I like WordPress, and I like Android. However, I do not like the attitudes some of their developers have towards privacy. It seems to be “everything goes, as long as it benefits us”. In particular, the phone-home, and remote kill features, which many developers feel entitled to include, rub me the wrong way. Sorry, but it doesn’t fly on my device. I like your application, and want it to do its job well. Nothing more, nothing less.

Luckily, the WordPress for Android app is open sourced under GPL. It means I have right to access the source code, modify it, and distribute the modified version as long as I also reveal my code changes. So I did just that, fixing a few issues in the latest version (1.3.8) of WordPress for Android. The changes include:

  • Removing the location based permissions (fine and course grained).
  • Removing phone-home features to wordpress.com by which they collect a lot of identifying information, including the unique device ID.
  • Removing the EULA. The GPL is not an EULA! (More on that in a later post).

The patch is available here, and the APK installer binary built to the Android 2.2 platform (API level 8). However, I would encourage you to download and build the source code yourself. To do that, follow these steps:

  1. Download the source code for WordPress for Android:
    svn checkout http://android.svn.wordpress.org/trunk
  2. Download and apply the patch:
    cd trunk
    wget http://hblok.net/blog_resources/wordpress_android/wordpress_android_1_3_8_p_1_privacy.patch
    patch -p0 -i wordpress_android_1_3_8_p_1_privacy.patch
  3. Build the application in Eclipse. If you have not installed the Android SDK for Eclipse, here is the starting point of the download and install instructions.
  4. Search through the code and look for further privacy violations.