Oddities in the work of Yandex.Metro: debriefing and application updates

    Last week on Habré there was a popular post about oddities in the behavior of the Yandex.Metro application for Android. We take the privacy of our users and the correct behavior of our programs very seriously and, based on the results of the post, conducted an internal investigation.

    Its result was not only a detailed story about what was happening, which can be read below, but also an update to Yandex.Metro for Android, in which we fixed errors that led to the described behavior. Now it is rolling out in the store. Recall that the application in the background could send data to Yandex servers. We in the original post immediately replied that this was a bug and this behavior was not laid down in the Metro.

    Over the past time, we have found the reasons that led to this situation, and now we are checking all our applications for such errors.

    We want to apologize to everyone who was affected by this problem, to say thanks to the author of the original post merced2001 , as well as to all users who helped to find out the details and asked good questions. At the very beginning - very brief answers to those that were explicitly asked in that post.

    How is the constant collection of information about my location related to the operation of your metro map?
    No way. Sending data when the application is not running is an error. We fixed it in an update that is rolling out today. The collection of information at the moment when the application is running, is needed, more details - below.

    Why do you need round-the-clock information about my location?
    We do not need them, and we fixed the application so that this does not happen anymore.

    Now in more detail.

    Why does the application send data

    The fact that Yandex applications communicate with Yandex servers and transmit statistics is normal behavior, which is described in the user agreement. In the case of Yandex.Metro, connection to the network is necessary in the following cases:

    • for user geolocation - we show the current position on the metro map, allowing you to build routes;
    • to update Metro maps, which happens quite often - especially in Moscow;
    • to collect statistics on the use of the application, which allows you to improve it.

    But the fact that the application sent data when it was running in the background is really a very unpleasant error. Having not yet figured out what was the reason, we immediately said that this was a bug and should not be so.

    How did this error come about? Sending statistics was inserted into the Application.onCreate () handler, which is called each time when any of the Metro processes is initialized, noting that there are not only application launches by the user, but also background calls to application processes. I’ll explain a bit below about why an Android application should work in the background at all.

    We fixed this error in the Metro and now we audit all our other applications to find and, if we find, remove the sending of statistics when the application starts in the background. Here it is also worth distinguishing the launch of the application by background processes from the completely legitimate situation of the application in the background. For example, Yandex.Music plays in the background of a song, and Yandex.Disk synchronizes photos. These actions require access to the network, which is normal. But if the application was launched by the user, then he left it, the system unloaded it, and then loaded it in the background for some event, then, of course, statistics should not be sent.

    There is one exception to this rule that we know in advance - Yandex. Application metric. This is our statistics system, which application creators can implement in their products. It does not try to work with the network in each application in which it is installed, but selects one application on the phone as the host, creates a service within it as a separate process through which all other applications send their statistics. Such a “main” application can be selected any of those where there is a Metric (including Metro). Then, in the background, requests will continue to go through it - but only those sent by the active application with Yandex.Metrica.

    Application work in the background

    Many of you understand how the Android OS works, and you know that calling individual application processes in the background is its completely normal behavior. Applications can subscribe to various events and be called upon their occurrence, process incoming data and stop working. For example, Yandex.Mail is subscribed to push from the server about the fact of the arrival of a new letter. It starts, receives a letter, shows a notification, and by clicking on it allows you to read the letter. Yandex.Store subscribes to the installation events of any applications.

    Yandex.Metro was subscribed to the system boot event, because it has the optional ability to enable the search widget in the notification area, which should be loaded with the system starting. The Metro process starts during the OS boot process, checks the status of this option and, if the widget is not turned on, it exits, ending its work.

    However, despite the fact that this is generally normal, we believe that applications should not be launched too often - in some complaints they said that the Metro runs in the background once a minute! This is clearly wrong - you need to save battery and other phone resources. Therefore, in the process of analyzing the situation, we began checking all of our applications in order to try to reduce the number of background launches.

    HTTPS vs. HTTP

    Indeed, some of our applications still send part of requests via HTTP. We understand that this is wrong, and we are gradually moving the entire Yandex portal , including applications , to HTTPS. We immediately suspect suspicions - this is not to hide the facts of data collection - you can still see the connections, say, in the firewall. This is to prevent third parties from intercepting your data and protect Yandex responses from modifications by intruders.

    Also popular now: