Thanks Terry, notice even in what you quoted, I never said it was significant, it was however, and remains a vulnerability, as you so clearly indicated.
It is however, and as you and I have both discussed, an “opt in” vulnerability. In no way, is your ST account vulnerable unless you install a smartapp via this method. Then, your account is only vulnerable to the extent that you choose which devices to expose to the 3rd party.
The choice is in the customer’s hands. Want to be safer, don’t give 3rd parties access. Want to accept some risk and trust a 3rd party, go ahead.
But, what I want to know is, since SmartTiles isn’t charging for this wonderful SmartApp and clearly there has to be some costs associated with the development of it. How safe is your data for the devices you allow? I don’t see a privacy policy or any policy along the lines of what data is collected (inside or outside the ST cloud) and if they will monetize your data, aggregate or not.
If you are going to allow your device data to be used, it would be nice to know the official policy of the 3rd party as to what data they store and how they plan on using it, if at all.
tgauchat
(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy)
42
Absolutely excellent points; thanks, Patrick!
SmartTiles currently does not have a published formal privacy policy because, for Version 5.x, absolutely no data leaves the SmartThings Cloud at anytime. The web based dashboards are fully served by SmartThings’s own infrastructure. We have published this fact, and we are happy to have SmartThings verify this for users at anytime.
Ironically, the V6 platform currently is based on using an external event storage cloud for critical performance reasons, and SmartThings is aware of this (approval is pending). We intend to publish a privacy policy that exceeds SmartThings’s requirements (do they have any specific requirements, actually?) when V6 launches for public use.
Terry, I appreciate your confidence, but since the CSS and JS is loaded externally, the server that serves up these resources are getting user info, including IP address, Browser String (browser name, type, version, mobile, etc.) and how often the page is loaded per user.
This alone is enough to identify an end user and how often they use SmartTiles and on what device, etc. So data about the users is actively being collected on the servers of SmartTiles, however, this information is NOT SmartThings data, it is the data that any website would collect in their logs.
Since SmartTiles lacks any privacy or data policy, this information about users and their usage of the app could be used by 3rd parties. Including being sold or rented.
No doubt Terry can answer how many people are using SmartTiles, how often, unique installs, etc. Just wouldn’t know what devices are being used. At least that was my last code review of the JS and Groovy when it was open sourced. At any time they could change the JS and gather information on anything you authorize.
tgauchat
(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy)
44
Ah… you’re right; I guess there are possibilities opened by the “side-effects” of using the necessary CSS and JS served from external to the SmartThings Cloud.
Indeed, @625alex chose (and we continue…) to serve these from GitHub directly as a matter of convenience; we’d would rather have kept it within SmartThings too, if they provided some means of serving these.
At this time, we do not collect any of the data you mention. We are working on a method to deliver small “in-app notices” so that we can do the best we can to “give notice” and even “ask permission” (at worst, implied by continued use…) to collect a small amount of user (not Device) data, for very limited purposes that we have yet to define specifically. Mostly just to ensure we have a method of informing users of important updates; but also gather some aggregate statistics to help plan performance tuning for Version 6.
Users referencing this conversation should take this Post as official reminder from @625alex and myself (“SmartTiles”) that they continue to use the SmartApp at their own risk (per the existing published license terms agreed upon at the time of Installation), and can uninstall the SmartApp at anytime.
NB: This is an excellent example of how the switch to SmartThings official “submit / approval / publish” process will not improve transparency in this particular regard. At least until a major change in their review process, and as implied in my original post of this Topic, SmartThings only reviews the SmartApp code and does not review nor control any external CSS, JavaScript modules, data/event storage, or any aspects of the Third-Party’s Cloud or Services.
We welcome @slagle, @jody.albritton and team (as “Developer Advocates”) to spawn off an internal task regarding what “Privacy Policies” that third-party services providers should publish and follow. Officially, SmartThings could (does?) just “disclaim” any and all such liability (gotta read the fine print on the Terms of Use and the Developer Terms), but it would be very helpful to have consistent guidelines in this regard, not just the technical publication guidelines.
Great point on code review. One of my biggest concerns is the loading of external code into a SmartApp. I’ve already developed several POC’s on how this is done, a huge time saver for developing, but a huge potential security issue, none the less.
What we really need is a real API. Then we can shift this stuff to real websites and real mobile apps and not be constrained by the lack of development resources in the SmartApp world.
We, the big players, have no choice in this case and neither does the end user. We have been banging our heads against the ST API for years, so it’s a little bit too late to turn back at this point. A small player will not bother, unless curious, it’s too much hustle.
Oh, yes it is.
There’s no privacy policy because we never got around to it. There’s too much overhead in managing this app. That’s why we are not selling the app.
But rest assured, we collect 0 data and no data will ever be sold or monetized. We have standards and principals. This will be different in the next incarnation of the app and will be reflected in the privacy policy accordingly.
We know some of these statistics, but they don’t come from tracking.
Nothing changed in this regard since you reviewed the code.
As I said, we have principles.
A year ago, I requested ST to host the static files but my request was ignored. For a while I was embedding CSS and Javascript directly in the SmartApp, to keep all resources within ST Cloud for maximum anonymity but it was too difficult to maintain.
I honestly don’t know how feasible is this review process long term. It takes a non trivial amount of time to review each submission and update. I don’t know of any other app stores that reviews the code manually. Groovy allows one to do some funky stuff and a reviewer could be easily tricked, if that was the plan of the developer. Whether a SmartApp is published or not, some vulnerabilities remain.
If ST is to review all of the code, not just the SmartApp, the effort and cost to them will be astronomical. Just for reference, SmartTiles code is 2200 lines of code, plus libraries.
In conclusion:
SmartTiles was designed to be run exclusively within ST cloud but this plan backfired because it makes the cloud do more work then it was intended to do. SmartTiles 5 will remain operational but not installable while we finish work on the new version. Nothing about the privacy and data usage of SmartTiles 5 will change.
The new app focuses on performance, security and accessibility. Terry and I are rewriting the app from ground up and getting it published. We are cooperating with ST to make sure the app meets their standards. We are working with them to address some SmartThings vulnerabilities. We take security very seriously.
In the context, context… Yes, your ST account is vulnerable outside the context of smartapp / 3rd party integrations.
Alex, thanks for these great words of assurance that you don’t collect any data
I hope this will be stated on your website with your new launch and wish you guys all the luck.
Frankly, it would have been a heck of a lot easier if SmartThings would have just bought your solution along time ago, then all these headaches.
tgauchat
(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy)
48
We actually could not, at least not with any degree of accuracy and hacking – i.e., because we did not have any tracking code explicitly built into SmartTiles or its included JavaScript, and we’ve never attempted to browse any server logs to see if we could get this by some sort of deduction.
However… As of later this week, we’ve decided to add a just a bit of anonymous tracking to collect statistics only to the degree you describe in the pull-quote.
###Please see the linked Post below, and comment over in that Topic: