The most successful and best managed version of Android CyanogenMod is gathering data from users for statistical purposes. The statistics are public and users have the chance to opt-out of being counted. On March 31st this changed. The founder of the CyanogenMod initiative Steve Kondik removed the opt-out feature from the source code (commit). He explained his reasons in the commit message:
Not having an accurate count of how many people are using CM is painful. I am making an executive decision to remove the opt-out and always turn stats on. The data is anonymized and there is nothing evil that can be done with it. The only purpose here is to tell us if we are a successful project or not.
Only a few minutes later, another CyanogenMod developer Koushik Dutta added an additional tracking feature (commit) which sends data not only to the servers of CyanogenMod, but directly to Google using Google Analytics.
After many users complained and IT media picked up the story, Steve Kondik reversed his decision (commit) today (3 days later) and says:
Apparently this is a bigger issue for a small number of extremely vocal users. We should respect their wishes, no matter how off-base their claims are in this context.
That does not sound like he understood the legitimate issues people have. He considers them “off-base”, but decided to still respect their wishes.
In a later post, he explains himself in more detail, but still seems to be upset:
It’s incredibly frustrating that a handful of incredibly vocal users are ready to “fork” over the issue. News flash: there are already a hundred forks of CM. We like it, and we enable it! And there’s no sinister plot to crack the hashed data and sell your deepest darkest secrets to Verizon and the NSA.
He does not seem to understand that this is all about trust. Many people do not trust Google with their data and CyanogenMod is their only (reasonable) choice. If they start to collect data as well without letting users know and without a way to at least opt-out, they can not be trusted anymore. The best way to protect data, is not to create it in the first place.
It is too bad that CyanogenMod can not have reliable statistics about its usage, but if users decide to opt out from being tracked for statistics, they have their reasons for it. These people and their reasons should be respected. Their privacy is more important than having more accurate statistics. Thankfully, Steve also seems to realize this:
In the end though, we should respect everyone’s wishes here. The change was well-intentioned- we just want to have better answers to certain questions. There are many applications out there who are doing incredibly dubious things like uploading all of your contacts without your consent, so certain suspicions are understandable. I do not want CM to ever be perceived as a group who doesn’t respect the privacy of it’s users.
You could think that in the end everything turned out to be good. Unfortunately, this is not really the case, because the addition of Google Analytics was never removed. It is still in there (source code) and when you decide to contribute to the statistics with your data, it will also be send to Google. It gets your device name, the device version, your country and your current IP address. CyanogenMod does not even tell you about what data they send to whom.
In my opinion, CyanogenMod should remove Google Analytics completely. What’s the point of having a Google-free operating system that still sends data to Google?
Update (2015-08-28): Cyanogenmod has now finally removed Google Analytics again and replaced it with a custom solution.