Firebase Analytics is the "go to solution" for most of mobile apps but it is invasive in the way it collects analytics data.
There are mobile analytics solutions out there that claim to be privacy focused but I observe 2 general problems:
Many of them are not open source. And it actually feels like the "Trust me bro" era is over now. Solutions that claim privacy should have nothing to hide.
Some others are open source and claim compliance with many privacy regulations (including CCPA, GDPR, etc.) and also saying no user consent is needed. When I run an analysis on their marketing material and the code itself, I find discrepancies. It is either false marketing or lack of knowledge. Many of those solutions that claim compliance are actually not compliant at all and a user consent is strictly needed.
I ended up developing my own, and making it fully open source now.
After comparing it with several solutions out there, I can say that Respectlytics is likely one of the most - if not the most - privacy focused solutions out there. But I don't want to market it as compliant with any privacy regulation. These regulations keep changing all the time, and new rules/laws pop up all the time. I am not a lawyer. The code is now open source (both SDKs and server side), everything is well documented, and people can run their own analysis and take their own decision.
SDKs are open source with an MIT license and cover major technologies:
- https://github.com/respectlytics/respectlytics-react-native
- https://github.com/respectlytics/respectlytics-swift
- https://github.com/respectlytics/respectlytics-flutter
- https://github.com/respectlytics/respectlytics-kotlin
And the server side comes with AGPL-3.0 license so that anyone can take it and deploy to their own servers for free of charge, as long as they remain compliant with the rules of the license itself. The server repo is available here:
The platform builds upon the motto Return of Avoidance (ROA), focusing on data minimization and not collecting the sensitive data in the first place.
Custom fields are architecturally blocked because it is the biggest source of Personally Identifiable Information (PII) leakage, either due to human mistakes or lack of knowledge.
Multi-session tracking is not possible, a session can be at most 2 hours long, and restarts whenever a user restarts the app even if it happens only after 5 minutes. Multi-session tracking is one of those things that triggers consent request according to many privacy regulations because it creates a fingerprint.
And all relevant information is available in the documentation.
I appreciate any feedback in this community.
You are welcome to give a star to the repos if you support this effort.
Top comments (0)