Last updated on August 3rd, 2023 at 11:13 am
Raivo OTP is a popular free and open source authenticator app for iOS that is well-respected in the privacy community. However, in a surprise announcement on Monday, Raivo declared it had been acquired by a little known app development company called Mobime.
While Raivo’s announcement claimed “nothing will change for you, except for more support and development on the Raivo ecosystem,” users had concerns. For example, About Privacy asked, “Why? What will be their revenue model?” Unfortunately, Raivo did not respond.
A new privacy policy?
Raivo OTP’s App Store page now lists Mobime as its developer and links to Mobime’s privacy policy instead of Raivo’s old one. Unfortunately, the new policy does not appear to be privacy friendly.
The very first sentence states, “Mobime SARL built the Mobime app as an Ad Supported app,” suggesting that Raivo’s new owners may display ads in the authenticator.
The new policy also states “third parties have access to your Personal Information” and lists AdMob and Facebook as examples of two such third parties. The old policy, however, assures users that third parties do not have access to their information and lacks any mention of AdMob and Facebook.
Raivo’s creator responds
The creator of Raivo OTP, Tijme Gommers, today responded to a thread on GitHub discussing users’ concerns over the acquisition. He explained that Raivo’s license and privacy policies “will remain the same (apart from my name being replaced by Mobime) and are still applied to all Raivo services. That does not change with the acquisition, nor has Mobime the intention to change them in the near future.”
However, this does not explain why Mobime’s privacy policy is linked to from Raivo’s app store page instead of the original. It’s possible this is just an oversight caused by the speed of the transition which Gommers said caught him “off guard,” but neither Gommers nor Mobime have addressed the issue directly.
Additionally, Gommers’ claim that Mobime won’t change Raivo’s privacy policy “in the near future” raises concerns about the company’s longer-term goals for the app.
The takeaway
Raivo’s acquisition by Mobime raises privacy concerns about the popular authenticator. Hopefully Gommers and Mobime will soon address these concerns more fully.
Safe Not Scammed reached out to both Gommers and Mobime for comment but did not receive a response.
Update July 30th 11:00pm: Gommers made an additional comment on the GitHub thread discussing Raivo’s acquisition. He stated “The privacy policy and license linked in the App Store seem to be wrong. I think it changed unintentionally and automatically during the app transfer. It will be set to the correct privacy policy and license as currently included in the GitHub repository.” He also said he wanted “to invite Mobime to this discussion so that they can share their background, vision and motivation.” However, Mobime has not yet joined the conversation. Let’s hope they do so soon.
Update August 3rd 11:15am: Gommers responded to the GitHub thread, indicating that he “pinged Mobime” to make sure they were aware of the discussion. He explained, “given the takeover is now complete and Mobime is responsible, it’s best for Mobime to give an introduction and to share their vision for the future.” He acknowledged users’ concerns “regarding features or possible monetization of Raivo” and again noted that “Mobime does not intend to make any major changes in the near future.” However, he added, “as you understand, now that they are the owner, they can decide on the roadmap.” Given Mobime’s continued lack of response, this is concerning.