Flash Player 20.0.0.235 Adds Phone Home Analytics

Update: This issue seems to be isolated to version 20.0.0.235 as subsequent releases do not contain the LaunchDaemon and executable.  

Starting with the Flash Player 20.0.0.235 there are two new files added to the installer that attempt to send anonymous analytic data back to Adobe.  The files are a new LaunchDaemon at /Library/LaunchDaemons/com.adobe.SC.FPFeedbackService-1.0.plist that fires off  /Library/Application Support/Adobe/FPFeedbackService.  Running strings against the FPFeedbackService binary reveals some interesting tidbits:

# Following anonymous information is being collected from your machine.
# OS, OSType
- Operating System details
# UserAgent
- Browser details
# FlashVersion
- Installed Flash Player version
# RenderMode
- Represents the render mode of the SWF content.
# SWFVersions
- It is the list of SWF Versions played in browser and their count.
e.g. SWF10|23 means that SWF file having version 10 have been played 23 times.
# ASVersions
- It is the list of Action Script Versions associated to SWF files and their count.
e.g. AS2|10 means SWF file having Action Script Version 2 have been played 10 times.
# APIList
- The API List represents the collated API and its count in all played SWF files.
API names have been encoded to reduce the network traffic.
e.g. flash.display3D::Context3D will be encoded as 17.

and

User has disabled the service.Exiting.
Analytics Disabled.Exiting.

I found no option for disabling the analytics in the Flash Player PreferencePane.  Flash Player’s configuration can be managed with a /Library/Application Support/Macromedia/mms.cfg configuration file.  That’s how automatic updates have been suppressed previously. However, there is no mention of the new analytics or how to disable it in the ADOBE® FLASH® PLAYER 20.0 Administration Guide.  There is no mention in the blog post announcing the release, either. I’ve submitted a comment to that post for clarification but it has yet to be approved by a moderator.

The macadmins Slack team discussed, dug in, and and discovered that it can most likely be disabled by adding the entry DisableAnalytics=1 to the mms.cfg file.

To suppress automatic updates and disable analytics, the mms.cfg file should look like:

AutoUpdateDisable=1
SilentAutoUpdateEnable=0
DisableAnalytics=1

Advertisements
Tagged , , ,

9 thoughts on “Flash Player 20.0.0.235 Adds Phone Home Analytics

  1. Hi,
    Thanks for the blog post and the heads up! This is definitely a bug. This file should not be present in our release builds. As you’ve noted in the log above, while the file has been inadvertently placed on the system, no data will be sent to Adobe. At a minimum, the mms.cfg must contain AnalyticsUserChoice=1 to enable data pingback. In addition, because this is a release build and not a beta build, even if AnalyticsUserChoice is set, data will not be collected or sent to Adobe.

    We do plan on introducing anonymous usage data collection in the future, but only if a user opts into the feature in our *beta* channel. This feature will *not* be enabled or work with our standard releases. In addition, we will:

    1. Provide every user the option to enable/disable anonymous usage sharing at the time of install
    2. Provide UI to toggle this feature on and off via the Flash Player preference/control panel
    3. Provide clear documentation on what is being sent, how the data is being used, and how to disable it (from both a end user and administrative perspective.)

    We’re currently investigating how this bug occurred and working to correct it asap. We’ll post more details as we get closer to releasing this features to make sure everyone has a clear understanding of what it does and how it works before making their choice.

    Thanks,
    Chris Campbell

    Like

    • eholtam says:

      Thanks for the clarification, Chris. I appreciate you coming here and posting publicly about it. I’ll be sure to pass this on to our Mac Admin community.

      Like

    • Allister Banks says:

      So we’re supposed to believe that 1. there’s this previously unannounced, heretofore not-shipped, beta-only, ‘feature’ (to be perfectly blunt, for Adobe’s benefit solely, nobody downloads an internet plugin or tests their content in it to participate in stuff like Omniture, which breaks much of the internet if disabled) 2. not only did that code slip into prod’s compiled binary and ship with no notice or docs, but 3. a root-level system service was silently installed and started BY MISTAKE.

      ಠ_ಠ

      YHGTBFKM.

      Like

  2. bradmacpro says:

    I added the line to the mms.cfg file to suppress the analytics. I like the autoupdates. Do I have to restart or log out and back in?

    Like

    • eholtam says:

      I deploy the config file on newly built machines and haven’t added it after a user has logged in so I’m not sure if the LaunchDaemons need to be re-loaded. It wouldn’t hurt to unload and reload /Library/LaunchDaemons/com.adobe.fpsaud.plist.

      Like

  3. Eric T says:

    Just came across this post and immediately checked whether this was the case on my system running Flash 20.0.0.286. The LaunchDaemon and FPFeedbackService binary do not exist on my system, so it looks like Adobe was true to their word and removed it from production builds.

    Like

  4. […] beating the drum about Flash dying a death, and haven’t included it in our image since the Great Analytics Fiasco of 20.0.0.235. I’m not the most tolerant or creative tech out there, so luckily my boss comes up with ideas […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: