Shared publicly  - 
 
+CyanogenMod Stats

Last night, we merged a change into CM Stats that removes the opt out:
https://github.com/CyanogenMod/android_packages_apps_Settings/commit/3c052c2d927d3a668793989cf9e7d091035128b8#commitcomment-2923584

As we start growing as an organization, this sort of data becomes invaluable for CyanogenMod. Understanding our user base, their devices, CM version, and other data helps us build a better product.

The data collected is the following:
 * Anonymized/Hashed IMEI or Wi-Fi MAC address
 * Device name
 * CM Version
 * Country
 * Carrier

This type of anonymous data is already collected by most Google Play apps[1] and even Google themselves.

For an idea of the type of data we get, the pictures attached are what we see on our end.

[1] Basically every professional app out there is running Google Analytics, mine included. Google Play also collects a lot of this data for you automatically.

Update:
Not april fools.
109
25
Dominik Schürmann's profile photoAndrea Candian's profile photoAndrew Mike's profile photoDenny Schäfer's profile photo
85 comments
Jack Holt
+
1
3
4
3
 
The man is collecting data that does nothing with our personal data! Down with the system!
 
I call it ego surfing.. 'business' calls it's getting to know your customers... 
 
+Timothy Lorens Did you know over half of our users are in China? They just passed the US in terms of CM installation base.

Call it ego surfing, but the data is incredibly useful.
 
For what it's worth I have always opted in anyway. I have no knowledge of development so I try to help any way I can. 
 
Did the protections against bogus devices being submitted ever get fixed? I know the pile of false data I sent in was removed, but I can't think of a good way to anonymise AND protect against garbage without human inspection of the statistics.
 
It's never bothered me to have that kind of data collected. Whatever it takes to make a better product.
Rob M.
+
2
3
2
 
Good move. I've always been an opt-inner, but looked at the stats and thought it's a good sample of who's installing what build on what phone, but was more curious about true installation count. Ego surf away. 
 
+Koushik Dutta why even keep it a separate app? Just integrate it into settings.

Edit: derp... I can't read! I shouldn't reply to comments on my phone :(
 
I reviewed the github change log and I fully support this. 
 
There's gonna be lots of tin foil hats needed after this change.

I never saw the need for the option to begin with. 
 
Exactly, just do it silently in the background and modify Setup Wizard to list what is being sent, how Cyanogenmod protects your data, and call it a day during initial boot (or first boot after the change)
 
+Mike James somebody obviously saw the need otherwise the devs wouldn't have felt the need to force it on people.
 
+Jason Weisberger It was a design decision by the original author of the stats app. The idea was full disclosure about collecting data. While I'm all for full disclosure, you can achieve the same result by making the data collection part of the Terms of Service/License Agreement/etc. and your option for opting out is to go back to stock. The issue is that they created an opt-in model for data that is already sent to other sources without the ability to opt-out (Google Play, etc.). So now, when you remove the ability to opt-out you cause an uproar over nonsense. The data sent isn't personally identifiable in any way. The only way to correlate that data to an actual person would be through the use of the IP address used to transmit the data. Your ISP should protect that from happening, so it's a pretty slim chance that it can happen.
 
+Wesley Stickles If I had to make an educated guess, it will tell them if people are upgrading / sticking to certain versions. It will tell them what devices are most popular and what needs to be focused on. I see no problem with this.
 
Yeah I mean it doesn't really bother me at all. I just wonder why "data" is so valuable. It's not like CM is going to try to target me with adds based on data. I dont think Koush is going to hax my bank account, however I just dont know how the collection of that data plays out on their end. 
 
+Wesley Stickles It helps the team understand it's users. Which devices to devote resources to, language support for apps (if say they saw a major spike in a country that doesn't have good translations available they can make it a priority to add support), tracking upgrade rates, etc. are all examples of how that data can help the CM team make CM even better.
 
I have always opt'd in on all my devices because it helps show the cm team and it's device maintainers how many people are using the product daily and on what device. 
 
