In this document we describe the information our service (and the Android app, in particular) collects, what we do with this information, and to which extent we share information with third parties. We also explain use of sensitive Android permissions in the app.
What information we collect
Netalyzr is an academic research project by the International Computer Science Institute and its collaborators. The service conducts a wide range of tests and active measurements to inform you about deficiencies in your network connectivity. In order to provide this service the app conducts a wide array of carefully crafted test connections to our backend servers, and employs system APIs that provide additional helpful context.
Netalyzr does not employ any passive measurement techniques, i.e., methods that access your personal, organic use of the device. For example, Netalyzr by default doesn't know what apps you have installed on your device, where you take your device, or which websites you visit on the device. Netalyzr's data collection is fully self-contained, consisting only of information it derives from its own network traffic.
Netalyzr's measurement connections consist of TCP and UDP traffic to our backend and contains several application-layer protocols, such as DNS and HTTP, constructed to elicit diagnostic information from the network path and our backend servers. The system uses the resulting response traffic to diagnose the presence of potential problems in the configuration and performance of systems involved in your network connectivity, such as your gateway device and your ISP's infrastructure.
Concretely, we collect:
- Metadata about the device's network interfaces obtained via standard Android APIs, for example whether you are communicating over WiFi or an LTE cellular network.
- Details about the measurement connection's contents and performance, as observable locally in the app and as perceived by our backend servers. This includes such aspects as IP addresses and port numbers, DNS query strings, HTTP headers and transaction payloads, the reachability of our test services on various ports, and metadata that report on the outcome of the tests we conduct.
- Our backend records additional logs that relate to the measurement sessions, similar in detail to what regular web servers record. We may also collect packet traces of the measurement traffic arriving at our backend servers.
- Given user opt-in, we collect additional information to improve test detail and accuracy, such as the approximate location of the device and the phone's IMEI. Users can also opt to share additional information about a test session with us at their discretion, to enable us to assist in their troubleshooting. Such user-volunteered information includes their email address and additional details about the client's setting (such as whether it originates from a hotel or an airplane).
How we use this information
The information we collect serves two purposes:
- We use it in order to compile a detailed report of your network connectivity’s state and potential problems we identify in it. For example, we inform you about likely misconfigurations or wrongdoing in your DNS name resolution setup, traffic alterations applied to your traffic in infrastructure outside of your control, or poor network performance.
- It enables us to conduct fundamental networking research in the form of published, peer-reviewed publications and related efforts, in line with the basic mission of the International Computer Science Institute (ICSI), home to the Netalyzr project. ICSI is an independent, non-profit institution aiming to foster basic research in computer science. Examples of such research include reports on the performance of home network connectivity in countries around the world, studies of network interference conducted by internet service providers, or feasibility reports on the adoption of forthcoming network technology, such as middleboxes or network protocols. See our publication record for further details.
What information we share
We never share personally identifiable information (such as your email address or device IMEI) with anyone, ever.
In order to advance our research, we may choose to share select measurement results (such as the connectivity speeds in a certain geographical area) with our research collaborators.
Android permission usage
We now describe Android permissions the app requires, as well as the extent to which users can opt in/out of their use in the app's settings dialog.
The app requires internet access for practically all of its measurement techniques.
The app uses this permission to learn the mode and status of your network connectivity (e.g., WiFi or 3G, and network name). When on cellular, we use this permission to identify your base station. Users may opt out of this ability via the app's settings dialog.
For devices with an operational SIM card, we employ this permission to obtain information about your internet service provider (ISP) / mobile network operator (MNO). This lets us identify whether you're currently roaming, and allows us to characterize properties of your MNO.
We use this permission to group together sessions from the same device and to suppress duplicates during data analysis. To do so, we leverage the IMEI, a serial number that uniquely identifies your device. We only store an anonymized (one-way hashed) version of this value. Unless users opt in, we do not use this feature.
We use this permission to augment session data with precise geolocation information in order to enable geographically focused analysis of our data. Unless users opt in, we do not use this feature.
We use this permission to enable a degree of geolocation detail, as a backup when users willing to share their location are not within GPS coverage (e.g., indoors). Unless users opt in, we do not use this feature.
We use this permission to obtain additional details about your WiFi connectivity via Android's WifiManager, include the network name, frequency usage, and signal strength. Users may opt out of this feature via the app's settings dialog.
We use this permission to determine whether other internet-enabled apps are active and could bias our measurement results.
This permission allows us to persist session results locally to your device's SD card.
For further details about Android permissions, we encourage you to read Android's official documentation.