The use of Firebase Crashlytics in the CovidSafeBE app

Why Firebase Crashlytics is used

Firebase Crashlytics is a very widely-used crash reporting solution that helps application managers to detect, prioritise and resolve crashes that prevent the use of an app.
The stability of the CovidSafeBE app is monitored using Firebase Crashlytics. Crashlytics allows the app (although only after explicit consent from you, the user) to send crash reports whenever a crash occurs. In this way the impact of a crash can be determined and its cause(s) investigated. As a result, the stability and performance of the CovidSafeBE app is immediately improved for all users.
In the case of the CovidSafeBE app, a crash means an inability to use the app so that the user cannot show his certificates and consequently e.g. cannot travel, cannot exercise his right to free movement, access is denied to certain institutions, etc. In case of an unstable app, Belgium would also fail to meet its European obligations, not only within the framework of the right to free movement, but also within the framework of facilitating a secure issuance and verification of certificates. Crash reporting is thus especially important so as to ensure that the CovidSafeBE app functions securely and efficiently.
Crash analysis (not behavioural analysis) is also the sole purpose for which Firebase Crashlytics is used in the CovidSafeBE app. Moreover, Firebase Crashlytics is the only product that is used. In other words, no use is made of other apps that are offered by Firebase (Crashlytics) or Google.
Firebase Crashlytics was chosen because so-called native crash reporting (such as that offered by app stores) is not sufficient for the CovidSafeBE app. With Firebase Crashlytics, more technical information is presented (e.g. where in the code a crash is triggered) which enables the app’s developer to respond to crashes more quickly and efficiently. Another important difference is that Firebase Crashlytics makes it possible to detect so-called “non-fatal exceptions”. These are crashes that (as the name indicates) are not fatal, but which often have a greater impact on the user of the app than actual crashes.

Privacy-friendly settings within Firebase Crashlytics

When implementing Firebase Crashlytics, account is taken of the principles of data protection by design and by default settings.

• Upon first use after installation of the CovidSafeBE app, the user is asked whether he wants to cooperate on collecting crash reports. The user is free to accept or refuse. If the user refuses, no crash reports are sent.
• Via the settings of the CovidSafeBE app, the user at all times has the possibility of changing his decision and (de)activating crash reports. The user can find further information about the use of Firebase Crashlytics in the privacy statement of the CovidSafeBE app.
• The CovidSafeBE app uses only the standard configuration of Firebase Crashlytics, whereby the smallest amount of data possible is transferred. The CovidSafeBE app does not make use of the options that Firebase Crashlytics offers for adding extra parameters and user identities to a crash dump. As mentioned, the CovidSafeBE app does not make use of “Google Analytics” or “Firebase App Distribution”, and so behaviour monitoring or tracking cannot be done within the CovidSafeBE app – something that in any case would not be useful within the framework of the exclusive objective sought by crash reporting. Moreover, in the Firebase Crashlytics settings for the CovidSafeBE app the possibility for Google to use so-called “service data” for improving its own service is switched off. No action can be taken with regard to an individual user on the basis of the crash reports. That is not possible and it is not the intention. The exclusive purpose is to deal with problems as quickly and efficiently as possible (e.g. first addressing problems that affect multiple users).

Op basis van de crashrapporten kan overigens ook geen actie worden ondernomen ten aanzien van een individuele gebruiker . Dat is niet mogelijk en niet de bedoeling. De enige betrachting bestaat erin om problemen zo snel en zo efficiënt (bv. eerst de problemen die meerdere gebruikers treffen) mogelijk aan te pakken.

Information from Firebase Crashlytics about the data in crash reports

In case of a crash report from the CovidSafeBE app, the following information is generated:

• iOS operating System:

• Android operating system:

The Firebase Crashlytics dashboard receives very limited technical data about the crash.

Thus no substantive data, such as certificates, are transferred. Natural persons cannot be identified directly or indirectly on the basis of this information, and certainly not with reasonable means.

In the “Privacy & Security in Firebase” document Google gives examples of data that could constitute personal data when using Firebase Crashlytics. In the case of Firebase Crashlytics, this involves Crashlytics Installation UUIDs and Crash traces. This overview presents abstractly, but not concretely, what data can be transferred.

An internal analysis showed that, in case of a network request from the app after a crash, a Google app ID and an installation ID are transferred. These identifiers are necessary to distinguish the number of unique users from one another. The number of unique (yet still not directly or indirectly identifiable) users is an important parameter for analysing crashes and prioritising solutions. Without a clear view of the number of unique users, a crash that occurs only once may be regarded as being of equal urgency as a crash affecting a million users, and resources cannot be efficiently applied in the interest of the user.

On the basis of our own analysis and the information communicated by Firebase Crashlytics, but without wishing to make judgements that can only be made by Firebase Crashlytics, no indications were found that Firebase Crashlytics, in the configuration that is set up for the CovidSafeBE app on the basis of the above information, could actually identify users of the CovidSafeBE app with reasonable means. This appears e.g. from the fact that, with each (re)installation of the app, a new installation ID is generated and that the Google app ID remains the same for each user who has the same version of the CovidSafeBE app.

If and to the extent that Firebase Crashlytics via the above data could identify natural persons via reasonable means, Firebase Crashlytics has in any case undertaken to have a legal basis for data transfers in accordance with the applicable data protection legislation (see e.g. https://firebase.google.com/su...).

The contractual framework between the Parties and Firebase Crashlytics (Google Ireland LLC) in that case is composed of:

• The terms of service
• To the extent that there should be data on the basis of which natural persons can be identified with reasonable means, a processor agreement including Standard Contractual Clauses and supplementary measures.