CyanogenMod Android privacy vs. developer wars

CyanogenMod Android privacy vs. developer wars

Summary: The chief developer of the popular alternative Android firmware CyanogenMod thought that requiring devices to report unique smartphone and tablet data would be an unqualified blessing. They reckoned without their users.


It seemed like such a good idea. The developers of CyanogenMod, the popular alternative Android firmware, decided to require their users' devices to report device-specific data so they could create better versions of CM. Who could argue with that? CM's users could.

Cyanogenmod users made known in no uncertain terms that they don't want their Android distribution of their choice to know what's what with their devices.

It all sounded easy enough. In the CyanogenMod github depository, Steve Kondik, who recently returned to CyanogenMod from Android, wrote: "Not having an accurate count of how many people are using CM is painful. I am making an executive decision to remove the opt-out and always turn stats on. The data is anonymized and there is nothing evil that can be done with it. The only purpose here is to tell us if we are a successful project or not."

Koushik Dutta, a CM developer, added more detail about this on Google+. Dutta wrote, "As we start growing as an organization, this sort of data becomes invaluable for CyanogenMod. Understanding our user base, their devices, CM version, and other data helps us build a better product." Specifically, CM would be collecting:

  • Anonymized/Hashed IMEI or Wi-Fi MAC address
  • Device name
  • CM Version
  • Country
  • Carrier

Dutta added, "This type of anonymous data is already collected by most Google Play apps and even Google themselves."

Sound harmless enough? Not according to CM's users. They threw a fit.

Kondik fired back:

It's a unilateral change because I run the project and need these stats in order to plan. Without stats, I am just making up random shit with no facts to back it up. You can debate this all you want with me, but I have put the last three years of my life into this project and have only its best interests in mind. While CM is a community project, it is not a democracy.

The thing is that we have NO IDEA how many people are actually turning the stats off, and that is what is bothering me. The number could be in the millions, or it could be insignificant. If it's in the millions, that is a HUGE deal for us.

His comments did not go over well. Things rapidly descended to the Godwin Law ( level "Just because some people make a bad decision doesn't mean its OK to do it ... last time I checked, Hitler also thought what he was doing was for the good of the world."

In the face of so much screaming about the issue, Kondik gave up on the change. He wrote on Google+:

I restored the opt-out feature to stats gathering in CM this morning.

It's incredibly frustrating that a handful of incredibly vocal users are ready to "fork" over the issue. News flash: there are already a hundred forks of CM. We like it, and we enable it! And there's no sinister plot to crack the hashed data and sell your deepest darkest secrets to Verizon and the NSA.

In the end though, we should respect everyone's wishes here. The change was well-intentioned — we just want to have better answers to certain questions. There are many applications out there that are doing incredibly dubious things like uploading all of your contacts without your consent, so certain suspicions are understandable. I do not want CM to ever be perceived as a group that  doesn't respect the privacy of its users.

Personally, I regard it as rather sad that simply collecting such basic anonymous data about a smartphone or tablet could cause such an overreaction. Simply using the Internet, without extra effort to erase your digital footsteps, reveals far more about you than the information CM was going to collect.

Related Stories:

Topics: Android, Google, Linux, Open Source, Privacy, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Even with CM

    the majority of users are still uniformed fools.
    • Considering the amount of faith we put into these devices

      even those working on the firmware are probably somewhat uninformed. Better informed by far than me, but no one can know everything going on inside the device.

      Who's to say some developer didn't plant something in the code? It's been done before. By the way, I don't just mean the CM group, but google developers could do the same thing. Heck, even MS developers could.

      For anyone to expect to know what's going on inside their tablet or phone is ludicrous, so while you may think you are informed, guess again!
      • Remember the Google employee ...

        ... that was stalking a couple of teenage girls?

        That should tell you how "secure" the code is.
  • Similar to the fit some people through over Google collecting information.

    This is individual people being greedy. Why does free software want to collect anonymous user data and sell it to advertisers.....well because even open source programmers have to eat. This is one step worse they aren't even selling the information just collect it to make a better free product for the same people complaining. They should implement a registry of user that share their information and have access to the most recent changes and updated 6 to 8 months ahead of the general release. That is more than fair.
    • Problem is CyanogenMod != Google...

      ...that's the distinct diff. 1 is just a ROM modding dev community while the other are a profit centered org. Apparently these CM opponents can't tell the diff and drew some sort of an overtly paranoid parallel that's unnecessary.
      • Looks like google, acts like google, = just as bad as google

        Whether commercial or not makes no difference. Point is that they gather the same type of data, so should be held to the same standard for privacy and security.
  • Steven, that's because you've been pwn3d by Google

    From the article:
    "Personally, I regard it as rather sad that simply collecting such basic anonymous data about a smartphone or tablet could cause such an overreaction.

    Debian uses a package called popcon (Debian Popularity Contest) to monitor individual systems for package usage, provide anonymous information to the Debian Project and compile information on package usage. With Debian, its opt-in. More here:

    Linux's other half, Richard Stallman, would not be pleased with this recent decision by CyanogenMod.
    Rabid Howler Monkey
  • really is frustrating to rational people

    People like those complainers are the type of person that believes in the 9/11 conspiracy. The sort of person that discounts several independant investigations but if there'a hobo in a back alley whispering " know it really was all a government consipiricy" and are instantly like "ah ha - I knew it!!!"
    • You just described Steven perfectly

      and about 3/4 of his readers.

      This blog can be sooooo entertaining!
  • A load of Nazi Nonsense

    There, Godwin's Law proven
    Alan Smithie
  • a couple

    of mindless people, surrounded by me too followers...who had no clue either.
  • Meh

    CyanogenMod have a long history of 'knowing better than anyone else' and doing pretty much whatever the hell they feel like doing. So the responses are no surprise, and this is yet another reason to stay well away from these guys.
    What started out as a fantastic option for an old phone, quickly turned into 'We are better than the rest of geekdom' when Android became interested in getting their help. This resulted in... well... no improvements to either Android OR Cyanogenmod, and allowed other better equipped modders to close the gap.
    Not to mention their 'Help and support' site offers no help or support and anyone asking for any help is pretty much lauged out of the mod scene entirely.

    Theyre a boil on the arse of Android. Nothing more. Nothing less.
  • That's an interestingly narrow comment

    Considering Android is supposedly Open Source, anyone can add to, fork, or do whatever they want. In that world, the boils as you put it, would eventually die on the vine due to lack of interest. That doesn't seem to be the case here.

    Maybe Android is the bigger boil in your world?
  • Shouldn't be a big surprise

    Those who employ CM do so to gain control of their device and its software, not to simply hand that control over to a different master.

    If you want users to opt in, give them an incentive, don't dictate.
  • Stats from Cyanogen Mod

    I got no issue with this, it is fairly anonymous data. After all your BBFL (BigBrotherForLife) already has your private data with no sweat every time you turn on your 'puter so they can defend the internet. Just sayin' it's a Meh.