Ever since Iāve installed a firewall on my device, I have been shocked to which extent most apps send your data around.
When I look at the trading 212 app, Iām really stunned. I mean are you guys serious?
The firebase stuff is at least partially required for push messages. But the rest is just spyware like stuff because the app works fine without it.
This can not be legal in the EU.
Which ones are used by 212 app?
Most of those wont be by t212 in the first place.
The image shows all addresses the trading app is trying to contact. However all except the 2 green ones are blocked on my device.
Maybe they arenāt adding all by themselves directly, but then they should better consider which libraries to import.
What app are you using - Iām curious now. Perhaps itās an App Store generically trying to track data. I have time tomorrow to play about and kill background apps to see whatās doing what 
Itās the regular Trading 212 app from the Play Store.
If itās the firewall youāre talking about - thatās Netguard from F-Droid.
Thereās Google (android obviously), amazon (database), crash reports, trust pilot, Facebook, cloudfront.
Where is the issue? Those are all legitimate contact requests to ensure the app runs properly and when it doesnāt, they can figure out why.
Parts of the Google addresses are for delivering push messages to the user. That was the one thing that I did not criticize.
I develop apps myself. Logs, crashdumps, etc. mostly contain user related data. Sharing that with 3rd parties is totally unnecessary. It just has become ānormalā.
appsflyer
From Wikipedia: AppsFlyer is a SaaS mobile marketing analytics and attribution platform.
That doesnāt not sound like error fixing, but like collecting data.
That goes for Google Analytics as well. If it was not collecting user data, most EU websites wouldnāt need to ask you if itās alright for you. Not even Google would allow you to opt-out to some extent if they knew it wasnāt collecting data.
With one exception that leaves us with those:
jsdelivr.net
trustpilot.com
I can again only emphasize that the app is running fine with seemingly ALL features working while blocking contact to ALL addresses from this post with the exception of *.trading212.com.
And this brings us to the last address: facebook
In what universe is this a legitimate destination for a financial app?
Most of these behaviours have just become normal nowadays. I can imagine the old days with shareware stuff when it was a common approach to either not transfer anything or to at least ask the user for his permission.
Hiding something in terms that have the size of a book is not really appropriate.
I had a vague recollection someone has raised this question before, unfortunately cant find the post.
To allow apps to keep working you need more than just āfunctionalityā, T212 need to understand their clients usage of the app to determine where to go with improvements and bug fixes. Free app, free service, you provide usage data in return. Facebook also runs usage data to provide metrics for marketing to new potential clients.
To be fair, if something is in the terms, itās not really hidden is it? Doesnāt matter how long the terms are, if you didnāt read it to check thatās on you as the user. Page 1 or page 101 itās all the same.
Making an issue where there really isnāt one IMO.
Yep. Internet was simple, accessible and without tons of cookies and other trackers, data privacy wasnāt an issue, because we werenāt spied (besides the sporadic malware, e.g. trojans). Now, tons of hidden trackers for collecting our data to be sold to unknown third-parties, usually under of āanalyticsā label. Itās the IT and data scientists wet dream, data collecting at any cost, even without the user consent or at least inform him about the data collecting.
As most younger people and millennials only know the public info sharing reality with or without consent, they think itās normal that their info and data are collected, usually by hidden/nontransparent schemes. That why the GDPR and other legal initiatives were created, and EU, US and other countries are becoming more stringent with the Big Techs, specially after the several Facebook scandals (e.g. Cambridge Analytica, a British āanalyticsā company).
I think the opinion part here is what is ok and whatās not. I donāt want my data to go to facebook or other companies.
After all the trade app is not free. The company behind it makes money with the financial products, probably especially with CFDs and so. That pay for the app as well.
Nothing is free. If you donāt pay a monetary value, you pay in another kind of value. Data is an important commodity/asset.
Yep, we have seen the scrupulous business strategy from Facebook, with several scandals about their usersā data handling, the most visible is the Cambridge Analytica, under the excuse of āAnalyticsā. They have targeted and attempted (and achieved ?) to manipulate elections & referendums in several countries.
You realize that by using Android you literally give almost all of your data to Google? Google is gathering even more data than Facebook. Both companies are the horror when it comes to privacy. Just saying.
Why on earth does Trustpilot need my data?
There are some thatāre ānice to haveā for the company, others are baffling and no doubt slow the app down, too.
That may be true for an off the shelf device. The operating system itself is open source and not spying. It only becomes an eavesdropping device through the stuff thatās installed on top.
Thatās why Iām not using an off the shelf one, but a LineageOS flavor without any Google services installed and further tweaks to get out even the last remains of Google, like resolving an incoming callās number to a city name.
Iām a bit astonished as to how many people even defend this data collection practice.
Ok, so how do I limit that unnecessary data transfer (e.g. through t212 platform) ?
I donāt think there is an opt-out. At least I have not seen one.
In my case Iām using a firewall like Netguard. Find it on F-Droid or Google Play.
It costs 5 bucks, but to me itās worth every penny. Without paying you cannot decide which traffic to allow or deny, but only choose if an app gets internet access or not in general.
Which is fine if you know what youāre doing and blocking. Not so great if you donāt and block something necessary.
The majority of the internet (and include apps within that) will call on some of the same libraries if they use any of the common e-commerce/web storage/cloud hosting etc etc sites or even just some of the libraries for common bits of script/fonts/graphics/analytics. Or social media for logins etc.
Sure you can lock things down if youāre really that botheredā¦
there isnāt any cliche vagueness when it comes to apps
free app = you didnāt pay to download or install
free service = you are not charged to create an account or perform actions with the app.
most āfree appsā contain microtransactions as standard, still a free app. so the platform feeās regarding fx, exchange-side fees et cetera donāt make it anything special since they apply regardless of mobile app or web platform.
it was never the case that people āwerenāt spied onā you simply had no way of knowing that you were. data collection before cookies, were accomplished by hardwired connections directly into the lines that transmit data, poor encryption practices and standards meant that data could be collected and later decrypted should someone care enough to process it.
as for FB royal screwup with CA, thatās irrelevant IMO, it has nothing to do with the processing of usage data and everything to do with their failure to restrict CAās access to unwilling third parties. T212 isnāt trying to sway the next presidential election 
downloading and installing the app is giving your consent, additional permissions are then requested by the app when it reaches out to other services on your device and you are fully aware of whether or not you allow the connections via the popup requests and your access permissions in settings. opting out is simple, uninstall the app.