+Jeff Rebeiro That's a lot of typing for a bunch of shit I already understand. My original statement stands. Somebody, whether it was the stats dev or somebody advising him felt it might be good to give people an option. Obviously users agreed otherwise devs wouldnt have felt the need to get rid of it in order to get more data.
 
+Jason Weisberger The stats app hasn't changed much in a few years. People opt-out because they can or just don't understand what it does, not because they specifically want to hold back data. It was a bad design decision with good intentions.

When we deployed the CMStats app in MIUI it was opt-out by default. We noticed people just left it that way and moved on. We then announced that it would be opt-in by default because we didn't know which devices we should be focusing on for support since they weren't reporting in. People freaked out a bit over the announcement, but again, people left it at it's default setting and we got more data.
 
+Jeff Rebeiro No doubt people will leave a setting at its default most of the time. Especially one that doesnt affect the core user experience. I personally enjoyed the option, as I think privacy in general is fleeting, not just on the internet but in our everyday lives. Its nice to be given the option, even if you leave it at the defailt setting.
 
+Jason Weisberger I can agree with that. They already set the precedent for an opt-out model. Just change it to opt-in by default (prompting existing users of the change) and call it a day. This will blow over soon enough.
 
Whether you force people to opt in or not, they will not leave CyanogenMod. So you have an advantage there! 
 
I've always opted in because I feel like I'm representing cm for the devices I'm using woot! Any time install stats are mentioned I go see how far up on the list they are :P
 
Any reason the stats.cyanogenmod.com page only lists the top 50 devices? Is there any public availability of more detailed stats for more devices?
 
+Alvin Brinson last I checked, the server was a pyramid app with a mysql back end. Not very scalable. With the amount of devices checking in, I'd assume the load is pretty high so they are limiting the query to reduce the load.
 
On the plus side, it removes the annoying opt in question when flashing... 
 
No opt to disable? Then collected data should be public.
 
Everything I've seen here is great--sort of.

A fundamental issue still exists. If the data is collected via a unique identifier, and it has a timestamp, then it isn't as anonymized as people think. Anyone with a basic understanding of data security knows that. I think the uproar has to do with the reputation of the team as the protectors and defenders of our platform...you give us choice. But when we see behavior that doesn't add up, were naturally going to believe you've used that position in the community to do evil. We understand you want the the data.

What doesn't make sense, and the natural road for us all to go down:

1) is this being used to monetize CM?

2) installation data: to include location, language, device, build version, and carrier, are all things that can be identified using a single, static event report. Why should we be comfortable with an always-collecting, transmitting-in-the-background service? What's the use-case for this? You've said yourself that Google Play apps themselves often collect this data..why is that method insufficient for CM? And why should we have to expect the same from you guys as we do from everyone else. Surely there's a way to collect the necessary data you need with a scalpel, negatin the need for a device drag-net like this.
 
Maybe your thinking about tying the information to a real world identity--which wasn't what i was talking about in terms of security.

A software registration card doesn't run in the background, silent transmitting data, until the end of time....because it doesn't need to! And neither does CM Stats, if the data they say they require is really what they're collecting. 
 
Only thing I think what is odd to collect is Wi-Fi MAC address but never mind :)
 
+James Leach it is open source, go check yourself to see what they are collecting of you are so worried about it! 
 
It doesn't matter what I myself find. That was the purpose of my response--to explain what people are going to naturally think. Thus that's the stigma of collecting data. These were all important questions that should have been answered in a comprehensive way, when the announcement came.
 
Yes it is useful data, but really, removing the opt-out will be enough for someone to now want to create a fork
 
It doesn't matter what I myself find. That was the purpose of my response--to explain what people are going to naturally think. Thus that's the stigma of collecting data. These were all important questions that should have been answered in a comprehensive way, when the announcement came.
 
+Koushik Dutta in that case would be fair enought to find a way to allow us to see exactly same page with statistic data.. no?
 
