(MAUI) user.id is always set and can't remove it with SendDefaultPii or null

[lucas-zimerman]

Package

Sentry

.NET Flavor

.NET

.NET Version

9.0.4

OS

Android

OS Version

No response

Development Environment

Visual Studio v17.x

SDK Version

5.6.0

Self-Hosted Sentry Version

24.8.0

Workload Versions

A break change that I noticed from the Xamarin SDK to MAUI is that User.id is always set.

SendDefaultPii does nothing when set to false, it keeps sending this identifier, and there doesn't seems to be an easy way remove.

Even with

            SentrySdk.CaptureMessage("teste user id", scope =>
            {
                scope.User.Id = null;
            });

it still sends an event with an user.id

UseSentry or SentrySdk.Init call

        builder.UseSentry((option) =>
        {
            option.ReportAssembliesMode = ReportAssembliesMode.None;
            option.Dsn = EnvironmentConfig.SentryDsn;
            option.AutoSessionTracking = false;
            option.TracesSampleRate = 1.0;
            option.AddEventProcessor(new SentryEventProcessor());
            option.AddExceptionProcessor(new SentryExceptionProcessor());
            option.AddExceptionFilterForType<InvalidSessionException>();
            option.Environment = EnvironmentConfig.AppEnvironment.ToString();
            option.AttachScreenshot = true;
            option.SendDefaultPii = false;
            option.SetBeforeScreenshotCapture(BeforeScreenshotCapture);
            if (EnvironmentConfig.AppEnvironment == EAppEnvironment.Prod)
            {
                option.MaxBreadcrumbs = 50;
            }
#if DEBUG
            option.Debug = true;
#endif
        });

Steps to Reproduce

• Don't set user.id
  And one of the following options:
• 1. Set user.id as null on configure scope or inside the capture message scope.
• 2. Have SendDefaultPii as false.
• 3. Using

SentrySdk.ConfigureScope(scope =>
{
   scope.User = new SentryUser();
});

One of the above options should unset the user.id from any event.

Expected Result

user.id not set with installationID

Actual Result

events with user.id not set by the developer

[jamescrosswell]

@lucas-zimerman that was done intentionally in this PR:

• User ID is left blank on Android #3302
  • Set Scope.User.Id to the InstallationId by default #3425

From what I can tell, we do want to have some default value for the User.Id. This seems to be the case on iOS and Android, although I don't see any similar docs for PHP, Java or Python... so maybe it serves some special purpose on Mobile platforms.

@bruno-garcia if SendDefaultPii is false, should we leave the Id blank (same as we do for IpAddress and Username)?

sentry-dotnet/src/Sentry/Internal/Enricher.cs

Lines 86 to 95 in ee62bb9

	if (_options.SendDefaultPii)
	{
	if (_options.IsEnvironmentUser && !eventLike.HasUser())
	{
	eventLike.User.Username = Environment.UserName;
	}
	eventLike.User.IpAddress ??= DefaultIpAddress;
	}
	eventLike.User.Id ??= _options.InstallationId;

• I'm not sure if theInstallationId that we create is considered PII
• I'm also not sure if this would break any functionality on Mobile apps (they seem to rely on having a User.Id for some reason).

[lucas-zimerman]

Out of curiosity, why not set User.Id ??= _options.InstallationId at the global scope when initializing the app? This way users will have this info when not set and will also be able to remove it if not required

[jamescrosswell]

Hi @lucas-zimerman ,

So I checked with Bruno. We intentionally set User.Id to a non-null value so that Session health metrics work on Mobile platforms. The installationId is just a GUID that we generate, so nothing super sensitive (it just let's us distinguish sessions from different users).

We could, as you suggest, do this when initialising the global/root scope for the app though (rather than in an enricher) so that you could overwrite this if you didn't care about session health metrics and you were worried about sending this.

[lucas-zimerman]

On the app that I was looking, they are using manual session metrics, because they only want to monitor users after they login and when they logout, to stop the session manually, since it's an app for business, more than one person could be using the same app on the same session.

having the user.id set on the global scope would make it easier to clear it once and make it easier to actually know how many users are using the app, without counting the install ID

[bruno-garcia]

Note that we can use InstallationId on Sessions while not setting it on the user scope. Sessions is detatched from errors data.
Having the id set by default but allowing the users to reset to null on BeforeSend makes sense though

In fact, BeforeSend should be the last thing that touches the event before we send it, to allow the user to have a full picture of what's being sent. And allow the user to make the mutations they want

[lucas-zimerman]

SetBeforeSend is indeed a good option, but it also leaves native SDKs to set their Installaiton id that doesn't go towards C# BeforeSend

sentry.native.android.dotnet

sentry.java.android.dotnet

for .NET BeforeSend I just added a check to see if user.id has - and set it to null, but that logic wouldn't work for the native SDKs, if they even go towards .NET BeforeSend

hopefully I won't need this filter on discover to count users lol

!user.id:"*a*" !user.id:"*b*" !user.id:"*c*" !user.id:"*d*" !user.id:"*e*" !user.id:"*f*" 

Workaround

apply the following rule to Sentry.io
[Remove] [UUIDs] from [$user.id]