getsentry
User consent
Have the SDK operate ‘properly’ but ‘hold off’ on sending events until consent is given. If revoked stop events from being sent again.
Depends on:
- [x] https://github.com/getsentry/sentry-native/issues/110
- [ ] https://github.com/getsentry/sentry-cocoa/issues/1780
- [ ] https://github.com/getsentry/sentry-java/issues/1988
- [ ] https://github.com/getsentry/sentry-dotnet/issues/1603
See also the meta issue at https://github.com/getsentry/team-mobile/issues/24
This feature is really important to me! I'm using Sentry with Unity3D, Without this feature, I failed to meet the requirements for android app dist platforms! For workaround, I can only disable android native features, and do some magic in C# SentryRuntimeOptions to disable runtime init, but keep it in building then I cannot track android native bugs / performance issues. And it seems lead to crashes after disabling android native sentry, I'm still working on it.
Hey @chenyanzz, thanks for reaching out. This really helps us gauge interest for feature and prioritize development!
@chenyanzz a quick way around this today is to add a BeforeSend callback and just drop all the data there, if you don't want it to be sent automatically.
If the user gave consent, you can flip the flag you check on BeforeSend, and let the data flow through
Can BeforeSend prevent sdk from collecting device info? The privacy guideline forbids accessing MEID, DeviceID, etc. before user's consent.
Technically, this is very much feasible. Right now you'd need to implement this feature in multiple places as the SDK does not support setting native BeforeSend callbacks in C#.
You'd need to:
- Add your
BeforeSendto theRuntimeConfig - With the native support for Android enabled have a second
BeforeSendon the Android layer as well
But wait, do we even capture any of this data?
The privacy guideline forbids accessing MEID, DeviceID, etc. before user's consent.
What's MEID? I don't think we send device Id anywhere, we use our own "made up, installation ID" so that it's not used to track across apps
But wait, do we even capture any of this data?
We do have things like DeviceUniqueIdentifier that we grab from Unity here
https://github.com/getsentry/sentry-unity/blob/2bc00e7691a8dfde44905fe50f07c5a1822fa2ad/src/Sentry.Unity/SystemInfoAdapter.cs#L86
it reported as: "io.sentry.android.core" read sensors before user's consent. Seems that the problem is android sdk did gather info un-lazy. And android sdk is auto-inited by sentry-unity
which sensors require user consent? we can look at removing that out of the box. Or, as stefan suggested add the native beforeSend to drop data there.
But wait, do we even capture any of this data?
We do have things like
DeviceUniqueIdentifierthat we grab from Unity here https://github.com/getsentry/sentry-unity/blob/2bc00e7691a8dfde44905fe50f07c5a1822fa2ad/src/Sentry.Unity/SystemInfoAdapter.cs#L86
we should consider not adding this by default
we should consider not adding this by default
At the very least put it behind the PII flag?
To close the tangent on DeviceUniqueIdentifier: We're guarding it with the PII flag https://github.com/getsentry/sentry-unity/blob/f90b3ee1980435aa556ae63c8270a823277e1806/src/Sentry.Unity/Integrations/UnityScopeIntegration.cs#L89-L91