Ethics of app phoning home

Hey guys

I’m about to release a small app for free but am considering adding a small call to an api that simply logs the time and date that the app was run.

It’s kinda just for my own motivational (read vanity metrics) but is it kinda unethical?

Unless you display a message of what will be sent for information and provide the user with an option to participate or not, yes, I believe it is unethical to log usage without the user’s consent.

This all falls on a spectrum from invasive tracking to benign telemetry. The most ethical approach in all cases is to disclose what you intend to do, why, and what will be done with the data once you have it and then keep the user in choice by letting them opt into or opt out of the logging at any time.

My experience is that receiving user data of any kind is a burden you don’t want if it can be avoided. The responsibility to handle user data correctly and conform to laws around the world (especially the EU) is significant.

Regardless of the level of disclosure you choose, I recommend ensuring that nothing that identifies the user/customer is sent to your server. Also make sure none of their data and/or content is sent to your server. If you don’t have it, it cannot be hacked or become the target of a subpoena. Regardless of the content everything should be sent over a secure connection (https://).

Make sure your app will continue to operate if your server should go down or disappear. You don’t want the absence of your server to brick the app.

And finally, make sure the payload is small and rate-limited. Even though may people have good bandwidth speed and data limits, in some places (e.g. remote communities, cellular hotspots) reliable internet service is not a given.


Thanks All for the detailed responses.

Keyboard Maestro checks once per week to see if there is a new version available.

Version checks include the OS version and Keyboard Maestro version in order to know whether a new version is available. This used to be pretty standard in the pre-App Store days, with protocols like SIVC (Simple Internet Version Control) being common.

This seems entirely ethical, and IMO, practically required to keep support costs under control as having folks running out of date versions with resolved issues means more of my time is spent on support and less on development, so everyone loses.

Basically, as much of the point of phoning home should be to fairly directly benefit the user as you.

Now if an app were to start including information about what the user is doing, that would be absolutely be crossing the line (like practically every web app that tracks your keystrokes, mouse movements, clicks, etc).