I like WordPress, and I like Android. However, I do not like the attitudes some of their developers have towards privacy. It seems to be “everything goes, as long as it benefits us”. In particular, the phone-home, and remote kill features, which many developers feel entitled to include, rub me the wrong way. Sorry, but it doesn’t fly on my device. I like your application, and want it to do its job well. Nothing more, nothing less.
Luckily, the WordPress for Android app is open sourced under GPL. It means I have right to access the source code, modify it, and distribute the modified version as long as I also reveal my code changes. So I did just that, fixing a few issues in the latest version (1.3.8) of WordPress for Android. The changes include:
- Removing the location based permissions (fine and course grained).
- Removing phone-home features to wordpress.com by which they collect a lot of identifying information, including the unique device ID.
- Removing the EULA. The GPL is not an EULA! (More on that in a later post).
The patch is available here, and the APK installer binary built to the Android 2.2 platform (API level 8). However, I would encourage you to download and build the source code yourself. To do that, follow these steps:
- Download the source code for WordPress for Android:
svn checkout http://android.svn.wordpress.org/trunk
- Download and apply the patch:
patch -p0 -i wordpress_android_1_3_8_p_1_privacy.patch
- Build the application in Eclipse. If you have not installed the Android SDK for Eclipse, here is the starting point of the download and install instructions.
- Search through the code and look for further privacy violations.