How often are the stats reported to CM if enabled?
 
jepp once a week :) and after a clean flash (when prefs are clean)
+Koushik Dutta is there a way for the public to access the data we collect? it would be a shame to keep them in closed quarters
 
Collecting IP data would be illegal in the EU, perhaps, but the US and China are somewhat lax in their data privacy protections...and the law hasn't stopped the greedy before.

This change is a bad thing. Nobody has ever explained how gathering uniquely identifiable data (and yes, it IS uniquely identifiable) each week is "invaluable" for "making a better product". This change, the corporate droid-speak accompanying it, and the team deriding anyone who is concerned about this as a bunch of paranoid numbskulls, makes me question the team's intentions. Just because you distribute your product for free doesn't shield you from criticism when you do something to the detriment of your user base. I don't like being spied on.
 
Also, talking about privacy being fleeting with a sense of inevitability while doing something to perpetuate that kind of environment is a wee bit disingenuous on your part. Just saying.
 
jepp, as long as the backend used is closed source or even commercial I also have a bad feeling about this -.-
 
+Steffen Arntz You're suggesting that the team need to recreate Google Analytics themselves to be able to capture and analyse the data? 
 
How many other apps do you have installed that do exactly the same but haven't been so open about the collection itself, let alone what data is being collected?
 
+christopher wanko On the flip side it's not wrong either.   Just because you have your tin foil hat on and opt out "cause you can" in some sort of virtual muscle flexing doesn't mean that there isn't great information to help development of a free and open source project.

Exercising choice cause you can doesn't seem at all like a valid reason. 

This is not usage information, this is just device information that is trackable among updates.  This is not reporting what your tap on and what applications you use.

That being said.  Google Play applications, most popular application on the Play store and the Play Store itself IS collecting this information in addition to usage information.  You will note there is no opt out in these applications either.   

If you truly believe your "usage" (again CM isn't collecting usage stats, just installed base statistics) you will need to uninstall pretty much every other application on your device (also make sure not to visit any websites).

The big difference is that CM is making what is collected public and you know exactly what information is shared.  It is in this post in human language and it's verifiable via the source code which can be tracked for changes.  Here the transparency is king.
 
+christopher wanko I have no idea what you just said.

But I can read some source code and it's pretty damn clear.
https://github.com/CyanogenMod/android_packages_apps_Settings/blob/3c052c2d927d3a668793989cf9e7d091035128b8/src/com/android/settings/cmstats/Utilities.java.  I don't have to "believe" in anyone.

So despite what you think is happening, it isn't.  Also the change was done by Cyanogen himself, not Koush.

The rest of your comment seems to be non-sense.  That being said.  I am not "mad", but rather trying to argue a point that and hopefully inform youself and other users and battle the FUD that you are others seem to be flinging around.  Facts, not wild claims of "hypocracy" (where?) and "double-standards" (compared to what again?)

That being said, you seem very convicted by your claims.  You are free to revert the change and compile your own tin-foil hat version of CM free of whatever concerns you have.
 
People complaining about CyanogenMod collecting anonymous data on a social media website that data mines your personal emails is about the most ironic thing ever.
 
+Koushik Dutta people who talk nonsense about code that is publicly available is the most ironic thing ever. Who is spreading the FUD that the server is closed source too?
 
CM statistics runs every time you boot your phone. The question isn't about the data. The resistance is about precedence-- and those arguing here that its not a big deal are using the fact that others do it, and may even be doing far worse, to argue that this is commonplace, so its just fine...

Nonetheless, as I've said before, people expect better from CM, and CM could have done something much bigger, and much better here. It stepped into a snake pit (whether it actually is fine or not, the stigma is real) by using methods that are excessive, and contrary to the belief of most users. Most users see CM as a way out from manufacturer-provided, carrier-modified software, which almost universally forces your device to do things you don't want it to do. Whether it's something like Carrier IQ, bloatware, uninstallable software or services, or features that are made premium by the carrier when we know they shouldn't be.

