1password does connect to Microsoft AppCenter without user consent

Anonymous

3 years ago

It looks like they use Visual Studio App Center, which is a service that provides some developer automation tools. It seems like they are using it for crash reporting and metrics.

I intercepted the traffic and observed it sending the following data elements every time the app starts:

appBuild, appNamespace, appVersion, locale, model, oemName, osBuild, osName, osVersion, screenSize, sdkName, sdkVersion, timeZoneOffset.

Edit: the privacy implications of this depend on how 1Password uses it. Per Microsoft, the information collected as part of the crash reporting system does not include personal information unless the developer chooses to attach PII-containing data to the crash reports. I didn't see any unique ID numbers in the data I collected, though that didn't include a crash dump.

https://learn.microsoft.com/en-us/appcenter/gdpr/does-it-apply-to-me

Forum Discussion

1password does connect to Microsoft AppCenter without user consent

Featured discussions

PSA: Extension going blank or unresponsive in Chrome? Here's what we know

Recent discussions

1Password can't open your saved data - Desktop (Windows)

Old Tags Reappeared

PSA: Extension going blank or unresponsive in Chrome? Here's what we know

iOS App does not allow Account Change

Merge items with one-time passwords and passkeys