Jump to content

(Archived) R U Spyware?


Recommended Posts

We are not spyware.

When you install our Android client, we ask for permission to your Contacts should you choose to email notes from your account via the Evernote Android client. Any notes emailed are sent via our servers, but we don't "Track" which notes you've sent, or or the content of those notes, etc.

We also need access to your data plan so we can connect to the internet and sync your notes.

No spyware here.

Link to comment

Sort of timely. I am considering using evernote and was going to download it on my phone. I saw a comment on the android market about the Evernote app being listed in this study about sending phone numbers, call info etc in the background etc.

I guess I am on the fence now. After reading these articles like the one at PC World (http://www.pcworld.com/article/206710/i ... ?tk=hp_new)

Evernote folks: can you specifically address the things brought up in this PC world article? (below)

" * Two thirds of these apps violated user privacy by sharing location data or information that could identify individual handsets.

* Half of them sent user location information to advertising networks like Admob or analytics companies like Flurry without user consent.

* Seven of the apps sent the unique device identification numbers of the GSM user and the handsets' SIM card to its servers.

* Two of the apps captured the users' cell phone number along with the ID number and the users' geographical coordinates.


Mind you, if the police wanted this information, they'd need a court order. These apps are doling it out like candy to advertising firms and storing it on their own servers. Per the study [PDF]:"

Link to comment

Oh, yeah, sorry - I forgot that we also use your GPS/Cell phone triangulation if you don't have one to geolocate your notes - and place this information into your note database. This is also a majorly advertised feature of our mobile clients, and not something we're trying to hide.

We don't share anything with advertisers.

Link to comment

When you install Evernote from the Market, you see a screen that warns you that the application has access to the following (this is their wording):

    [*:23i98863]Your location (coarse (network-based) location, fine (GPS) location)
    [*:23i98863]Network communication (full Internet access)
    [*:23i98863]Your personal information (read contact data)
    [*:23i98863]Storage (modify/delete SD card contents)
    [*:23i98863]Hardware controls (record audio, take pictures)
    [*:23i98863]Phone calls (read phone state and identity)

If you say "OK" and install our app anyway, then we will install and run normally. If you press the "Snapshot" button on our home screen, we will access the camera. If you press the "Audio note" button, we will (surprise!) access the microphone. If you enable geo-tagging of notes in the settings, we will grab your location when you take a note, and attach that to the note.

If you read the paper (http://appanalysis.org/tdroid10.pdf), you'll see that they took "30 randomly selected, popular Android applications that use location, camera or microphone data" and then monitored communications to see if those applications transmit any of that over a network.

We're only mentioned once, in this table:


So we're basically in this paper because we're a top-50 app, which legitimately accesses location, camera, and audio features of the phone, and communicates location data to our servers as part of geo-tagging notes. This is, of course, exactly what our application says it will do, and exactly what we brag about it doing. (E.g. http://blog.evernote.com/2009/12/16/eve ... -its-here/)

So the people who wrote this paper lumped us in with a few sketchy apps that send your location to ad networks, etc. Other popular and perfectly legitimate apps like The Weather Channel are in the same boat.

That's because this is a computer science paper explaining their clever technical solution for observing/sniffing Android applications. They weren't making any real effort to separate legitimate uses of these features from nefarious ones ... they just wrote an automated scanner, ran a bunch of apps through it, and then put the raw results in a table, unfiltered and unexplained.

A more responsible group of researchers would have spent a little time separating legitimate uses of geotagging from bad ones, but I guess that would have drastically reduced their list of applications (and made the story a lot less newsworthy).


Link to comment

We don't yet have encryption support on the Android.

You can encrypt from the Mac or Windows clients, and decrypt from there or from iPhone or the web.

We encrypt with a passphrase-derived key (derived via MD5) symmetric RC2 cypher.

Link to comment

Oh, I might be out of date. Yes, if you have an option to decrypt and view the text, then it's supported.

(The encryption and decryption are always performed on your client ... our servers don't even have any way to decrypt this data.)

Link to comment


I understand why Evernote needs the services you mention. However, would you tell me why Evernote needs access to my Android's contact list?

The whole list is:

o Your location (coarse (network-based) location, fine (GPS) location)

o Network communication (full Internet access)

o Your personal information (read contact data)

o Storage (modify/delete SD card contents)

o Hardware controls (record audio, take pictures)

o Phone calls (read phone state and identity)

Thank you so much,

Patrick B

Link to comment

If you use the "Email" button to email a note to someone else from within Evernote, you can select contact entries from your contacts list to email the note to. If we didn't have that permission, you'd need to manually type the email addresses of all of your recipients from memory.

Link to comment
I understand why Evernote needs the services you mention. However, would you tell me why Evernote needs access to my Android's contact list?
If you use the "Email" button to email a note to someone else from within Evernote, you can select contact entries from your contacts list to email the note to.

... as already explained in Heather's initial reply

Link to comment

Excellent. Thank you Dave.

Sorry juwlz. I had followed the link in Dave's post yesterday in the Android Market and mistakenly thought it was the full explanation about "Evernote doesn't share any data with third parties. Details from CTO: http://forum.evernote.com/phpbb/viewtopic.php?f=51&t=19103#p78857" I should not have made that assumption that those details were all the details.

Patrick b.

Link to comment


This topic is now archived and is closed to further replies.

  • Create New...