By Tim Bray.
When you do a LifeSaver “Save” operation, your telephone-call and SMS logs are uploaded to Google App Engine’s data store, accessible at android-lifesaver.appspot.com if you’re signed in with the Google account from your phone.
You should be aware that this exposes you to risks and vulnerabilities; for example:
There could be bugs (in my code, in the open-source frameworks that it relies on, or in Google’s App Engine code) that allow people other than you to see your phone-call and SMS listings.
Since I operate the database, I could potentially peek in, retrieve, and make improper use of, your phone-call and SMS listings.
Someone who cracked my passwords or locked me in a basement could impersonate me and make improper use of your information.
A law-enforcement agency could demand that I produce your records for them.
In order to minimize the risks of these (or other) bad things happening, this database is programmed never to retain information for longer than two hours. To be more precise: Once every hour, a script is run which looks at every phone-call and SMS record and, if it’s older than one hour, deletes it.
There is one exception: I retain records of how many phone-call and SMS records have been uploaded and downloaded, and the number of unique users; but these are not associated with any user information.
Remember, though, there could be errors in the programming, and while the limited data retention does a pretty good job of reducing the risks listed above, it doesn’t reduce them to zero. If you’re worried about the risks of storing highly personal information on the Internet, you probably shouldn’t make use of the LifeSaver program.