Oddities in the work of Yandex.Metro: debriefing and update applications
Last week on Habré there was a popular post about the oddities in the behavior of the Yandex.Metro application for Android. We take very seriously the privacy issues of our users and the correctness of the behavior of our programs and, as a result of the post, we conducted an internal investigation.
Its result was not only a detailed account of what was happening, which can be read below, but also an update to Yandex.Metro for Android, in which we corrected errors that led to the described behavior. Now it is rolled out in the store. Recall that the application in the background could send data to a Yandex server. We immediately answered in the initial post that this was a bug and this behavior was not included in the Metro.
Since then, we have found the reasons that led to this situation, and now we are checking all our applications for such errors.
')
We want to apologize to everyone who has been affected by this problem, to say thanks to the author of the original post merced2001 , as well as to all users who helped to find out the details and asked good questions. At the very beginning - very short answers to those that were explicitly given in that post.
How is the constant collection of information about my location related to the operation of your subway map?
No Sending data when the application is not running is an error. We fixed it in an update that rolls out today. The collection of information at the moment when the application is running, is needed, in more detail - below.
Why do you need around the clock information about my location?
We do not need them, and we fixed the application so that it would no longer exist.
Now more.
The fact that Yandex applications communicate with Yandex servers and transmit statistical data is normal behavior, which is described in the user agreement. In the case of Yandex.Metro, you need to connect to the network in the following cases:
But the fact that the application sent the data, being launched in the background, is really a very unpleasant mistake. Having not yet understood what the reason was, we immediately said that this was a bug and should not be so.
How did this error occur? Sending statistics was inserted into the Application.onCreate () handler, which is called every time any of the Metro processes are initialized, not taking into account that there are not only application launches by the user, but also background calls to the application's processes. About why the application should work on the Android in general in the background, I will explain a little lower.
We fixed this error in Metro and now we are auditing all our other applications in order to find and, if we find, remove the sending of statistics when the application is launched in the background. There is still a need to distinguish the launch of the application by background processes from the completely legitimate situation of the application in the background. For example, Yandex.Music plays in the background of a song, and Yandex.Disk synchronizes photos. These actions require access to the network, which is normal. But if the application was launched by the user, then he left it, the system unloaded it, and then loaded an event in the background for any event, then, of course, the statistics should not be sent.
There is one exception to this rule, which we know in advance - Yandex. Metrics for applications . This is our statistics system, which application creators can incorporate into their products. She does not try to work with the network in each application in which she is installed, but chooses one application on the phone as the leader, creates a service within her separate process through which all other applications send their statistics. Such a "main" application can be selected any of those where there is a metric (including Metro). Then in the background, requests through it will continue to go away - but only those that are sent by the active application with Yandex.Metrica.
Many of you understand how the Android OS is structured, and they know that calling certain application processes in the background is completely normal. Applications can subscribe to different events and be called up when they occur, process incoming data and stop working. For example, Yandex.Mail is subscribed to the pushes from the server about the fact of the arrival of a new letter. It starts, receives a letter, shows a notification and allows you to read the letter by clicking on it. Yandex.Store subscribes to any application installation events.
Yandex.Metro was subscribed to the system boot event, because it has the optional ability to enable a search widget in the notification area, which should be loaded along with the start of the system. The Metro process starts during the OS boot process, checks the status of this option and, if the widget is not turned on, exits, ending its work.
However, despite the fact that it is generally normal, we believe applications should not run too often - in some complaints it was said that the Metro runs in the background once a minute! This is clearly wrong - you need to save battery and other phone resources. Therefore, in the process of analyzing the situation that has arisen, we began to check all of our applications in order to try to reduce the number of background launches.
Indeed, some of our applications still send requests via HTTP. We understand that this is wrong, and gradually transfer the entire Yandex portal , including applications , to HTTPS. Immediately warn suspicions - this is not to hide the facts of data collection - you can still see connections, say, in the firewall. This is in order to prevent third parties from intercepting your data and to protect Yandex’s responses from being modified by intruders.
