(Archived) Please Reduce Permissions Requirements

[wtwentyman 1]

I've browsed through the forum, and can understand why you want access to contacts, but access to logs is just not something I'm willing to grant you. I'm sure it's helpful to you, but I would never send the crash data, and don't want ANY application accessing those logs.

With that said, please reduce your permissions requirements, or I'll be judging you solely by how well NixNote works (since you also refuse to support Linux directly, or make sure EverNote runs well under wine).

I realize I'm new, but I've heard a lot of good stuff about your product, and have a pretty negative first impression.

[garychenc00l 13]

Well yet again, log permissions is only to send log data if something goes wrong. I doubt it that EverNote will change it because you don't want evernote accessing your logs.

[wtwentyman 1]

Perhaps not, but they will not have a customer, either. I settled on AndTidWiki as a suitable replacement for my purposes. It's geeky, but something I'm quite familiar with.

Further, a refusal to listen to the concerns of those of us who are security conscious makes me wonder how many other concerns they're willing to address. The problem is I'm a programmer, too. I know that what an app does, and what the developers say it does, don't always line up.

[blaster219 18]

Does Evernote send Error Logs automatically or only when you specifically tell it too by Pressing "Send Log" in the Support page of the app's Settings.

If its the latter, then what's the problem? Don't send any report logs and Evernote won't access any own Error Logs

[heather 604]

This has been answered by us before:

http://discussion.ev...post__p__116397

[wtwentyman 1]

Heather, I think you missed my point. I understand what the permissions are for, I'm asking you to remove the access to sensitive data. I had already read the referenced thread.

[blaster219 18]

Heather, I think you missed my point. I understand what the permissions are for, I'm asking you to remove the access to sensitive data. I had already read the referenced thread.

Then did you read the part where it said the ONLY time the app accesses the logs is when the USER manually tells the app to do so? And even then, any data read is first presented to you before transmission so you can verify that no compromising information is sent. Considering how some other apps handle error reporting, this is bending over backwards for the "privacy conscious crowd" whilst still maintaining the required functionality of the error reporting process. If you're still concerned, you can even delete any sensitve information read by EverNote and included in the report before you send the email.

[heather 604]

Yes, and as you can see from that post:

"Read sensitive log data" is used if you encounter a problem. In this instance you can select "Send logs" from the "Settings" screen. Evernote sends the logs to your local email client where you can review the information before it is sent to Evernote.

We do not actually receive anything unless you choose to send it. And, you have the ability to edit the log before it is sent, as you view the email before you hit "Send".

I am very sorry, but removing logging is not something we will be doing from our clients. We did add it in the least obtrustive way possible, however.

[wtwentyman 1]

Thanks for your reply. I will not be installing it.

Based on this conversation, my wife has uninstalled it from her phone as well.

[hostricity 12]

Personally, I would hate it if when I wanted to send an email from Evernote, I had to type in the person's email address instead of selecting it from a contact list.

May I assume that EN lets me select from the contact list, and then ONLY that email address is sent to EN? In other words, from a security standpoint, isn't that the same thing as typing in the information when sending an EN email?

Haven't used the feature yet, but does EN display the contact list, or does it call the contact manager to display the contact list and return the contact selected? I don't know if that's part of the Android API, but if it isn't, it should be.

[Gargoyle 3]

Here is my understanding and view on this issue...

The question: I have privacy and/or security concerns. Is there a document that provides comprehensive clarification on the permissions that the EN Android app requests?

The answer: This has been answered by us before: http://discussion.ev...post__p__116397

The reason I am here today is because I went to update EN on my phone and when I checked on the permissions my gut reaction was [a] not to install the update, considering uninstalling it altogether, and [c] to research the issue and see what EN and other users are saying about this. Luckily I found this thread and have educated myself - and am now almost 100% confident in continuing on with EN on Android.

My suggestion. If there was a [more] official, public, [more] fully up to date, point-by-point "here's what we're asking for and why and here is what you can control [e.g. sending logs]" document to reference I think it would be useful to anyone with security and/or privacy questions or concerns. As it turns out, imo, there isn't a Machiavellian plot at EN to misuse our personal data - as is the case in other apps, sadly.

P.S. Cheers - you all have made a marvelously useful app. Not everyone can say that!

[inkedmn 8]

Actually, we do have such a document in our Knowledge Base: http://evernote.com/contact/support/kb/#/article/23168602

Let us know if that doesn't fully address your concerns. Thanks!

[electricpete2 0]

My suggestion. If there was a [more] official, public, [more] fully up to date, point-by-point "here's what we're asking for and why and here is what you can control [e.g. sending logs]" document to reference I think it would be useful to anyone with security and/or privacy questions or concerns. As it turns out, imo, there isn't a Machiavellian plot at EN to misuse our personal data - as is the case in other apps, sadly.

I agree 100%. I have spent about a half hour searching the forums to learn why Ever Note needs so many permissions.

Most of the responses say things like "this has been answered before", perhaps providing another link to a thread talking about how it was answered before.s

I'm sure it's there somewhere, but all I've seen are bits an pieces, nothing to explain the whole picture.

That's what I want.

That's what any security-conscious user should want.

That's the kind of thing that makes security counscious user walk away when the answer is not presented.

That is what Evernote should want to make easily available to keep their customers.

That's what Gargoyle asked for.

The response by inkedmn perhaps indicates he didn't read the question. The linked page only lists the permissions requested (which I can see on my phone or on Google Play).

It does not say a word about WHY these permissions are requested.

The fact that the only official Evernote page discussing permissions is so unbelievably terse (lists not a single thing more than what we already know... and nothing about why) is itself quite scary.

So, if anyone from Evernote is listening and actually understands what Gargoyle reasonably asked for and I reinforced, please let me know where it is

Thanks in advance.

Actually, we do have such a document in our Knowledge Base: https://support.ever...-and-Data-Usage

Let us know if that doesn't fully address your concerns. Thanks!

[BurgersNFries 2,407]