Recently, a user ran a check for our app on εxodus to to see how private the Incognito Wallet app is.
To some, it was quite surprising to see that the app requires 19 permissions and has 3 trackers. At face value, that seems anti-privacy.
To that user, thank you. We now realize we need to be more clear on what we do and why, so to that end I am going to break down what information we gather and why.
1. Permissions:
Below are all of the permissions the Incognito Wallet app requires of your phone and what they do. We do not require any permissions to be able to control your device in ways that you aren’t specifically trying to initiate. Without these permissions, the app cannot function properly.
A: Node set up
ACCESS_COARSE_LOCATION - This lets the app access your approximate location for WiFi connectivity. You can learn more about WiFi scanning here.
ACCESS_NETWORK_STATE - This lets the app view Incognito network connections, so it knows if you are connected or not, That way, if you’re not, it can give error messages and suggest the solution.
CHANGE_NETWORK_STATE - This lets the app change your Incognito network connection, which is essential for app features like transactions.
CHANGE_WIFI_STATE - This allows the app to connect and disconnect from the WiFi network your phone is connected to. This is necessary to use WiFi-based functions.
ACCESS_WIFI_STATE - With this permission, the app can view your WiFi connectivity, to know whether you can use the functions in the app that require WiFi.
CHANGE_WIFI_MULTICAST_STATE - Similar to network state, this allows the app to enable WiFi Multicast reception, so your device can send data to nodes across the network, which is necessary for app features like transactions.
CAMERA - This lets the app use the camera on your phone to scan QR codes, or to be unlocked with your FaceID (if you have that enabled). We can’t control it remotely, and if you’d like, you can disable this permission in your phone’s app permission settings. If you do, you just won’t be able to scan QR wallet addresses, but you can still manually input them of copy/paste them.
INTERNET - This allows the app to have access the worldwide web from within the app, which is how you can access the “Community” tab. We cannot use your other web browser apps or check your history
Overall, these permissions are required because the Node setup process is complicated. It needs to check your internet information, scan the QR code of the device, network status, and help to connect to Node’s hotspot.
B: Security access
USE_FINGERPRINT - This allows the app to use your phone’s fingerprint software to enter your passcode that way, if you’ve enabled it. You can disable it at any time.
C: Private key access
READ_EXTERNAL_STORAGE - This enables the app to read your SD card, not for personal content, but for storage capability. Do you have room for the app’s data, and space to backup your private keys?
WRITE_EXTERNAL_STORAGE - These two permissions go together. This allows the app to create/delete a file in your storage to back up your private keys.
D: Miscellaneous
BLUETOOTH - The app can pair with Bluetooth devices, helps for Node connectivity.
BLUETOOTH_ADMIN - The app can initiate a Bluetooth connection.
These are for connecting to your Node via Bluetooth. However, we’ve made it mostly unnecessary. We’re going to remove this permission as soon as we’re sure it won’t disrupt users who have connected their device this way.
READ_PHONE_STATE - This is to verify that you’re a real person using a real phone. It’s built into backend and not something we can use for any proactive purpose.
RECEIVE_BOOT_COMPLETED - This allows the app to send you notifications on your phone once you turn it on.
WAKE_LOCK - This prevents your phone from entering sleep mode while a transaction is ongoing, so that it does not make the transaction fail. Eventually we can move this process to the background so you can navigate away during a transaction and this permission won’t be needed.
RECEIVE - This is not something we initiated. It’s a default for apps on the app stores, for communication between the host and the app for things like app updates.
BIND_GET_INSTALL_REFERRER_SERVICE - This is for AppsFlyer. It gathers the general info I described earlier.
VIBRATE - This is an old feature we are removing soon. It allows the app to vibrate your phone with notifications.
So, some permissions are necessary for the app to function, others make the app experience more pleasant and easy-to-use. We’re constantly looking for ways to lessen the permissions we use without degrading the app. As with any product, we keep track of certain metrics described above in order to know what type of people use Incognito, and how, so we can help the community grow effectively.
2. Trackers
-
AppsFlyer
-
Google CrashLytics
-
Google Firebase Analytics
These tools are common for developers. We use them to see the different ways people can download our app (whether they clicked the link from Facebook, Twitter, the Apple App Store, Google Play, etc), and what device it’s on. We also use it to understand the way the app is being used, how long people generally spend inside the app so we can optimize UX for users over time. We also collect data on when and why the app encounters a problem, like crashing.
This information is not tied to your personal identity. We use it to know where to focus our growth activities and how to make the app better. I would not be able to pick you out of that data to know any more about you than, say, one of your Twitter followers.
Also, we have decided to stop using Google Firebase Analytics because it’s become unnecessary.
Privacy is our main priority and we will never track you specifically or access your phone, identity, or data in a way that you didn’t specifically intend to initiate as an in-app function.
If you have any questions, comments, or concerns, please share them here. If there’s a way we can make privacy better, we’re all in. Thanks!
