Raivo Acquisition Raises Privacy Concerns

Last updated on August 3rd, 2023 at 11:13 am

A yellow stylized spying eye with a cross over it sits above the text "New Owner". To the right is a stylized laptop and phone, symbolizing 2FA.
Image made by Safe Not Scammed using Canva.

Raivo OTP is a popular free and open source authenticator app for iOS that is well-respected in the privacy community. However, in a surprise announcement on Monday, Raivo declared it had been acquired by a little known app development company called Mobime. 

While Raivo’s announcement claimed “nothing will change for you, except for more support and development on the Raivo ecosystem,” users had concerns. For example, About Privacy asked, “Why? What will be their revenue model?” Unfortunately, Raivo did not respond.

A new privacy policy?

App Privacy
The developer, Mobime, indicated that the app's privacy practices may include handling of data as described below. For more information, see the developer's privacy policy https://mobime.org/privacy
The link to Raivo’s privacy policy now goes to Mobime’s policy. Screenshot from Raivo’s App Store page.

Raivo OTP’s App Store page now lists Mobime as its developer and links to Mobime’s privacy policy instead of Raivo’s old one. Unfortunately, the new policy does not appear to be privacy friendly.

The very first sentence states, “Mobime SARL built the Mobime app as an Ad Supported app,” suggesting that Raivo’s new owners may display ads in the authenticator.

The new policy also states “third parties have access to your Personal Information” and lists AdMob and Facebook as examples of two such third parties. The old policy, however, assures users that third parties do not have access to their information and lacks any mention of AdMob and Facebook.

Raivo’s creator responds

The creator of Raivo OTP, Tijme Gommers, today responded to a thread on GitHub discussing users’ concerns over the acquisition. He explained that Raivo’s license and privacy policies “will remain the same (apart from my name being replaced by Mobime) and are still applied to all Raivo services. That does not change with the acquisition, nor has Mobime the intention to change them in the near future.”

Hello everyone,

I'm hoping to address the privacy concerns here. The LICENSE.md and PRIVACY POLICY.md will remain the same (apart from my name being replaced by Mobime) and are still applied to all Raivo services. That does not change with the acquisition, nor has Mobime the intention to change them in the near future. Mobime is an app development company. Thus, they also develop other apps, and they have the right to apply another license or privacy policy to those apps.

Additionally, I just want to say that Raivo has been a hobby project of mine. If I do not respond for a few days, please take this into account. I'm trying to do my best to make it a smooth transition. Yet, I got caught of gaurd by the fast transfer from Apple's side. I initially thought this would take weeks or months, but instead it was done in a single click.
Screenshot of Gommers’ response on GitHub. Source: GitHub.

However, this does not explain why Mobime’s privacy policy is linked to from Raivo’s app store page instead of the original. It’s possible this is just an oversight caused by the speed of the transition which Gommers said caught him “off guard,” but neither Gommers nor Mobime have addressed the issue directly.

Additionally, Gommers’ claim that Mobime won’t change Raivo’s privacy policy “in the near future” raises concerns about the company’s longer-term goals for the app.

The takeaway

Raivo’s acquisition by Mobime raises privacy concerns about the popular authenticator. Hopefully Gommers and Mobime will soon address these concerns more fully.

Safe Not Scammed reached out to both Gommers and Mobime for comment but did not receive a response.

Update July 30th 11:00pm: Gommers made an additional comment on the GitHub thread discussing Raivo’s acquisition. He stated “The privacy policy and license linked in the App Store seem to be wrong. I think it changed unintentionally and automatically during the app transfer. It will be set to the correct privacy policy and license as currently included in the GitHub repository.He also said he wanted “to invite Mobime to this discussion so that they can share their background, vision and motivation.” However, Mobime has not yet joined the conversation. Let’s hope they do so soon.

Update August 3rd 11:15am: Gommers responded to the GitHub thread, indicating that he “pinged Mobime” to make sure they were aware of the discussion. He explained, “given the takeover is now complete and Mobime is responsible, it’s best for Mobime to give an introduction and to share their vision for the future.” He acknowledged users’ concerns “regarding features or possible monetization of Raivo” and again noted that “Mobime does not intend to make any major changes in the near future.” However, he added, “as you understand, now that they are the owner, they can decide on the roadmap.Given Mobime’s continued lack of response, this is concerning.

Leave a Comment

Your email address will not be published. Required fields are marked *