element-hq/element-android

Please remove device model and detailed system version from the User-agent of Element's request

DarkmatterUAE opened this issue · 1 comments

DarkmatterUAE commented

Steps to reproduce

  1. Start a Matrix server (behind reverse proxy, with logging configured) and use Element Android App to sign in.
  2. Use App normally

Outcome

What did you expect?

See no detailed information about user's phone logged in the log of reverse proxy.

What happened instead?

Detailed device model and Android version (including the version of 3rd-party ROM) is sent in User-Agent of requests sent to reverse proxy, which is unnecessary for server owner anyway and a blatant violation of users' privacy.

203.0.113.100 - - [26/Feb/2024:11:01:52 +0600] "GET /_matrix/client/versions HTTP/1.1" 200 125 "-" "Element/1.6.10 (SAMSUNG SM-A236B; Android 13; lineageos-userdebug 13 1111.222222.001 29d80bfc2d; Flavour FDroid; MatrixAndroidSdk2 1.6.10)"
203.0.113.100 - - [26/Feb/2024:11:01:53 +0600] "GET /_matrix/client/r0/devices HTTP/1.1" 200 122 "-" "Element/1.6.10 (SAMSUNG SM-A236B; Android 13; lineageos-userdebug 13 1111.222222.001 29d80bfc2d; Flavour FDroid; MatrixAndroidSdk2 1.6.10)"
203.0.113.100 - - [26/Feb/2024:11:01:53 +0600] "GET /_matrix/client/r0/sync?filter=lctK&set_presence=online&timeout=0&since=1237 HTTP/1.1" 200 115 "-" "Element/1.6.10 (SAMSUNG SM-A236B; Android 13; lineageos-userdebug 13 1111.222222.001 29d80bfc2d; Flavour FDroid; MatrixAndroidSdk2 1.6.10)"
203.0.113.100 - - [26/Feb/2024:11:01:53 +0600] "GET /_matrix/client/unstable/room_keys/version HTTP/1.1" 404 75 "-" "Element/1.6.10 (SAMSUNG SM-A236B; Android 13; lineageos-userdebug 13 1111.222222.001 29d80bfc2d; Flavour FDroid; MatrixAndroidSdk2 1.6.10)"

Other note

This issue was originally sent as a discussion thread but received no reply from Element officials so I'm elevating it here.
element-hq/element-meta#2309

Please don't hesitate to close with INTENDED or NOTABUG to clarify your stance on user privacy.

Your phone model

SAMSUNG SM-A236B

Operating system version

Android 13

Application version and app store

Element 1.6.10 from F-Droid

Homeserver

Conduit 0.7.0

Will you send logs?

No

Are you willing to provide a PR?

No