QR code for settings - exclude google account settings

1. What is the problem? Be very detailed.
When I create a QR code to share my Collect settings I don't want to share my own sensitive data (i.e. my Google Account ID - I'm assuming that this wouldn't actually give access to my account as the password is not stored, it's been authenticated via Google?)

For example, if my 'source' device for the QR code has server settings for Central/ Aggregate and Google Sheets, does that mean that the 'receiving' devices will then have the Google account included even if ODK is set to use Aggregate/Central? If I don't want to share my Google ID, is there a [simple] way of removing that key?

2. What app or server are you using and on what device and operating system? Include version numbers.
Collect 1.28.2
3. What you have you tried to fix the problem?

I think that all the keys shown at https://docs.getodk.org/collect-import-export/#making-your-own-qr-code are included / populated?

Based on that web page I think it is: "selected_google_account": String,

It might be beyond this forum to provide a tutorial how to do this, but reverse 'engineering' what the docs page says, I think I might need to...

Decompress the text from the QR code using zlib (nice simple statement, hiding a multitude of sins!)

Edit the JSON object (remove the String from the above key)

Compress the edited JSON using zlib (more hidden sins in that one!)

Create a new QR code (Oh, I know how to do that!)

So, I got as far as creating a [compressed?] text string of the QR code using my standard QR scanner. How do I decompress that string using Windows 10 and turn it into a JSON object?

What interface / libraries do I need and can I access them without furkling down the back of my hard drive or CPU?

4. What steps can we take to reproduce the problem?

Create a QR code and see if it includes the google account id (but you'd need to be able to interpret the compressed text!) Currently I'm stuck at [de]Compress it using zlib.

5. Anything else we should know or have? If you have a test form or screenshots or logs, attach below.

If this were a feature request, I would add that it would be nice to be able to select which account settings to include in the QR code, to save needing to edit the QR code externally.

Hi @seewhy
I assume that devices that will scan your qr code don't use your google account that's why you want to protect it. In that case you are safe because even if the qr code contains your google account name it will be ignored after scanning.

Hi @Grzesiek2010,
Thanks for your reply. Exactly right - I am usually setting up the phones of other people (rather than having dedicated devices that I control with the same google account) - often remotely, which is why a QR code is really useful rather than long complicated set up instructions.

So I don't want the account to be transferred or even recorded on their phone. It sounds good that it is ignored - but that begs a further question of why it is included if it will be ignored?

Surely if someone installs ODK and hasn't authorised their google account to use Drive as a submission method / 'server', then that field will be empty in their settings... So I would assume it would then populate that field? It sounds like that's not how it works. But if I set up a dedicated account, does that mean I can't share its details via QR code (accepting that it would need to be authorised separately) - this is more hypothetical for others, rather than my own use case!

I just checked on an old phone (so 'old' that it only installed 1.25, so no QR scanning - Android 4.1) - even though that phone is registered to my account when I checked the ODK server settings for Drive it was empty. What I can't test is whether it imports the Google account in this case.

Sorry I think I sound really paranoid, actually I'm not wanting to complicate things for other people I work with, or share something inadvertently!

The selected_google_account is only populated in settings and thus only part of a QR code if you explicitly select an account in Collect settings. That is, just because your device is connected to your Google account doesn't mean that Collect knows anything about it.

If you have selected a Google account in server settings, it is included in the QR code and there's no easy way to change that. What I'd do is reset the settings for my source device by going to Admin Settings > Reset application... and then selecting at least All Settings. Then I'd set all the preferences that I want my target devices to have knowing that I'm working off a clean slate. Then you can configure your Google Drive account again later if you need it. I believe that all other settings can be cleared through the settings UI and it would certainly be convenient if selected Google account could also be cleared selectively rather than having to do a full setting reset.

One of the areas we'd really like to make progress on in Collect is "client multi-tenancy" where multiple projects can be configured at the same time on a device. https://github.com/getodk/collect/projects/6#column-9704375 I think this would help you.

1 Like

Hi @LN,
As usual you go the extra 3 miles to explain what goes on under the bonnet / hood! Thank you, really helpful.

There is a nuance that you picked up - as did @Grzesiek2010 I realise (but he forgot who he was answering so left out the detail :slight_smile:) , which is that the QR code ONLY includes the settings for the CURRENTLY SELECTED server type. And to be fair the docs do almost say that, but for a paranoid pedant, it doesn't quite explain that it will drop / not include the other server type. The confusion (for me) comes when looking at how to make your own QR code, when you see the keys that are included - so it looks like this might be what the QR code contains (in my case the ODK server and Google Account being non-default values).

Can I make a suggestion to adapt the wording of the docs (https://docs.getodk.org/collect-import-export/) to help others:

QR codes generated by Collect only contain settings with non-default values. When a code is scanned in, settings not explicitly included in the code are reset to their default values.

Suggested change:
The QR codes generated by Collect contain the currently selected server type only and discard the other type. For Google Drive/ Sheets, the Google account name is only included if this is the current server type and Collect is not automatically authorised to use this account.
These QR codes also only contain settings with non-default values. When a code is scanned, settings not explicitly included in the code are reset to their default values.
Your tip is really valuable too - I hadn't thought of this as an approach and would be really useful advice within the Docs... here's a bit of text based on your description, if that is useful, for a starting point (edit as you feel appropriate):

To generate a QR code for a specific set-up or project, first reset the Collect settings on the source device. This will remove interface preferences and any server settings (be sure you know the server URL and password before you do this).

  • Go to Admin settings > Reset application*
  • Select ‘All Settings’ from the list (do not select other options unless you really need to delete them - they are not included in the QR code)*
    This gives the source device a clean slate to set up for the target devices – allowing you to set preferences for form behaviour and metadata as well as the required server type, URL and password or Google account name.

And finally, client multi-tenancy sounds really useful in my own situation (sound like living in a block of flats!).

Thanks - as always much appreciate the help here.