Saw this today and now I’m reconsidering if Boost is right for me. I’m really hoping this is shitty boiler plate that was accidentally copied and over looked because that is some bullshit to say “unless we decide we want to use your personal data for whatever we want”.
I know “legitimate interest” is a phrase from the cookies law but there is no legitimate interest justification for this. My data is my data and I decide who has a legitimate interest in it so advertisers can fuck off, as can Boost if this the direction it’s going.
Edit to say this blew up. I didn’t realise I was kicking as big a hornet’s nest and haven’t read all the comments yet.
To be clear, what I don’t like about this and other provisions in the terms is the language and implications around data use. I’ve no problem with ads being shown - I want developers to get paid for the work they do and that makes it possible for users to have “free” access to software if they can’t afford to purchase.
I also want to add the response from Boost’s dev below to make sure it’s visible. You’ll see that it is boilerplate but required by Google and was present in Boost for reddit. I just hadn’t seen it because I purchased it immediately based on a recommendation. It doesn’t make me happy about it but does remove some doubts I was having about the direction Boost is heading.
I will be purchasing the app to support the dev because I do like Boost but I understand not everyone can afford everything so you’ll see some other suggestions in the comments below that don’t have any ads if you’re not happy with the free version and ads with their associated loss of data privacy.
Dev here.
The dialog and its content is not created by me, it is a standard solution from Google to comply with GDPR and other laws. More info here: https://support.google.com/admob/answer/10114014?hl=en
The consent dialog is also required by Google AdMob to show ads, and it is shown when the ad network is initialized.
When the app launches, first it checks for the remove ads purchase, and if it is not present, it will initialize the ads sdk. The ad network is not initialized if the remove ads purchase is detected.
Boost for Reddit was using the very same ad networks and consent dialog.
And unless you: have access to the source code, are fluent in the programming languages used to build it, AND have time to review it all, you’ll never know if an app does that.
Conforming to the Play store does not make the dev shady imo. If that’s your stance you probably should stick mainly to F-Droid apps.
you can packet capture and hazard a guess at least, not necessarily access to source code
That’s definitely true. I wonder if anyone throwing a tantrum here would ever care to learn how to do that.
Of course not.
Doubt the capture would help any, TLS and all that jazz.
Unless the app uses hard-coded root certs, you can still capture and decrypt ssl/tls traffic using a custom root cert so the device trusts your MITM server. It’s just a bit more work.
I installed an app that does exactly that, and checks for common trackers. None were sent after buying Boost.