App fails to start without internet connection about super-productivity-android HOT 16 OPEN

I checked with the latest version from @IzzySoft s F-Droid repository and also with the F-Droid release APK provided here.

Those are identical. That's where my updater gets it from 😉

So I am assuming that I am not? :)

You are assuming correctly. Ceretificate pinning would require some extra steps. But you can aways test for yourself, as I do from time to time to see whether security & privacy are still intact for my sites: see here for details, I'm using WebbKoll, SSL Labs and Mozilla Observatory checks. Just replace my URL in that link by yours. SSL Labs (and Observatory IIRC) will tell you about cert pinning.

from super-productivity-android.

I'd imagine this is due to the fact, that blocking something via the firewall is not quite the same as being offline, at least from the webviews perspective.

That's not it, I guess. Just allowed traffic from super productivity on my firewall again and performed the same steps above, but instead of controlling the internet connection via firewall I simply enabled and disabled wlan / celluar data. The issue still persists.

Yes, this might be an option. To be honest, I was very happy, that I had one release less to worry about. It demands a lot of time to provide software for this many platforms. Being able to rely on this being in a more or less up to date version, was making my life easier :)

Reasonable for an hobby project. Unfortunately, I won't be able to help with that as I'm not an Android developer, but I could imagine that the release process could be scripted some way once set up.

So for now I think I want to wait for either more people demanding this or for more people to contribute to the android version. There are more things to do than I can handle as is.

I'm sure there are more people that would love to see this feature, especially in the F-Droid and privacy community. Most probably simply don't know that the app is basically an web app - not everyone configured a firewall or similar tools with whom you could detect such things on their mobile phone.

In the meantime, until more people state their opinion or until others are willing to help implement this feature, it may make sense to mention the fact that the mobile application does collect some data, as this is inevitable as soon as something is connected to the internet. A good place for this would probably be the privacy policy, that would fit quite good in the footer of your page, by the way :-)
Because as far as I'm concerned I feel a bit misled if an app states it doesn't collect any data and then I discover it connects to the developers internet presence without my knowledge. Does the desktop app behave the same, by the way?

I am using letsencrypt and didn't configure anything in this direction that I am aware of. So I am assuming that I am not? :)

What izzy wrote.

from super-productivity-android.

I hope didn't sound rude yesterday. Since the Heise article, I am a bit swamped with new issues and there was much to do already...

from super-productivity-android.

I sure felt a little annoyed by the thought of having to deal with the legal stuff again :D

Who would not, apart from some lawyers maybe?

Apart from that: what @therealjeybe wrote. As a user, I would expect a locally installed ToDo app claiming privacy to stay local and not connect anywhere without telling me explicitly and asking my permission. So it should at least be mentioned that it (initially?) needs to do so. For me, no legal sh!t is required – just the information should be there in a way it cannot be easily missed 😉

from super-productivity-android.

If I understand the "NonFreeNet" badge correctly, the info should be already there for F-Droid?

If we add that AntiFeature (which I fear we currently must), users only see it connects somewhere – but not why or what for. I'd add that to the app's description (full_description.txt in Fastlane, since you've got that now), introduced with a bold <b>NOTE:</b>.

from super-productivity-android.

If we add that AntiFeature (which I fear we currently must), users only see it connects somewhere – but not why or what for. I'd add that to the app's description (full_description.txt in Fastlane, since you've got that now), introduced with a bold <b>NOTE:</b>.

Makes a lot of sense! Thank you!

from super-productivity-android.

Hey there! The mobile app requires you to be online once initially. It basically uses the webapp at https://app.super-productivity.com/ and adds some android specific stuff around it. Once you loaded it once, the app should work fine offline too.

from super-productivity-android.

Hey @johannesjo, thanks for the quick response. Unfortunately, that is not the case. I did the following to check this:

• Allow internet access for super productivity in my firewall
• Start super productivity, works fine
• Force stop super productivity
• Disallow internet access for super productivity in my firewall
• Start super productivity again, doesn't work, the mentioned error appears

I checked with the latest version from @IzzySoft s F-Droid repository and also with the F-Droid release APK provided here.

