Pretty much the title. I’m trying to find some ammunition to fight my HOA on wasting our money. They make us use an app to gain access to amenities, and I want to see what telemetry the app sends back or what it may track.
I tried TrackerControl, but the app (alarm.com) doesn’t pop up in its feed.
I tried PCAPdroid recently and that seemed good
This is the other part I was looking for!
Holy fuck I hate HOA’s/condo boards
Checked Alarm’s privacy policy on their website… and it’s kind of sketch. The big ol’ “Privacy” link takes you to a page basically saying “We don’t sell your info”, which OK, cool.
However, scroll all the way to the bottom, and there’s another privacy section. That one details what they do with info using their service.
Quick Bing AI summary:
Alarm.com’s Privacy Policy outlines how they handle your personal information when you use their services. Here’s a summary in plain English:
Information Collection: Alarm.com collects and stores Personal Information from or about you. This includes details that can be used to uniquely contact, identify, or locate you. When using the User Interfaces (such as their website or mobile apps), you may provide Personal Information like your name, address, phone number, email, location, or zip code. Additionally, when using their Services, you or your Authorized Service Provider may provide additional information (e.g., home or business details, system configuration, sensor names, etc.) to personalize your experience. Types of Data Collected: Performance data from security devices monitored by Alarm.com. Electrical usage, heating/cooling information, light settings, and more. Alert logs and other relevant data. Purpose of Data Collection: To provide you with the best interactive security, energy management, video monitoring, automation, and wellness services. Personalization of services based on the information you provide. Alarm.com may also receive data from their partners (like emergency contact info) to enhance their services1.
Remember that data privacy practices may vary based on your region and use of the app2. Always review the full privacy policy for complete details1. If you have specific concerns, consider reaching out to Alarm.com directly for clarification.’
RethinkDNS can show you where it’s connecting via firewall logs and has PCAP
I just installed this today, and saw all the communications from google apps are going to Canada, which surprised me.
This doesn’t show individual requests, but it shows the tracker libraries and permission demands: https://reports.exodus-privacy.eu.org/en/reports/com.alarm.alarmmobile.android/latest/
Does this app itself do the security surveiling or why does it need access to the camera, microphone, location, user movement, biometrics, contacts etc.?
It is literally a tap to enter nfc pad. There is no need for ANYTHING listed in those permissions.
Bonus points for us having to register with our real names, phone numbers and addresses for access.
Set up PCAPdroid with MITM.
For me I just refuse to use any app to access a service. I can tolerate websites.
That is exactly what I was looking for!
Adguard can do that if you setting it in low level settings & activate HTTPS filtering for certain apps