Organic Maps is my goto solution for car navigation because it is very quick, responsive and does not require an high end phone. It just works. However for anything more advanced than that (e.g. live location sharing or recording, planning a hiking trip, navigating mountain bike trails, contributing to OpenStreemMap), OSMAnd is still without contender.

Sad to see Mozilla being managed into the ground, betraying their principles and selling their users.

Wenn mit "möglichst vielen Menschen" wirklich alle Menschen gemeint sind und nicht bestimmte Gruppen, dann sind diese beiden Ziele zwei Seiten der selben Medaille.

I'd second this. The organization behind it (https://calyxinstitute.org/about) is a long established non profit, their portfolio covers various cool projects. The vpn client itself is basically a rebranded version of https://f-droid.org/packages/se.leap.bitmaskclient, it it is nothing special.

The question is not weather Google is tracking or not, the question is if Google is breaking the law doing so.

This sadly is in line with Mozilla's increasingly bad privacy defaults. Users who care have moved on to more reasonable configurd forks at this point (e.g. Librewolf).

This. Regulators are a joke

You may want to rework your privacy policy. It contadicts itself:

We do not track your online browsing activity on other online services over time and we do not permit third-party services to track your activity on our site beyond our basic Google Analytics tracking

14. Analytics: We do not use any third-party Service Providers to monitor and analyze the use of our Service.

They video was quiet promising. However looking at the app website shows that what was a false promise. The app does track every single launch and sends that to their servers (see privacy policy) not legal without consent in the EU. Calling this "tracker free" is more than misleading here. I'd call it a lie actually.

The reported tracker is ACRA, a crash report library (https://github.com/ACRA/acra).

I digged a bit into the source code and the apk. From looking at the code alone one can't tell if the crash report is actually enabled, the build configuration depends on some unpublished file. But looking into the apk allows to reconstruct it. These are my findings:

• the usage is implemented here: https://gitlab.futo.org/alex/voiceinput/-/blob/master/app/src/main/java/org/futo/voiceinput/CrashLoggingApplication.kt
• the crash handler is compiled in and also enabled (BuildConfig.ENABLE_ACRA=true)
• the crash handler is configured to dialog mode. According to the ACRA documentation (https://www.acra.ch/docs/Interactions#dialog) that means that user interaction is required for sending (a popup dialog with a cancel button).
• the upload domain is crash.sapples.net
• the dialog can't be disabled via settings
• the usage of ACRA is missing in the licenses and about dialogs (https://gitlab.futo.org/alex/voiceinput/-/blob/master/app/src/main/assets/license-list.html)
• the privacy policy is correctly stated (https://voiceinput.futo.org/VoiceInput/PrivacyPolicy)

  4.1. If the app crashes, you may be asked if you wish to submit a crash report. If you accept, your device information and crash details will be sent to us for the purposes of investigating the crash and improving the software.

Can you give more details of the scan result? Exodus only lists the Play store version. I installed the F-Droid version but Exodus app reports it as "same version" and just shows the clean Google Play Store results. This is obviously wrong, the SHA1 listed for the Play Store version on the Exodus website is different compared to the F-Droid .apk I have installed. Sadly the Exodus website does not support scanning F-Droid apps from third-party repos so I have no idea how to scan it.

That being said, according to the privacy policy (https://voiceinput.futo.org/VoiceInput/PrivacyPolicy), the F-Droid .apk version should have some kind of crash report build-in. So I could imagine that this might get flagged.

Keepass on phone, desktop and tablet. Sync serverless via Syncthing.

• completely private
• always available when needed
• no dependency on services which may go away
• all open source software
• maximum security