Internet privacy is one of the big challenges we face in this decade. Exchanging data creates benefits and extra value for the user, but probably exposes information one wants to keep private too. We try to run a policy for LapTimer that both creates great value from the data exchange, and keep things private were they should be. Our key approach of doing this is transparency on what LapTimer is actually sending and receiving. In addition to transparency on the data exchange, this page includes a long list of privileges LapTimer requests from the smartphone operating systems and why. In all areas we make no explicit statement here, the Privacy Policies includes in Apple's and Google's End User Licenses apply.
Please note everything on this page is applicable to unmodified operating systems. In case you root your Android device or jailbreak your iPhone no guarantee on anything can be given.
Before going into the details, it makes sense to give an overview on the situations your LapTimer app will communicate outside of its so called "sandbox". The concept of a sandbox is implemented in all modern operating system. It defines a set of resources strictly separated from the rest of the system. LapTimer apps and their local data areas are such a sandboxes. They cannot be accessed from outside (except by super users / administrators). Vice versa, an app operated in a sandbox is not allowed to access resources outside the sandbox – except it is explicitly requested and agreed on by the user as an extended privilege / permission (see below):
- LapTimer Server: LapTimer clients (all editions) communicate with our server to provide Online Racing features as described here. Online Racing features include submission of lap times and positions on track, requesting information from the server like shown in LapTimer's Online View (Petrolhead and GrandPrix editions), and exchanging challenges. The server is a dedicated machine operated by SiNMA GmbH, Wiclefstr 47, 10551 Berlin, Germany.
- Tracks Database: LapTimer provides a huge set of predefined tracks to LapTimer users. The track sets are hosted on a 3rd party web space, they are downloaded only.
- Track, Challenge, and Vehicle submissions / certifications: users can contribute their own track setups and vehicle definitions to LapTimer's repository, or share own recordings of laps with all users, or a private peer group.
- Internal and External Sensors: LapTimer clients access all kinds of sensors (GPS, acceleration, microphone, cam, etc.), both built-in and sensors connected externally. External sensors are connected wired or wireless.
- External Storage: LapTimer stores data and media to external storage. This external storage includes the Photo Library for iOS, an optional SD Card for Android, iCloud for iOS, Dropbox for both iOS and Android, and Mail for all platforms.
- Crash Reports: Both Google and iOS allow the user to select whether they want to report and send crash logs to allow the developer to fix them. On top of this mechanism, LapTimer uses tools named ACRA and BugSense for Android apps to capture problems not reported by Google's system.
- Push Notifications: Starting with version 18.2, LapTimer supports push notifications. Push notifications are short messages shown as banners both for iOS and Android. These messages appear even while LapTimer is not started. Content: new track sets getting available for your country, new challenges submitted by users for one of your tracks, random messages from Harry ("Did you know?" and information on issues / workarounds).
In general, no critical data is transmitted to Harry‘s server. In detail, information sent is made up from the short name, current positions as polar coordinates, a track identifier, times lapped in hundreds seconds, a device identifier, and the current vehicle. The device identifier is needed to match incoming data with existing data. It is a simplified version of your smartphone's UDID (unique device identifier). It is not possible to transform the simplified version back to the real UDID (computer scientist name this value a ,hashed‘ value).
If you are in doubt about the data transmitted, please contact the author for the exact data scheme. Data transmitted is made available to others by the Online View and Hall of Fame. The Online View is available in LapTimer Petrolhead and GrandPrix editions. Not yet available at the time of writing, we will provide a web front end in the near future too.
There are three levels of data transmission. This privacy level can be configured in the Settings Application using the entry 'Publish':
- Never: no position / lapping data is transmitted to Harry‘s Server. In this mode, you are not visible to your buddies. In case you use the Online View, LapTimer transmits data requests only.
- Lapping (default): Position and times lapped are transmitted while lapping. As long as you are not on track and lapping, you are not visible. You are visible while lapping. This is the default mode. In addition, your position is transmitted while watching others in the Online View.
- Always: position is transmitted while LapTimer is on. In this mode, position is transmitted regularly, independent from the current state.
Starting with version 18, LapTimer server provides track shapes to clients. These track shapes are derived from position information submitted by users while lapping. They are completely anonymized and do not include any source information.
More information on Online Racing is available here. Using online services requires a working Internet connections, your telco provider may charge you an extra fee for data transfer.
This is a database of track sets submitted by users and developed by Harry and friends. The track sets are hosted on a 3rd party hosted web server. Clients update the overall list of available track sets regularly when opening the Add-ons / Tracks List. Track sets are loaded on demand. Loading track sets requires a working Internet connections, your telco provider may charge you an extra fee for data transfer.
Track, Challenge, and Vehicle submissions
All of this actions are triggered by the user and will not take place except when explicitely requested. When sharing tracks and vehicles, the user transfers using rights for this data to us. For tracks, data transferred are triggers and points of interest. All data transferred is visible in the mail generated. The user can decide if his / her name is listed in LapTimer list of tracks once the track has been quality assured and placed on the server for others. Vehicle submissions do not use the old fashioned mail mechanismn any more. Data is send directly. The data transferred is a regular vehicle export (.hvehl format) stripped by any individual / personal data. The later includes vehicle identification number, actual maintenance events, an individual vehicle name, notes and picture attached. In addition, providing an email is mandatory to allow us to contact the submitter in case of questions. Like any email addresses visible for us, this address will never be used for anything but LapTimer related communication between us and the user. It will never be passed to 3rd parties.