Also, but this may be more of a feature request, would it be possible to include the web files in the app? I'm concerned regarding privacy and security when an app that doesn't need to loads and executes things dynamically from the internet without my knowledge and without the possibility to verify the content. On this note, do you use certificate pinning?

from super-productivity-android.

I'd imagine this is due to the fact, that blocking something via the firewall is not quite the same as being offline, at least from the webviews perspective.

Also, but this may be more of a feature request, would it be possible to include the web files in the app?

Yes, this might be an option. To be honest, I was very happy, that I had one release less to worry about. It demands a lot of time to provide software for this many platforms. Being able to rely on this being in a more or less up to date version, was making my life easier :)

So for now I think I want to wait for either more people demanding this or for more people to contribute to the android version. There are more things to do than I can handle as is.

do you use certificate pinning?

I am using letsencrypt and didn't configure anything in this direction that I am aware of. So I am assuming that I am not? :)

from super-productivity-android.

Does the desktop app behave the same, by the way?

No, it does not. Just the android app.

Well, the web app does not actively collect any data neither, which is as good as it gets for a web page, so I don't think the statement is incorrect.

I'm sure there are more people that would love to see this feature, especially in the F-Droid and privacy community.

Only one way find out! Could you be so kind to open an issue about this here? This would offer people the chance to upvote this. If more than 10 people upvote the issue I definitely implement it (at the very least for F-Droid).

A good place for this would probably be the privacy policy, that would fit quite good in the footer of your page, by the way :-)

I hate to deal with the legal stuff – I'd rather work on the app itself and I find it very time consuming and annoying – but yeah, you're probably right.

from super-productivity-android.

Btw. I was able to reproduce the issue now with the latest store version. This seems to be new. I'll work on a solution.

from super-productivity-android.

If I may say so: Nope, I didn't detect even the slightest rudeness, all is fine! And yeah, such a publication rises interest 😄

from super-productivity-android.

Hehe. Thanks @IzzySoft ! I sure felt a little annoyed by the thought of having to deal with the legal stuff again :D

from super-productivity-android.

Well, the web app does not actively collect any data neither, which is as good as it gets for a web page, so I don't think the statement is incorrect.

It's not incorrect, it is misleading. I don't expect an ToDo / Time Tracking App I install locally to connect anywhere, whereas it's clear that data is collected if one browses a web app.

Only one way find out! Could you be so kind to open an issue about this here? This would offer people the chance to upvote this. If more than 10 people upvote the issue I definitely implement it (at the very least for F-Droid).

You mean an extra issue to upvote/discuss beside this bug report? Certainly can do so :-)

I hate to deal with the legal stuff – I'd rather work on the app itself and I find it very time consuming and annoying – but yeah, you're probably right.

Personally, I don't mind about legal stuff at this note, I just want to know how my data is handled from the apps I use. And in most cases the privacy policy is the first thing I look up for that.

Btw. I was able to reproduce the issue now with the latest store version. This seems to be new. I'll work on a solution.

Great! Thank you!

I hope didn't sound rude yesterday. Since the Heise article, I am a bit swamped with new issues and there was much to do already...

No, don't worry ;-)

from super-productivity-android.

The best solution might be switching away from the web app and serve the files locally (EDIT: but this is complicated to do and would require an annoying migration path for existing users ;)).

ToDo app claiming privacy to stay local and not connect anywhere without telling me explicitly and asking my permission.

I just wonder where would you put this information. I think it doesn't belong to the main repo as only the android app does this and the repo and also the landing-page is mainly about the desktop/web-app, while the android app is more like an additional service at least for the moment. If I understand the "NonFreeNet" badge correctly, the info should be already there for F-Droid?

from super-productivity-android.

That was my initial suggestion :-)

from super-productivity-android.