messenger and data protection?

Funny or not?

I was approached to install the messenger app on a phone and see what it does.

I have so far no compatible device to it. However, on this phone explore app is installed and paired with a 66i.

Nice: the phone has no phone number as it has no SIM. No problem, I gave it an other number, received the code there and it did work to set it up.

To my big surprise, not only all correspondence of the paired 66i is shown in the messenger, but also full correspondence of two other garmin accounts which are both in completely different accounts. One is a personal account  with a Mini and the other is delorme device residing in enterprise account.

All messages which are stored on the server and can be seen via explore website can be read with all details, thought they are not any more on the devices.

The delorme device is switched off and does no communication and still the messenger can read his correspondence from the server.

The only common thing is that they have been communicating in the past together.

Not really funny

  • Is the 66i already compatible with the messenger app or about which messenger are you talking? Is the correspondence of the 66i, mini and delorme shown on the messsenger or the messenger app? I think I have missunderstood something.

  • installed messenger app on the same phone as i paired with one of my 66i and explore app installed

    messenger shows me now the correspondence of the 66i , presumably somehow connected via explore app. I would say, well ok so far, the explore app is running, so this can be the reason

    but showing me the correspondence of a delorme device which is in an enterprise account, is switched off, but was sometimes in the past communicating with the 66i is quite heavy

    it can not be, that the messenger app will download all correspondence from the server of devices which explore app had communication at some time

    Te messenger app itself has no device connected to it, no hardware messenger arrived yet

  • Very strange and determined a serious violation of data protection guidelines?!

  • Btw: have you entered a fake phone number or did you use the phone number, which is perhaps connected in the accounts of your iR/delorme devices?

  • the phone number is used in inreach accounts, however just checked,

    the devices it is displaying use different number

  • Open a support ticket. If you are located in an area subject to GDPR and you believe this to be a violation, be sure to mention that. It will likely get Garmin's attention.

    Being in the US, I am unclear on just what kinds of information are covered by GDPR.

  • That's somewhat odd. I moved from a 66i to a Messenger and while explore.garmin.com shows both the old 66i traffic and the Messenger traffic, the Messenger app only shows the Messenger device traffic. It didn't pull older messages.

    However, this cross-integration seems consistent with Garmin's intent here. In the other thread, they were quoted saying that messaging will be seamlessly shared between Explore and Messenger. Even for the Messenger device (which is not supported by the Explore app, but is by explore.garmin.com).

    The oddity is that the authentication in the Messenger app is not password-based but purely based on verifying the phone number attached to the account. That probably makes sense to make it easy for people without a device to sign in for the group chat features, but for an existing Explore account, maybe that's too light.

    EDIT: I tried to log off of Messenger and was asked my password. I don't think I was the first time around - possibly because I was logged in the Explore app. I don't know.

    Not sure there is an actual privacy issue there (since you had to authenticate), but it's certainly worth reporting.

  • I filed the issue to support incl screenshots etc. we will se what they will investigate.

    Privacy issue is, that I did not have to authenticate at all and can read messages of devices in completely different professional account

  • Were you logged in in Explore with an account that had access to those messages?

  • certainly not.

    One explore app can not log into more accounts, can not see how this should be possible. I can log in one account only.

    One account in an enterprise account can not be accessed by other random account. Should this be possible, Garmin will need to close the business completely