Privacy Policy
Last updated: May 9, 2026
Overview
OpenWrt Manager ("the App") is a local network management tool. We are committed to protecting your privacy. This policy explains what data the App handles and how it is stored.
Data Collection
By default, the App operates entirely within your local network and does not transmit any personal data off your device.
- No analytics or tracking SDKs are included (no Firebase, no Google Analytics, no Crashlytics).
- No user accounts or registration are required.
- No data is shared or sold to third parties.
- No advertising identifiers are read.
Two optional features — cloud push notifications and the OpenWrt-side notification agent — do upload a minimal, scoped data set to a backend we operate. Those flows are described in the Cloud Push (Optional) section below. Both are off by default and can be turned off at any time.
Data Stored on Your Device
The following data is stored locally on your device only:
- Router address and connection settings — stored in SharedPreferences to allow quick reconnection.
- Router password — if you choose to save it, the password is stored in the platform's secure storage (iOS Keychain / Android Keystore). It is never transmitted anywhere other than directly to your router.
- Traffic history — hourly and daily bandwidth statistics are stored locally in SharedPreferences for display purposes.
- App preferences — theme mode, language, device nicknames, groups, and notification preferences.
- Notified MAC list — when "New device alerts" is enabled, a list of MAC addresses already alerted on is kept locally to avoid duplicate notifications.
Notifications (Local)
- The App can send you a local notification when a previously-unseen device joins your network. This feature is opt-in and can be toggled in Settings → Notifications.
- The first time you enable it, the system prompts you for notification permission. You may revoke this permission at any time from your device's system Settings.
- Notifications are generated entirely on your device by comparing the current device list with locally stored MAC addresses. No notification content or device information is sent to our servers or any third party in this mode.
Cloud Push (Optional)
If you want push notifications to arrive even when the App is closed (for example: an unknown device joins your home Wi-Fi while you are at work), you can enable cloud push. This adds a second delivery path on top of local notifications. It is off by default. Enabling it is a deliberate action: tapping the "New device alerts" toggle plus tapping "Install router agent" in Settings.
What gets uploaded, by whom, and to where
- The App sends our backend an APNs device token (an opaque identifier issued by Apple, scoped to this App on this device — not a tracking ID), your language preference (e.g.
en,zh), and a randomly generated device key + agent token. The agent token is the bearer credential the OpenWrt-side script will later use to authenticate. - The OpenWrt-side notification agent — installed onto your router only after you tap "Install router agent" — uses the agent token to send our backend a small JSON event each time a previously-unknown MAC address joins your local network:
mac,ip,hostname, and your chosen router label. No traffic content, no historical data, no logs. - The backend is a Cloudflare Worker we operate at openwrtpush.yzinf.com. It stores your registration in Cloudflare KV and uses Apple's APNs service to deliver the notification to your iPhone. No third party other than Cloudflare and Apple is involved, and we do not use any analytics SDK, ad SDK, or tracking SDK.
- Storage retention: registrations expire after 90 days of no re-registration. The backend also keeps a 30-minute deduplication cache so the same MAC isn't pushed repeatedly. Both are automatically purged.
- The notification body that Apple delivers to your phone contains the device's name and IP. We do not log notification deliveries on the backend.
How to disable / delete
- Disable in-app: Settings → Notifications → toggle "New device alerts" off. The App will call our backend to remove your registration immediately.
- Disable on the router: Settings → Notifications → "Install router agent" again writes the latest config; conversely, the agent can be removed via SSH with
/etc/init.d/openwrt-manager-notify stop && rm /usr/bin/openwrt-manager-notify.sh /etc/init.d/openwrt-manager-notify. - Even after disabling locally, you may email us to request deletion of any residual registration tied to your APNs token.
Network Communication
- The App's primary communication is with your OpenWrt router on the local network via the ubus HTTP/JSON-RPC API.
- If HTTPS is available on your router, the App supports it to encrypt local network traffic.
- The only outbound internet connection the App makes is to openwrtpush.yzinf.com (our Cloudflare Worker), and only when you have opted in to cloud push (see Cloud Push (Optional)). All other features run entirely against your local router.
Password Security
- Your router password is used solely to authenticate with your OpenWrt device.
- Saved passwords use the OS secure storage mechanism, encrypted at rest.
- We recommend saving passwords only on personal devices. Anyone with physical access to your unlocked device may be able to connect to your router through the App.
Children's Privacy
The App is not directed at children under 13. We do not knowingly collect any information from children.
Changes to This Policy
We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated date.
Contact
If you have questions about this privacy policy, please visit the Support page.
隐私政策
最后更新:2026 年 5 月 9 日
概述
OpenWrt Manager(以下称"本应用")是一款本地网络管理工具。我们致力于保护您的隐私。本政策说明本应用如何处理和存储数据。
数据收集
默认情况下,本应用完全在您的本地网络内运行,不会向设备外传输任何个人数据。
- 不包含任何分析或追踪 SDK(没有 Firebase、没有 Google Analytics、没有 Crashlytics)。
- 无需用户注册或创建账户。
- 不与任何第三方共享或出售数据。
- 不读取任何广告标识符。
有两项可选功能——云端推送通知和OpenWrt 路由器侧通知代理——会向我们运营的后端上传少量、限定范围的数据。这两个功能默认关闭,详情见下方云端推送(可选)章节,可随时关闭。
存储在您设备上的数据
以下数据仅存储在您的设备本地:
- 路由器地址和连接设置——存储在 SharedPreferences 中,用于快速重连。
- 路由器密码——如果您选择保存密码,密码会存储在系统安全存储中(iOS Keychain / Android Keystore)。密码仅用于直接发送给您的路由器,不会传输到其他任何地方。
- 流量历史——按小时和按天的带宽统计数据存储在本地 SharedPreferences 中,用于图表展示。
- 应用偏好设置——主题模式、语言、设备备注名、分组及通知偏好。
- 已通知 MAC 列表——当启用"新设备告警"功能时,本应用会在本地保存已告警过的 MAC 地址列表,避免重复通知。
本地通知
- 本应用可以在新设备首次加入您的网络时发送本地通知。该功能默认关闭,可在「设置 → 通知」中开启。
- 第一次开启时,系统会请求通知权限。您可以随时在系统设置中撤销该权限。
- 本地通知完全在您的设备上生成——通过对比当前设备列表与本地保存的 MAC 地址。该模式下不会向我们的服务器或任何第三方发送通知内容或设备信息。
云端推送(可选)
如果您希望即使 App 已关闭也能收到推送(例如:陌生设备入网时您不在家),可以启用云端推送。这是叠加在本地通知之上的另一条投递路径。默认关闭。开启需要明确操作:点击「新设备告警」开关,然后点击「在路由器上安装 agent」。
上传哪些数据,谁上传,到哪里
- App 上传:Apple 颁发的 APNs 设备 token(限定本 App 在本设备上有效的不透明标识,非追踪 ID)、语言偏好(如
en、zh)、随机生成的 device key 和 agent token。Agent token 是后续路由器侧脚本用来鉴权的 bearer 凭据。 - 路由器侧 agent 上传(只在您点击「在路由器上安装 agent」之后才会装到路由器):每当一台之前未见过的 MAC加入本地网络时,用 agent token 鉴权,向后端发送一小段 JSON 事件——
mac、ip、hostname、您配置的路由器标签。不上传任何流量内容、历史数据或日志。 - 后端是我们在 Cloudflare 运营的 Worker,地址 openwrtpush.yzinf.com。注册信息存在 Cloudflare KV,推送通过 Apple APNs 服务下发到您的 iPhone。除了 Cloudflare 和 Apple,不涉及任何其他第三方,后端不引入任何分析、广告或追踪 SDK。
- 存储期:注册信息在 90 天内未续约会自动过期清理。后端另保留 30 分钟的去重缓存(防止同一 MAC 反复推送),同样自动过期。
- Apple 投递到您手机上的通知正文包含设备名和 IP。后端不记录通知投递日志。
如何关闭 / 删除
- App 端关闭:设置 → 通知 → 关闭「新设备告警」。App 会立即调后端清除您的注册。
- 路由器端清除 agent:可通过 SSH 执行
/etc/init.d/openwrt-manager-notify stop && rm /usr/bin/openwrt-manager-notify.sh /etc/init.d/openwrt-manager-notify。 - App 关闭之后如果想确认后端没有残留,可以邮件联系我们要求清除与您 APNs token 关联的注册数据。
网络通信
- 本应用主要的网络通信是与您的 OpenWrt 路由器在局域网内通过 ubus HTTP/JSON-RPC API 通信。
- 如果您的路由器支持 HTTPS,本应用支持使用 HTTPS 加密局域网通信。
- 本应用唯一的对外互联网连接是到 openwrtpush.yzinf.com(我们的 Cloudflare Worker),且仅在您启用云端推送后才发起(见云端推送(可选)章节)。其他所有功能完全在您的本地路由器上完成。
密码安全
- 您的路由器密码仅用于连接 OpenWrt 设备进行身份验证。
- 已保存的密码使用系统安全存储机制,静态加密保存。
- 建议仅在个人设备上保存密码。任何能物理访问您已解锁设备的人,都可能通过本应用连接到您的路由器。
儿童隐私
本应用不面向 13 岁以下儿童。我们不会有意收集儿童的任何信息。
政策变更
我们可能会不时更新本隐私政策。任何变更将在此页面上更新日期并反映。
联系我们
如对本隐私政策有疑问,请访问支持页面。