we are evaluating EAS and it’s Production Plan to be used as the CD pipeline for our standalone React Native app. Since data privacy is a very sensitive topic for us, we would like to know beforehand how data is being handled by EAS and the related services and libraries. We found so far Expo’s privacy policy pages, where such thing are described.
However, we are missing some transparency regarding EAS Update and the needed expo-updates library. We couldn’t find any details regarding the data that is being collected by Expo when using those. Is expo-updates using some kind of telemetry and sending data to Expo’s servers?
We would be happy about more insights regarding this.
@driverioki hi, could you share what privacy policy pages you were looking at? And to answer your question, the expo-updates library by default checks for a new update when your app launches. Specifically, it sends an HTTPS request to EAS Update that does not contain PII. The request includes your project ID (needed to tell which app is looking for updates), an EAS client ID (a random string needed to count monthly updated users for billing), a rollout token (a random string used to roll out updates to a percentage of your end users in a stable way), the device’s OS (e.g. “android”, needed to tell which version of an update to send), your app’s runtime version (a version string you choose that’s included in your build in order to specify which JS updates are compatible with your build), and the IDs of the latest update your app has received and the update embedded in the app when it came from the store. In the future, the expo-updates library may provide a way for developers to include custom key–value pairs with this request.
We didn’t find any details on EAS Update or expo-updates though. And the docs for expo-updates didn’t mention anything regarding data collection or telemetry either, which the docs for expo-cli do, for example.
Because of that, we reached to the forums, as stated in the Data and Privacy Protection page:
If you have any questions, please post in our forums.
Once again, thank you very much for the detailed explanation. Maybe you could include this information in any of those pages to avoid similar questions in the future
Thanks for sharing which pages you looked at. We plan on updating those pages soon, specifically to add info about EAS Update, similar to what I wrote above.
