Macro Dial is a tool to help edit and automatically change numbers from your address book according to some rules based on the way you want to call: IDD, calling card, corporate access number, without entering multiple entry in the phonebook.
This program is intended to be useful for
people who travel and need to dial the same number in diverse way, for example you dial +813 5555 5555 to call japan when you are in Hong kong, but 03 5555 5555 when you are in japan.
People who have access to IDD prefix code, or use carrier like softbank in japan that do not process the + as expected.
People who have corporate access number that require processing of the number to extract the right extension.
People using multiple calling card from different countries.
Goal of the design of the program
provide a full set of rules to make any generation of numbers possible.
be able to share the rules via the internet. They can be downloaded without compromising personal codes or PINs.
have a simple way to enter rules as well as a more advanced complete mode.
when you start the program a wizard will let you choose a few options or package of rules. Currently only for Japan Softbank or Hong Kong three, but you can download more from the web. If you have a code (from friends or from me) you can access rules specific to a company for example.
After you select a contact, you can choose the number and if you click on a rule (or macro) that rule will be applied to the number.
No number will ever be called without you pressing the call button, so you can review to make sure the number is correct.
To create a new rule you can simply edit the number in the Dial screen, and if a simple way to regenerate the number is detected the program will offer to save it as a new rules.
If you are a more advanced user you can design your rules from the edit macro function in the setting screen.
I recently saw a negative review on the App Store for ConnectStats warning users that ConnectStats is not a Garmin app and therefore people should avoid giving away login information in the app as the data may get stolen.
Keeping data secure both on your phone or online has been a key guiding principle in how I tried to implement the app. So while I understand the concern, I felt it was a bit unfair.
I have been careful to make sure the data isn’t shared and the passwords are never sent to me. I also made the app open source so that people can check for themselves what it is doing.
I felt it may be worth to write a bit of details on what is ConnectStats doing with your data and password, with link to the code. So people can either let me know if I miss something or feel better about using the app.
Your login information
Garmin Website service
The app can connect directly to the Garmin website to retrieve information. In order to do that it needs to have access and store your username and password. To do that it stores the password in the keychain of your phone and never locally in a way someone looking at the files saved from connectstats could retrieve. It then relies on the iPhone keychain mechanism which Apple can ensure is secure. The key file to look at to see how it’s done is GCAppPasswordManager.
Strava and Withings services
For the Strava and Withings service, the authentication process uses the OAuth 2.0 so the password is never even seen by ConnectStats. The library I use to manage the OAuth 2.0 is provided by Google , and you can see in the file used by connectstats how the tokens are retrieved from the keychain in this file for Strava for example via this call:
ConnectStats also maintains a service that can receive the fit file from the new Garmin Health API. In that case the the authentication is done via OAuth 1.0a. So the passwords are never seen by ConnectStats or its web server, but only tokens are exchanged with Garmin. These tokens are then saved into the keychain of your phone as well as on the database in the server. Note that the server is open sourced as well. While the server is open sourced, the configuration files containing the database passwords and other secret keys are only saved on the server and not in the code. The website is hosted on Godaddy, a reputable company, and I rely on their security to make sure the access to the website is secured.
Your Activities Data
On the phone
Your activity data is kept on the phone and stored locally. So it will be as secure as you keep your phone. You can also see that if you try to run the app in airplane mode all the browsing of statistics and downloaded data will work. Of course you need a connection to download new data…
On connectstats server
With the new Garmin Health API service, ConnectStats needs to maintain a database in a server containing your activities. This is the case if you choose in the app Garmin as a service and source to be All or ConnectStats. If you choose Garmin WebSite only then the data will be accessed directly from the Garmin servers. Note that this is not the officially supported method from Garmin, can and has been subject to outage in the past due to undocumented changes to their website.
If the data is stored on the ConnectStats server, the access to that data is done via an OAuth 1.0 process. Both the app and the server keep a secret token, and use that to do the authentication. The tokens are provided by Garmin, so in order to access your data you will need to do a successful login on the Garmin service and obtain the token this way.
ConnectStats does not maintain any types of user name or its own passwords/user system, which means the data stored on the server can not be traced back to you. Everything is linked and identified by the sha1 hash tokens obtained by Garmin, which look something like this aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d.
The only person with access to the database with your data is myself, and no one else helps me or has access to the login information. If that ever changes, I’ll make sure to talk about it in this blog.
Note that if you use the source for Garmin data to be both the website AND connectstats service (what I recommend), you will need to enter your login details in the app (as in the Garmin website section), but that data will stay on your phone in your keychain. It will never be uploaded to the connectstats server. So on the server it will still be impossible to link the data saved in the database to your Garmin user account, email or username as well.
When you send a bug report, this will send the log information, which will look something like the below. This is mostly information that helps me see what has happened and try to understand the problems. You can see in the code everything that is logged by looking for calls to the function RZLog. No sensitive information, like password is logged.
You can choose before sending a bug report to include activities. If this is selected in addition the log above, the internal database of activities saved on your phone is sent as well. This contains all the high level data (distance, heart rate, timings, etc) that allows reconstruction of the statistics page. In addition it will include all the details of the currently selected activity in the detail page (only one full detailed activity). These details contains all the gps points.
Because when you send a bug report, I ask for an email address so I can reply to you, in this case that data could be traced back to an individual with that email. But as mentioned before, I am the only one that receive that email or have access to the files where they are saved on my server. This by the way is the same server hosted by GoDaddy where I have host all the data for ConnectStats.
I hope this will relieve any concerns any one could have about privacy of their data in ConnectStats.
Happy to answer any more questions, and of course if anyone finds holes or gap in how I implemented ConnectStats, feel free to reach out either by comment below or via email or GitHub issue.