Why does EVA need my Frontier account details?
Posted by Jim Keir on 11 August 2016 11:02 AM

EVA works, as do many of the third-party Elite:Dangerous tools, using Frontier's "Companion App" web interface. This was originally designed for Frontier's own iOS companion app. To use this interface, you need to tell Frontier's servers who you are so that they can send back the right CMDR data; to do this, you must log in using your Frontier account.

So how do you know you can trust EVA with your account details?

The "Marketing" Answer

EVA does not use your Frontier account details for any purpose except logging in to Frontier's servers. Specifically, your email address is not transmitted outside the app at any time, except to Frontier Developments over an encrypted channel. Your password will be stored using the secure storage facilities provided by either iOS or Android, if and only if you request it to be stored using EVA's settings.

You can choose to use EVA without providing any account details at all, but you will be limited to using it as a trade computer. In other words, if you choose not to tell Frontier's servers who you are, they will not be able to give you any information back.

The "Practical" Answer

The only way to be absolutely 100% certain that a piece of software is not doing things you don't want is to only use software you downloaded from inside your own skull on a computer which has never been connected to any outside source whatsoever. This is true for all software, from all sources, and I know it's not reassuring.

Governments, banks, major corporations and even intelligence agencies have both software and servers hacked with regularity. Even on this level there is no 100% certain guarantee of safety. If you're asking how safe it is to use private account details in a third-party tool, you're right to do so.

So what can I say to reassure you?

Ask yourself what "the thief" would stand to gain from stealing your Elite login. There's no credit card details stored at Frontier, and if someone else were to start playing with your account you would see very quickly that your game details had changed, contact Frontier to report the theft, and change the password back.

Ask yourself what "the thief" would stand to lose, if caught. EVA is only available through the Apple App Store and Google Play Store. Both of these require a full registration, including postal address. Apple requires business details to be validated too. If EVA were found to be stealing account details deliberately, it would be the work of minutes for investigators to find me. EVA is written by a registered software development company, with interests in other areas beyond Elite:Dangerous, including contract development within the games industry; I would stand to lose my reputation, company and livelihood. EVA is a paid-for application; this means that both Apple and Google have my company bank details too. Between Apple, Google, the UK government, Companies House, HMRC and the bank, someone somewhere would be able to track me down quickly enough if EVA were doing anything illegal.

Ask yourself if you would take that kind of risk, for that level of reward, if you were in my position.


Help Desk Software by Kayako Fusion