NB: @Desertlap has called to attention that the app may be sending large amounts of the data despite the store page indicating otherwise, so proceed with caution.
So something pretty sweet dropped for artists on Android:
Just FYI we haven’t had any experience with it yet, but one customer that has tried it says it seems to be sending A LOT (multiple MB) of data to various IP addresses. Since it’s encrypted they have not been able what it’s sending, but it was significant enough to set of alarms in the customers monitoring suite
Do you know if there was any specific trigger (file operation, FX, etc.) and any approximate IP geolocations?
From the store page:
Data shared
Data that may be shared with other companies or organizations
Location
Approximate location
No data collected
The developer says this app doesn’t collect user data
Security practices
Data is encrypted in transit
Your data is transferred over a secure connection
So according to the dev, it looks like only location data should be collected. If Google doesn’t actually verify data sharing info on the PlayStore, that is indeed worrying.
The customer wasn’t able to pin it down per se but observed the largest pushes at launch, opening and closing docs and when using the built in help.
It could be relatively harmless, perhaps on the order of what MS does with anonymous Windows/Office telemetry, but the lack of transparency is a bit of a concern
They do that as well as several other things like code review but there are several gaping holes in the process IMHO.
For example, they require the dev to list all the api’s and frameworks they use, but if an app incorporates “proprietary tech that differentiates the product” they are not required to disclose that code.
They also run several diagnostics on apps to detect known malware and trojans, but the key word there is “known”.
As anyone who reads any tech blog knows, discovering malware in Android apps is an ongoing issue.
IIRC this is a rebrand (and redesign) of Huion’s art app. IDK how trustworthy they are as a company, but that’s probably where I’d look first to find the answers. Also, curious on Apple’s policies here vs Google’s, since this is on iPadOS as well.