If the hype is hyperbole, they had an equally important change to address the stigma, and provide a responsible service that wasn't blunted, and collected data in a reasonable way, thereby setting a GOOD precedent, and encouraging the creation of good services. A comprehensive message that threatened the deletion of an opt-out option could have given CM a near-equal response, convincing users to stay opted in. The decision to remove the opt-out option by "executive decision" almost exclusively proves hat this wasn't popular, and people obviously weren't going to like it, or support it.
 
If you guys think it is useful, go ahead and collect the data. But do you really have to use Google Analytics for it?
Part of the reasons why I like CM is it doesn't send everything to Google and now you make a change that sends personal information (MAC address / IMEI) to google. :-(
 
Thanks for the post, but you see that hashing the IMEI is not useful because the number is too short and may be recalculated in few hours? Also the point that "everyone" gets that data and CM is sad they are the only people who are working on something without knowing the user base, think about the Linux kernel and other OS projects again.
 
Well, no need to install Cyanogenmod on my next phone, then. Hopefully there will be a fork implementing some semblance of privacy at some point ... :(
 
+James Leach Incase you haven't noticed.  All changes to CM are done va "executive decision".  There is only a small group of Core developers who can commit changes.  So even the popular features are commited via "executive decision".

Comparing CMStats to Carrier IQ is like comparing a Ladybug to a Tiger in terms of danger.  The big difference is transparency.  The code is open.  You can see exactly what is being sent and you can see when things have been modified or changed.

Not to mention that I am sure you are running GAPPS on your phone which is collecting a whole hell of a lot of information about you without any sort of OptOut.   

If you get past the stigma and actually think and use the facts available to you this feature is doing a hell of a lot more good than harm.  You do realize that you send more information visiting a web page from your phone, computer, etc than what CMstats is collecting, right?  

In return the "information" is invaluable.  CM is a very large and very successful project that cannot continue to sustain growth via organic addition.  Careful thought needs to be put in for things like device support ("Which devices should be fully suported by CM?", "How many people are using CM9 and does it warrant supporting CM9 based Key Lime Pie for older deivces").   Language support "Does CM need a dedicated translator for Chinese or a team of translators to translate new feature faster and quicker".)  

This information is not going to be sold, or used for advertisements (quite unlike your browsers User Agent string and the stats collected by Google Play or just about any website or popular Android app).  It is used by CM to support CM.  It's is very little to ask of the users who enjoy the features of CM completely without charge or any "hidden" costs (like advertising big data).
 
I don't care what you need or not. You can ask the user nicely if he wants to send that data or not. Enforcing it, is against the spirit of open source and just shows your greed and moving that whole thing into something more commercial.

You know very well how wide spread CM is, there is no need to spy on the users anymore if they do not wish it. And don't argue with other apps doing it to, I block most apps internet connections or use adblocker to suppress this kind of data collection. That's the most important reason why people use custom ROMs and rooted phones in the first place, to have MORE CONTROL ABOUT THEIR DEVICE. What you're doing is exactly the opposite
 
+Brandon Bennett Don't come up with this shit. You know exactly, 95% who use a rooted phone or custom ROM do it in order to run AdBlocker & Android Firewall and similar Apps.

This Apps main purpose is to block the Ad- & Statistic gathering services. That's what the people decided and that's why they mainly use a custom ROM and who the fuck do you think you are, that you can decide for others what they have to do or accept or not?

Your argument is completely useless. It only applies to people who use stock ROM and non-root devices and this people are NOT YOUR AUDIENCE.
 
"I hope there's a fork that cares about my privacy", +Gerhard Blab posted on Google+.

