Sideway

android Evernote 3.0.1 permissions

7 posts in this topic

Just wondering about the permissions requested by Evernote, especially the following one:

Your personal information

read sensitive log data

Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.

I understand why the other ones are needed, but I can't think of why Evernote would need to read the log data. Can anyone explain?

Share this post


Link to post

Hi -

Thanks for asking. I wish Android gave us a better way to communicate why we use each piece of data:

PERSONAL INFORMATION:We use "Read Contact Data" to allows the Android application to access the contact list in support of the "email a note" feature. We only access this information when you request "Email a note". The content of your contact list is not sent to Evernote. We use only the email addresses of only to contacts you select. This information is used exclusively to send emails.

"Read sensitive log data" is used if you encounter a problem. In this instance you can select "Send logs" from the "Settings" screen. Evernote sends the logs to your local email client where you can review the information before it is sent to Evernote.

DISCOVER KNOWN ACCOUNTS is used to obtain your email account to pre-populate the registration form's the email field. We don't store the value unless it is submitted for registation. We want the registration process to be as easy as possible.

READ PHONE STATE AND IDENTITY: We access your phone's IMEI number to obtain a unique number for your device when targeting specific one-time upgrades. This information is only sent to Evernote if upgrades apply.

I'm happy to elaborate. In a nut shell: we only access privileged information to make the application easier for the user and we only transmit that information to the server if it's required to provide you a specific service. We only store that information on our server for your benefit.

Share this post


Link to post

So why not use ACTION_SEND to share notes instead of reading the contact data? That would simplify your codebase, ensure Evernote's compatibility with any future Android device in terms of sharing notes, and make Android users feel more comfortable with the idea of installing the app.

The reading of contact data is the one thing that has kept me (and many other Android users) from installing the Android app.

Share this post


Link to post

"Email a note" sends a request to Evernote service to send the note as an email.

Action_send doesnt guarantee that the catching application would preserve the note format.

Share this post


Link to post

I have installed Evernote on two of my computers and was going to install it on my android until I saw the list of permissions it needs.  Now I'm not sure.  Somethings I understand like files, but why does it need permission to do any of the following: In-app purchases (so they can buy apps?),  identity, Wi-Fi connection information, or location?  I especially do not understand why Evernote needs permission to make a purchase on my account.  This is especially troubling in light of the fact the version on the PC needs none of this.  Or is this just Google's blanket permission to do everything?

Share this post


Link to post

Well, first of all, thanks that you address(ed) the issue. Though since the answer in 2011, a lot has changed in the world, and the list of permissions required by Evernote 6.1.1 has grown.

 

I am especially wary of the "Read Phone ID", as the explanation really does not ring true:

 

READ PHONE STATE AND IDENTITY: We access your phone's IMEI number to obtain a unique number for your device when targeting specific one-time upgrades. This information is only sent to Evernote if upgrades apply.

Whenever is there the need to specifically do a one-time-upgrade to a particular phone/tablet?!

 

Please, Evernote, come up with a better explanation for why and how you use privacy-related application permissions, and do tell us convincingly how you protect the safety of our data and privacy of your users depite them.

 

-- Gerhard

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now