Privacy in the Moodle app: Difference between revisions

From MoodleDocs
No edit summary
Line 29: Line 29:


Users are prompted to allow specific permissions only when necessary. For example: If a user wants to update their profile picture, the app will request permission to access the photo gallery at that time. Users have full control over granting or denying these permissions.
Users are prompted to allow specific permissions only when necessary. For example: If a user wants to update their profile picture, the app will request permission to access the photo gallery at that time. Users have full control over granting or denying these permissions.
== Policies and Age Verification ==
The Moodle app supports the Moodle built-in policies functionality. If configured by the site administrators, before being able to access a Moodle site:
* Users will be shown all applicable policies, including mandatory and optional policies.
* If the site has an age verification policy, the app will ensure users confirm their compliance before they can proceed.
This ensures that all users are fully informed and consent to the terms set by the Moodle site.


== Embedded Content from External Services ==
== Embedded Content from External Services ==

Revision as of 07:25, 4 December 2024

The Moodle Mobile App is designed with user privacy in mind, ensuring data security and control for all users. Below is a summary of how the app handles user data and privacy-related concerns:

Communication Between the App and Moodle Site

The Moodle app communicates directly with the Moodle site selected by the user.

No data is sent to third parties during interactions between the user and the mobile app. All communication initiated by the app happens securely between the app and the Moodle site.

There are some scenarios that might involve third-party servers processing data when certain functionality is enabled in the Moodle site such as Push Notifications as described below.

Push Notifications

When enabled on the Moodle site, Push notifications may involve third-party servers like Moodle Airnotifier, Google (for Android) or Apple (for iOS). For example, a forum post message may travel through these servers for delivery.

To enhance privacy, we recommend enabling end-to-end encryption for Push Notifications via Moodle site settings. This ensures data is encrypted before leaving the site and decrypted only upon reaching the user’s device.

Users can disable push notifications at anytime:

  • In their device settings.
  • While the app is launched for first time.
  • Through the Moodle app settings.
  • Directly within the Moodle site settings.

Please check Moodle Data Processing Agreement available at https://moodle.com/privacy-notice/ for additional information.

App Permissions

The Moodle Mobile App uses only the minimum permissions required for its functionality.

Users are prompted to allow specific permissions only when necessary. For example: If a user wants to update their profile picture, the app will request permission to access the photo gallery at that time. Users have full control over granting or denying these permissions.

Policies and Age Verification

The Moodle app supports the Moodle built-in policies functionality. If configured by the site administrators, before being able to access a Moodle site:

  • Users will be shown all applicable policies, including mandatory and optional policies.
  • If the site has an age verification policy, the app will ensure users confirm their compliance before they can proceed.

This ensures that all users are fully informed and consent to the terms set by the Moodle site.

Embedded Content from External Services

Teachers and content creators may embed external content, such as videos or widgets. Such embedded content may allow third parties to set cookies or track users.

Recommendations for privacy-friendly embedding:

  • Use YouTube’s no-cookie feature when embedding videos.
  • For Vimeo, enable the “privacy dnt” parameter to reduce tracking.
  • For other content providers, please check their documentation.

Accessibility Features

On Android and iOS devices, some features like accessibility services or password auto-fill may involve data processing by Google and/or Apple services (for text processing and reading and storage).

These functionalities are part of their operating system and are not controlled by the Moodle app. We do not prevent its usage by default as they might be necessary in different types of scenarios or by certain organisations using the standard Moodle app.

Users can manage or disable these features directly through their device settings.

Use of Firebase Framework

The Moodle app uses Google’s Firebase framework to enable Push Notifications.

After launching the app the Firebase framework generates a unique identifier (a random string of letters and numbers) to recognise the app for sending notifications. This identifier:

  • Is used solely for basic functionality.
  • Does not contain any private or personal data.

As mentioned earlier, users can opt out of Push Notifications entirely if they prefer. It will prevent the Firebase framework from generating additional ids or processing any type of information from the user or the site.

Cookies

The Moodle app does not require cookies to function.

When content is embedded from external sites, such as videos or widgets, those providers may set cookies. Those cookies will not persist between app sessions, as they are not stored in the app itself, they run in an isolated environment.