Search Unity

  1. Unity 2018.3 is now released.
    Dismiss Notice
  2. The Unity Pro & Visual Studio Professional Bundle gives you the tools you need to develop faster & collaborate more efficiently. Learn more.
    Dismiss Notice
  3. Want more efficiency in your development work? Sign up to receive weekly tech and creative know-how from Unity experts.
    Dismiss Notice
  4. Build games and experiences that can load instantly and without install. Explore the Project Tiny Preview today!
    Dismiss Notice
  5. Nominations have been announced for this years Unity Awards. Celebrate the wonderful projects made by your peers this year and get voting! Vote here!
    Dismiss Notice
  6. Want to provide direct feedback to the Unity team? Join the Unity Advisory Panel.
    Dismiss Notice
  7. Improve your Unity skills with a certified instructor in a private, interactive classroom. Watch the overview now.
    Dismiss Notice

How to disable Unity analytics?

Discussion in 'Unity Analytics' started by Sarbakan-Support, Nov 27, 2018.

  1. Sarbakan-Support

    Sarbakan-Support

    Joined:
    Aug 27, 2014
    Posts:
    5
    Hi,

    My app is getting rejected by my client because there are calls to https://cdp.cloud.unity3d.com/v1/events and https://config.uca.cloud.unity3d.com/.
    Since we are targeting young children, they are really careful about calls to external servers.
    I disabled Unity HW stats, I disabled the Analytics in the Services menu but I still see those calls in Charles Proxy.
    If I log into the Analytics services on Unity's website I see that it's activated, but it's not on anywhere in my game.
    I am missing something?
    I am using Unity 2018.2 pro by the way.

    It looks like an old problem that was never answered.
    https://answers.unity.com/questions/1514671/how-do-you-disable-unity-analytics-in-unity-pro.html

    Thanks
     
  2. marc_tanenbaum

    marc_tanenbaum

    Unity Technologies

    Joined:
    Oct 22, 2014
    Posts:
    325
    Hi @Sarbakan-Support ,

    In principle, if you have HWStats disabled and no services running (Ads, Analytics, IAP, Performance) no data should be sent to Unity servers. Since you're observing that not to be the case, let's try a couple ideas to investigate:
    • Check your services window to ensure all the services mentioned above are disabled.
    • Check any plugins you're using that might possibly activate any of those services programmatically.
    If neither of those turns up anything, the next step would be to use a tool like Charles Proxy (looks like you may already be using something along that line) and let us see the JSON payload of the calls. That might shed some light on what's going on.

    We're investigating a related issue, so it's also possible that this is related to a legitimate bug, but getting more info might help us establish that fact and/or suggest a workaround.

    Thanks!
     
  3. Sarbakan-Support

    Sarbakan-Support

    Joined:
    Aug 27, 2014
    Posts:
    5
    Thanks @marc_tanenbaum

    I have In App Purchases On, is this what's calling the URL?

    I even received a security warning from them because those sites are using an old protocol.

    Server Supports Insecure TLS 1.0
    Affected Components0 fixed out of 2

    The following SSL/TLS servers accessed by the App at runtime have enabled the TLS 1.0 protocol:

    • NEW
    https://config.uca.cloud.unity3d.com/

    • NEW
    https://cdp.cloud.unity3d.com/

    Description

    TLS 1.0 is a legacy protocol, which has been found to be vulnerable to numerous attacks since it was released.

    Such attacks include the POODLE vulnerability, which was discovered in 2014 by the Google security team, as well as other flaws affecting both on the protocol's key exchange mechanism and on the encryption schemes it supports.

    A summary of most of the vulnerabilities the TLS 1.0 protocol is vulnerable to is available in RFC 7457.

    Most mobile Apps would usually negotiate a stronger version of the protocol (such as TLS 1.2), making this issue difficult to exploit in the context of a an App. However, specific browsers (such as Firefox) accessing the vulnerable endpoints may be exposed through protocol downgrade attacks.

    Lastly, TLS v1.0 is no longer acceptable for PCI compliance due to the vulnerabilities mentioned above (such as POODLE), as stated in Appendix A2 of the PCI DSS Requirements:

    "After June 30, 2018, all entities must have stopped use of SSL/early TLS as a security control, and use only secure versions of the protocol"
     
  4. marc_tanenbaum

    marc_tanenbaum

    Unity Technologies

    Joined:
    Oct 22, 2014
    Posts:
    325
    Yes, use of IAP will definitely cause those events to fire.

    May I ask which version of Unity you're using? TLS has been updated, but only from 2018.2 forward for now. It's not yet clear when we can expect backporting to earlier versions.
     
  5. Sarbakan-Support

    Sarbakan-Support

    Joined:
    Aug 27, 2014
    Posts:
    5
    Hummm yes we are using 2018.1. We are pretty close to the release of our game, so it's kind of scary to update right now. Thanks for the answer, I will check what I can do.
     
  6. marc_tanenbaum

    marc_tanenbaum

    Unity Technologies

    Joined:
    Oct 22, 2014
    Posts:
    325
    @Sarbakan-Support ... one of my engineers has an idea for a possible workaround. We're not entirely sure.

    Would you be willing to open a support ticket? Reference this thread and drop my name in. I'll hook you up with the engineer and let's see if we can get you sorted.
     
    technicat likes this.