CyanogenMod Android privacy vs. developer wars

The chief developer of the popular alternative Android firmware CyanogenMod thought that requiring devices to report unique smartphone and tablet data would be an unqualified blessing. They reckoned without their users.

It seemed like such a good idea. The developers of CyanogenMod, the popular alternative Android firmware, decided to require their users' devices to report device-specific data so they could create better versions of CM. Who could argue with that? CM's users could.

Cyanogenmod users made known in no uncertain terms that they don't want their Android distribution of their choice to know what's what with their devices.

It all sounded easy enough. In the CyanogenMod github depository, Steve Kondik, who recently returned to CyanogenMod from Android, wrote: "Not having an accurate count of how many people are using CM is painful. I am making an executive decision to remove the opt-out and always turn stats on. The data is anonymized and there is nothing evil that can be done with it. The only purpose here is to tell us if we are a successful project or not."

Koushik Dutta, a CM developer, added more detail about this on Google+. Dutta wrote, "As we start growing as an organization, this sort of data becomes invaluable for CyanogenMod. Understanding our user base, their devices, CM version, and other data helps us build a better product." Specifically, CM would be collecting:

  • Anonymized/Hashed IMEI or Wi-Fi MAC address
  • Device name
  • CM Version
  • Country
  • Carrier

Dutta added, "This type of anonymous data is already collected by most Google Play apps and even Google themselves."

Sound harmless enough? Not according to CM's users. They threw a fit.

Kondik fired back:

It's a unilateral change because I run the project and need these stats in order to plan. Without stats, I am just making up random shit with no facts to back it up. You can debate this all you want with me, but I have put the last three years of my life into this project and have only its best interests in mind. While CM is a community project, it is not a democracy.

The thing is that we have NO IDEA how many people are actually turning the stats off, and that is what is bothering me. The number could be in the millions, or it could be insignificant. If it's in the millions, that is a HUGE deal for us.

His comments did not go over well. Things rapidly descended to the Godwin Law (http://catb.org/esr/jargon/html/G/Godwins-Law.html) level "Just because some people make a bad decision doesn't mean its OK to do it ... last time I checked, Hitler also thought what he was doing was for the good of the world."

In the face of so much screaming about the issue, Kondik gave up on the change. He wrote on Google+:

I restored the opt-out feature to stats gathering in CM this morning.

It's incredibly frustrating that a handful of incredibly vocal users are ready to "fork" over the issue. News flash: there are already a hundred forks of CM. We like it, and we enable it! And there's no sinister plot to crack the hashed data and sell your deepest darkest secrets to Verizon and the NSA.

In the end though, we should respect everyone's wishes here. The change was well-intentioned — we just want to have better answers to certain questions. There are many applications out there that are doing incredibly dubious things like uploading all of your contacts without your consent, so certain suspicions are understandable. I do not want CM to ever be perceived as a group that  doesn't respect the privacy of its users.

Personally, I regard it as rather sad that simply collecting such basic anonymous data about a smartphone or tablet could cause such an overreaction. Simply using the Internet, without extra effort to erase your digital footsteps, reveals far more about you than the information CM was going to collect.

Related Stories:

Editorial standards