Challenges work similar to vehicle submissions. Users submit a lap recorded to our server. Other users can access and download this data to race and compare against it. LapTimer asks for the real name (mandatory) and will list this information in Challenges offered to other users. Data submitted is made up from lap event information (time, location) and the GPS, OBD, acceleration data recorded. LapTimer offers "private challenges" by generating a key which is required for others to see and access it.
Starting with LapTimer v19, heart rates recorded by the user are retrieved from iOS Health Kit and displayed aligned to lap recordings. Any health kit data is displayed only and not stored locally or remotely, neither is it shared with any party.
Internal and External Sensors
LapTimer is an extremely sensor intensive application. It records GPS, OBD, acceleration, and records video and audio. Although internal sensors (GPS, acceleration, video, audio) can be accessed through operation system interfaces, this channel is not "open" by default. Depending on the operating system, you will be asked to approve access to GPS and microphone when these services are accessed the first time (iOS) or when installing the app (Android). LapTimer will record data from all the named sensor and store this data into its local database. Recorded data will be partially transferred to Harry's Server as long as this service is not turned off, and will be exported to external storage if requested. There is no other transfer of data recorded.
To access external sensors, LapTimer will access network interfaces. LapTimer will poll a number of local Wi-Fi addresses to check if specific sensors are available. These local Wi-Fi addresses are 192.168.0.74:23 (OBDKey and ElmCan), 192.168.0.10:35000 (Kiwi), 169.254.1.10:23 (OBDLink), 192.168.0.24:2000 (OBD2 4U), 10.5.5.9 (GoPro HERO), 192.168.1.2 (NavtracSLT), 220.127.116.11 (GFi), 192.168.2.1:2947 (Pi-GNSS), and any Wi-Fi address added by the user in LapTimer Expert Settings.
Access to video and audio sources are treated just the same as the other sensors in LapTimer. For iOS7 and later, you need to explicitly allow LapTimer to access the microphone for video capturing. Turning this privilege off will break video capturing. In Android you need to agree to this access during installation (see Privileges Requested below).
LapTimer will transfer data (including video) to selected external storage on demand. All operations except iCloud transfer are user triggered and will not be initiated by LapTimer itself. In iOS iCloud is provided as storage and transfer space for video. As this iCloud storage is consider user owned and cannot be access from outside without authorization, this is not further detailed here. Export of LapTimer data is often done using standard mail. Please keep in mind that data transfer is not encrypted by default – you need to add encryption to the Mail client yourself. For Dropbox and iCloud, the provider claim transfer is encrypted.
Other than Apple's and Google's crash reporting, LapTimer's extended crash reporting using ACRA and Splunk MINT can be turned on and off from within the app: crash reporting is disabled by setting LapTimer's Publish Level to 'Never'. Crash logs are made anonymous ahead of sending them to Splunk MINT. More information on Splunk MINT is available here. We strongly encourage the use of LapTimer crash reports (Apple, Google, and ACRA / Splunk MINT) as it helps you, others, and us to make LapTimer an even more enjoyable app.
As introduced with the concept of a sandbox, LapTimer needs to be granted permissions to access resources outside its sandbox. While iOS will prompt the user when the external resource is access the first time, Android requires the user to agree on the full set of permissions during installation. In Android it is not possible to select permissions, it is all or nothing.
This is the list of permissions you will be prompted for in iOS:
- Photo Library: LapTimer stores overlaid video into the iOS Photo Library and request available video from the Photo Library. In case this permission is not grated, videos will stay in LapTimer's sandbox and cannot be distributed to youtube from here. Some minor features like adding a vehicle picture will be disabled too.
- Bluetooth Access: Bluetooth is used for the obvious BT sensor connections, and for device to device communication. The later is used for MultiCam operation and when transferring laps from one device to another.
- Location Service: although it is possible to reject this privilege and use an external GPS mouse instead, we recommend to grant access as this allows falling back to the internal sensor in case there is a problem with the external.
- Video / Microphone: to allow the user to decide whether an app is allows to record video and audio or not, Apple has introduced this privilege in iOS7. You need to grant this permission because you will not be able to record footage without.
In Android, you need to grant permissions during the install process. In case you do not agree to grant any of the permissions below, you cannot install and use LapTimer.
- Read phone status and identity: LapTimer will use the phone identity to derive a simplified UDID (see Online Racing). It will not access the phone otherwise.
- Take pictures and videos: required to capture footage using the internal cams (both front and back).
- Record audio: should be obvious (see Microphone access in iOS).
- Precise locations: required to get the exact GPS position; please check the Online Racing section to understand in which situations this position is transferred to Harry's Server and how to block this operation.
- Modify or delete the contents of your USB storage: that one is a little misleading – it is actually about accessing your SD card (storing videos).
- Find accounts on the device: required by Android to establish a connection between Google server and the smartphone; used for Push Notifications
- Read Google service configuration: needed to access Google Maps utilized in LapTimer's Map view.
- Full network access etc.: used for communication with Harry's Server, for track database access, and for Wi-Fi sensor access.
- Access Bluetooth access: used to access Bluetooth GPS and OBD sensors.
- Google Play billing service: used to allow InApp purchases on user's request. LapTimer uses the InApp purchase mechanism to upgrade a Rookie Edition to the same functionality Petrolhead Edition offers (same for Petrolhead and GrandPrix) – without the need to purchase the app again.