Privacy in the Moodle app

From MoodleDocs
Revision as of 14:10, 3 December 2024 by Juan Leyva (talk | contribs)

The Moodle Mobile App is designed with user privacy in mind, ensuring data security and control for all users. Below is a summary of how the app handles user data and privacy-related concerns:

Communication Between the App and Moodle Site

The Moodle app communicates directly with the Moodle site selected by the user.

No data is sent to third parties during this interaction. All communication happens securely between the app and the Moodle site.

Push Notifications

When enabled, Push notifications may involve third-party servers like Google (for Android) or Apple (for iOS). For example, a forum post message may travel through these servers for delivery.

To enhance privacy, we recommend enabling end-to-end encryption for Push Notifications via Moodle site settings. This ensures data is encrypted before leaving the site and decrypted only upon reaching the user’s device.

Users can disable push notifications at anytime:

  • In their device settings.
  • While the app is launched for first time.
  • Through the Moodle app settings.
  • Directly within the Moodle site settings.

App Permissions

The Moodle Mobile App uses only the minimum permissions required for its functionality.

Users are prompted to allow specific permissions only when necessary. For example:

If a user wants to update their profile picture, the app will request permission to access the photo gallery at that time. Users have full control over granting or denying these permissions.

Embedded Content from External Services

Teachers and content creators may embed external content, such as videos or widgets. Such embedded content may allow third parties to set cookies or track users.

Recommendations for privacy-friendly embedding:

  • Use YouTube’s no-cookie feature when embedding videos.
  • For Vimeo, enable the “privacy dnt” parameter to reduce tracking.
  • For other content providers, please check their documentation.

Android Accessibility Features

On Android devices, some features like accessibility services or password auto-fill may involve data processing by Google services (for text processing and reading and storage).

These functionalities are part of Android's operating system and are not controlled by the Moodle app. We do not prevent its usage by default as they might be necessary in different types of scenarios.

Users can manage or disable these features directly through their Android device settings.

Use of Firebase Framework

The Moodle Mobile App uses Google’s Firebase framework to enable Push Notifications.

Firebase generates a unique identifier (a random string of letters and numbers) to recognise the app for sending notifications. This identifier:

  • Is used solely for basic functionality.
  • Does not contain any private or personal data.

As mentioned earlier, users can opt out of Push Notifications entirely if they prefer. They will prevent the Firebase framework for generating additional ids or processing information.