Its result was not only a detailed account of what was happening, which can be read below, but also an update to Yandex.Metro for Android, in which we corrected errors that led to the described behavior. Now it is rolled out in the store. Recall that the application in the background could send data to a Yandex server. We immediately answered in the initial post that this was a bug and this behavior was not included in the Metro.
Since then, we have found the reasons that led to this situation, and now we are checking all our applications for such errors.
')
We want to apologize to everyone who has been affected by this problem, to say thanks to the author of the original post merced2001 , as well as to all users who helped to find out the details and asked good questions. At the very beginning - very short answers to those that were explicitly given in that post.
How is the constant collection of information about my location related to the operation of your subway map?
No Sending data when the application is not running is an error. We fixed it in an update that rolls out today. The collection of information at the moment when the application is running, is needed, in more detail - below.
Why do you need around the clock information about my location?
We do not need them, and we fixed the application so that it would no longer exist.
Now more.
Why the application sends data
The fact that Yandex applications communicate with Yandex servers and transmit statistical data is normal behavior, which is described in the user agreement. In the case of Yandex.Metro, you need to connect to the network in the following cases:
- for user geolocation - we show the current position on the subway map, allowing you to build routes;
- for updating Metro maps, which happens quite often - especially in Moscow;
- to collect statistics on the use of the application, which allows it to improve.
But the fact that the application sent the data, being launched in the background, is really a very unpleasant mistake. Having not yet understood what the reason was, we immediately said that this was a bug and should not be so.
How did this error occur? Sending statistics was inserted into the Application.onCreate () handler, which is called every time any of the Metro processes are initialized, not taking into account that there are not only application launches by the user, but also background calls to the application's processes. About why the application should work on the Android in general in the background, I will explain a little lower.
We fixed this error in Metro and now we are auditing all our other applications in order to find and, if we find, remove the sending of statistics when the application is launched in the background. There is still a need to distinguish the launch of the application by background processes from the completely legitimate situation of the application in the background. For example, Yandex.Music plays in the background of a song, and Yandex.Disk synchronizes photos. These actions require access to the network, which is normal. But if the application was launched by the user, then he left it, the system unloaded it, and then loaded an event in the background for any event, then, of course, the statistics should not be sent.
There is one exception to this rule, which we know in advance - Yandex. Metrics for applications . This is our statistics system, which application creators can incorporate into their products. She does not try to work with the network in each application in which she is installed, but chooses one application on the phone as the leader, creates a service within her separate process through which all other applications send their statistics. Such a "main" application can be selected any of those where there is a metric (including Metro). Then in the background, requests through it will continue to go away - but only those that are sent by the active application with Yandex.Metrica.
Work applications in the background
Many of you understand how the Android OS is structured, and they know that calling certain application processes in the background is completely normal. Applications can subscribe to different events and be called up when they occur, process incoming data and stop working. For example, Yandex.Mail is subscribed to the pushes from the server about the fact of the arrival of a new letter. It starts, receives a letter, shows a notification and allows you to read the letter by clicking on it. Yandex.Store subscribes to any application installation events.
Yandex.Metro was subscribed to the system boot event, because it has the optional ability to enable a search widget in the notification area, which should be loaded along with the start of the system. The Metro process starts during the OS boot process, checks the status of this option and, if the widget is not turned on, exits, ending its work.
However, despite the fact that it is generally normal, we believe applications should not run too often - in some complaints it was said that the Metro runs in the background once a minute! This is clearly wrong - you need to save battery and other phone resources. Therefore, in the process of analyzing the situation that has arisen, we began to check all of our applications in order to try to reduce the number of background launches.
HTTPS vs. HTTP
Indeed, some of our applications still send requests via HTTP. We understand that this is wrong, and gradually transfer the entire Yandex portal , including applications , to HTTPS. Immediately warn suspicions - this is not to hide the facts of data collection - you can still see connections, say, in the firewall. This is in order to prevent third parties from intercepting your data and to protect Yandex’s responses from being modified by intruders.
Source: https://habr.com/ru/post/250235/
All Articles