How to disable Unity analytics?

Hi,

My app is getting rejected by my client because there are calls to https://cdp.cloud.unity3d.com/v1/events and https://config.uca.cloud.unity3d.com/.
Since we are targeting young children, they are really careful about calls to external servers.
I disabled Unity HW stats, I disabled the Analytics in the Services menu but I still see those calls in Charles Proxy.
If I log into the Analytics services on Unity's website I see that it's activated, but it's not on anywhere in my game.
I am missing something?
I am using Unity 2018.2 pro by the way.

It looks like an old problem that was never answered.
https://answers.unity.com/questions/1514671/how-do-you-disable-unity-analytics-in-unity-pro.html

Thanks

 

Thanks @marc_tanenbaum

I have In App Purchases On, is this what's calling the URL?

I even received a security warning from them because those sites are using an old protocol.

Server Supports Insecure TLS 1.0
Affected Components0 fixed out of 2

The following SSL/TLS servers accessed by the App at runtime have enabled the TLS 1.0 protocol:

• NEW

https://config.uca.cloud.unity3d.com/

• NEW

https://cdp.cloud.unity3d.com/

Description

TLS 1.0 is a legacy protocol, which has been found to be vulnerable to numerous attacks since it was released.

Such attacks include the POODLE vulnerability, which was discovered in 2014 by the Google security team, as well as other flaws affecting both on the protocol's key exchange mechanism and on the encryption schemes it supports.

A summary of most of the vulnerabilities the TLS 1.0 protocol is vulnerable to is available in RFC 7457.

Most mobile Apps would usually negotiate a stronger version of the protocol (such as TLS 1.2), making this issue difficult to exploit in the context of a an App. However, specific browsers (such as Firefox) accessing the vulnerable endpoints may be exposed through protocol downgrade attacks.

Lastly, TLS v1.0 is no longer acceptable for PCI compliance due to the vulnerabilities mentioned above (such as POODLE), as stated in Appendix A2 of the PCI DSS Requirements:

"After June 30, 2018, all entities must have stopped use of SSL/early TLS as a security control, and use only secure versions of the protocol"

 

Hummm yes we are using 2018.1. We are pretty close to the release of our game, so it's kind of scary to update right now. Thanks for the answer, I will check what I can do.

 

Was wondering if there is resolution to this yet.
Unity 2018.3.1f1
No services enabled
disable HW statistics checked
everything possible removed from package manager. only textmeshpro enabled.
still getting calls to cdp.cloud.unity3d.com/v1/events resulting in application being rejected.

 

Please provide a Charles capture to see what service is sending the events. Also this post should help, you can disable Analytics at runtime with a few lines of code: https://forum.unity.com/threads/upd...emoving-games-from-store.558940/#post-4682123

 

Hi, I use a free tool called fiddler instead of charles. very much the same
Attached is the session archive. readable as ZIP, or change extension to .saz and open in fiddler.

If i am reading it correctly. the client is
UnityPlayer/2018.3.1f1 (UnityWebRequest/1.0, libcurl/7.52.0-DEV)

 

Hi
went through the provided list of "how to make it work in spite of unity, not because"

most was already done.
added the following code to my initial scene.

Code (CSharp):

1. private void Awake()
2.     {
3.         UnityEngine.Analytics.Analytics.enabled = false;
4.         UnityEngine.Analytics.Analytics.deviceStatsEnabled = false;
5.         UnityEngine.Analytics.Analytics.initializeOnStartup = false;
6.         UnityEngine.Analytics.Analytics.limitUserTracking = false;
7.         UnityEngine.Analytics.PerformanceReporting.enabled = false;
8.     }

on code execution, the following connections were made <attached file>
with the content of

{"prefs":{},"analytics":{"enabled":true},"connect":{"limit_user_tracking":false,"player_opted_out":false,"enabled":true},"performance":{"enabled":true}}

now, when you don't have analytics package in your project, that should be it.. no analytics means NO ANALYTICS!!

 

There is no user information sent in the request that you refer to. What am I looking for in the zip file, is this a Charles capture? If you don't have Analytics or any other services in your project, and have disabled HW Stats, you should see no Analytics calls.

 

EXACTLY my point.
please see previous post where I explained this was a fiddler capture, not charles. and how to interact with it.
You are correct, no user information is sent. however it still makes the connection to the analytics server, even when
1) analytics package is removed
2) HW statistics disabled
3) specific code to disable analytics set to run as soon as possible.

It does not matter that no information is sent (unity could change this at ANY TIME), it makes the connection, which is enough for google to flag it, and not something you CAN add to a privacy policy when you have no control over content.

 

Did you get rejected by Google over this? I personally have not heard of Google flagging this. They are concerned about privacy, not making general network calls which should be compliant, which is my understanding. Otherwise, you may have a valid point.