Your browser is sending the exact same anonymous data we want to the 500 other sites you visited today. (And some not so anonymous data as well)
 
+Koushik Dutta Really? My browser sends my IMEI and serial number (pseudo)anonymized to 500 sites? Darn, must have caught a virus ...
But seriously, I am aware that using electronic devices on the net I will leave traces. That's why I am very selective about which sites are allowed to use java-script (google-analytics is not one of them) and which apps I use. Heck, until you started to remove the choice I even allowed you to collect the anonymized usage data from my smart phone. What I don't like is having no choice. If I have no choice, I can just as well stick with the default OS package on my phone!

edit: btw, I noticed the changes have been reversed. Thank you for listening!
 
+Gerhard Blab Part of the change was to roll over to Google Analytics which doesn't send IMEI. There's also another change in tow to use ANDROID_ID. It's like you don't even read before you post.
 
+Koushik Dutta Thank you, I must have missed that part in your posting above, the one that I commented on. It explicitly mentions "Anonymized/Hashed IMEI or Wi-Fi MAC address", but is strangely silent on ANDROID_ID ...
 
+Gerhard Blab

There were legitimate concerns in the comment thread on the github link that were brought up over the legality of IMEI in various, so we're switching to ANDROID_ID.
 
I have a couple of web sites that run several statistics scripts. All serious websites run at least Google Analytics to be able to track user behavior and adapt the business plan accordingly. Don't want to be tracked? DO NOT USE THE INTERNET. 

And for heavens sake, DO NOT USE GOOGLE+.

Yes, you're b u s t e d . 

It's insane users have anything bad to say about this. Hell, even at my real work I track everything just to be able to make correct decisions.   And that's not even remotely using the internetz, but real physical data. 
 
We had a great time, I used you for about 3 and a half years and now I'll leave you. 
Bye, CyanogenMod, Bye.
 
+Johan Ottosson You're an idiot. Only because everyone does it, do not mean they have to do it to. And it's against the spirit of open source.

As for the browser, you got the option (at least if you're not IE user) to use an Addon and fix it. There is no such option for a ROM you install and it sends information after the boot, there is no built in firewall or option.

The comparison is completely inappropriate. It would be like Microsoft sending data silently, and even Microsoft, a big international company, do ask users if they want to send this kind of data for statistics.

Again, the main reason people choose CM over AOSP was because of the additional choices. Now you want to take this away?
 
How does it help, if i can read the code, but not opt-out? Thats ridiculous reasoning.
Thanks for reverting the code and actually listening to your users.
The other option would have been a fork and losing a fraction of them.
 
+Tseng Lee You could fork it and add the opt out.

How is the Web site statistics a bad comparison? Users can ask the site to not track them, but that's about it. In the end of the day I still know your ip and where you come from.

Nice to call me an idiot when this is the first time we meet. Says a lot more about you than it does about me.

Have a nice day and pet a kitten! 
 
IPs change, IMEIs and MACs not. At least not that often...
 
+Johan Ottosson Learn to read, and you'd see that I already said why it's a bad comparison!

I repeat:
In a browser you can download the necessary plugin or Internet Security software such as Kaspersky Internet Security before you visit a malicious site. An in OS built-in statistics transmission you can't because it sends the data on the first boot for the first time, before you even get the chance to open Google Play or execute AdBlock for the first time so it fetch.

And especially on older devices, the choice between Stock and CG or AOSP at all. For example, I still use my HTC Desire (from developer point of view I don't have a reason to switch to a newer phone yet) and there is no stock ROM available. You're hilarious fork argument isn't any more valid if you ignore arguments of the others.

And if you need to know how many people use the CM, do it like every reputable institution in real life: Go out on the street and make a survey. In your case, the street would be custom ROM internet forums. You choose a selection of people that are relevant (custom ROM user/moders) and and interpolate it.

To your surprise, this is how it has been working for the past 100 years and it was successful in doing so. No need to hold a gun on a persons hand and force him to get the data you like. If you do so, you may not get the reactions you expect. People do not like being forced.
 
CM is in bed with the illuminati, and the goverment....and the grays.
 
More likely little infantile children. Adults do not act like Kim Jr.
 
You're not forced to install CM. I rest my case
Add a comment...