that's the point..however I don't think, to use an euphemism, that Cyanogen or some of their temmates can use this fact as means to provoque any damage of any sort...BUT fact1: in some countries is illegal fact2: the essence of custom roms is customization, so nothin IMHO can be imposed as a forced choice for users..by the way, I surely won't stop flashing CM on my devices for this reason but we should deal with these facts before make this feature permanent.. Just my two cents
 
updated to latest nightly.. keep it up
 
i've always sent you guys the stats because i believe you do an amazing job , seriously just managing the drivers is already a feat , that i've failed. 
but you cannot make it mandatory and not have a opt-out , the public backlash from this is going to be your undoing 
 
Have not used cm in a while (addicted to PA) but if I was using cm I would happily opt in to make cm better hell I did everytime I loaded the rom 
 
Dig it. Hope to get my HTC one with sprint on cm down the road, wife will be rocking my gnexus :-)
 
Are there any reasons,why you not use piwik ?
 
+Austin Ferguson  does HTC still ship locked crypto boot loaders that are a mess to root ? i gave up on them becuse of that  
 
I've always opted in. No harm in helping out.
Al Chan
 
Me too.  I've never opted out on any of my devices.
 
"one way hash of IMEI"

In the context of something that can have only little variation (entropy), like an IMEI number, a hashing function is not one-way, as it can be reversed with rainbow tables. I can only hope that you are using really long salts (not just device info) when attaining the data, otherwise you're dealing with information that is less anonymous than you would've thought. 
 
I think people are complaining for the sake of complaining about losing a feature. I don't think people are actually that worried about privacy (if they are, they're just paranoid about things and/or uninformed). Move on people, go back to complaining about other trivial things like the iPhone or something. =___=
 
+Becker Béla it is only SHA or maybe even MD5, someone would have to verify that… not even slated or anything
        String device_id = digest(tm.getDeviceId());
is the line from the utils that creates the device_id

even worse on devices without IMEI the Wireless MAC is taken to create the ID -.-
it would take less than a day to create a valid MD5 or SHA rainbowtable over all possible/valid IMEI and MACs -.- not really a good idea +Koushik Dutta +Steve Kondik 
 
jepp I am quite happy with the solution we/you found there
 
oh god who cares the IMEI/MAC will be hashed and other information is not very sensitive County/Device/Provider and CM version
get real. what does Google collect when you use for example the play Store? an ID (how they get it I dont know) the installed apps, device, Android version and I think much, much more...
 
It is okay to send technical statistics.
Thanks to develop Cyanogenmod, hopefully the manufacturers support them as if they were not for you I wasn't so pleased with my Galaxy SII
Add a comment...