Privacy Policy
Developer: ubi.jp
1. Overview
This Privacy Policy describes how SimpleHttpServer (“the App”) handles information. By using the App, you agree to the terms described here.
2. Information We Collect
The App does not collect, store, or transmit any personal information.
The App accesses the following information on your device solely to provide its functionality:
| Information | Purpose | Transmitted externally? |
|---|---|---|
| Network information (IP address, etc.) | Display the server’s bind address | No |
| Files and media | Serve files in the user-selected folders over HTTP | No (local network only) |
| Uploaded files (only when uploads are enabled) | Store files sent by clients on the local network into a user-selected folder you have granted write access to | No (saved locally on this device) |
| Access logs | Displayed temporarily in the in-app LOG tab | No |
| mDNS service advertisement | Announce the server on the local network so other devices can discover it automatically | No (local network only) |
Access logs are held in memory only and are discarded when the App is closed. The App itself persists no data to device storage other than files that other devices upload to a folder you have shared for writing — and only when you have turned uploads on (uploads are off by default).
3. Permissions Used
| Permission | Purpose |
|---|---|
INTERNET |
Accept HTTP requests as a server |
ACCESS_NETWORK_STATE |
Obtain the IP address of the active network interface |
READ_EXTERNAL_STORAGE (API ≤ 32) |
Read media files via MediaStore |
READ_MEDIA_IMAGES / VIDEO / AUDIO (API ≥ 33) |
Read media files via MediaStore |
FOREGROUND_SERVICE |
Keep the server running in the background |
POST_NOTIFICATIONS |
Show a persistent notification while the server is running |
RECEIVE_BOOT_COMPLETED |
Auto-start on device boot (can be disabled in settings) |
These permissions are used exclusively to provide the HTTP server functionality.
4. Sharing of Information
The App does not share, sell, or disclose any user information to third parties.
The App contains none of the following:
- Advertising SDKs
- Analytics or crash-reporting SDKs (e.g., Firebase Analytics, Crashlytics)
- Social media integrations
- Any feature that sends data to external servers
5. File Sharing and Network Exposure
Files are served only when the user explicitly starts the server.
Default behavior: The Network Interface setting defaults to “Wi-Fi only”, which limits file delivery to the local Wi-Fi network and prevents exposure over mobile (cellular) data connections.
Important — changing the network setting: If the Network Interface setting is changed to “All networks”, the server will also listen on the mobile data interface, making files potentially accessible to any device that can reach the device’s mobile IP address. Users who change this setting must understand the associated risks.
Recommended configuration:
| Goal | Recommended setting |
|---|---|
| Share files on Wi-Fi only (default) | Network Interface → Wi-Fi only |
| Restrict to this device only | Network Interface → Localhost only |
| Restrict who can access files | Enable Digest Authentication and set a strong password |
The developer strongly recommends keeping the default “Wi-Fi only” setting and enabling Digest Authentication when sharing sensitive files.
Uploads (opt-in, off by default): The App can also receive files. When you turn on “Allow uploads” in Settings, clients on the network can upload files into folders for which you have granted write access; the files are saved on this device in the selected folder and are not transmitted anywhere else. Existing files are never overwritten — a name that already exists is saved under a new name. Because anyone who can reach the server can upload while this setting is on, only enable it on a trusted network and enable Digest Authentication to control who may write files.
6. Security
The App is designed for local-network file sharing. Please note the following:
- The Network Interface default is “Wi-Fi only” to minimise unintended exposure. Do not change it to “All networks” unless you understand the implications.
- Enable Digest Authentication to prevent unauthorised access, especially on shared or public Wi-Fi networks.
- Carefully choose which folders to expose; avoid sharing directories that contain sensitive personal data.
- File uploads are off by default. Only turn on “Allow uploads” on networks you trust, and enable Digest Authentication so that not just anyone on the network can write files to your device.
- By default the connection is plain HTTP and is not encrypted. You can turn on HTTPS in Settings to encrypt traffic with TLS. For this the App generates a self-signed certificate on your device; its private key is stored only in the App’s private storage, is excluded from backups, and is never transmitted off the device. Only the public certificate is served — over the running server (at
/.well-known/server-cert.crt) or via “Download certificate” — so you can trust it on a client. Because the certificate is self-signed, browsers show a one-time warning on a local network. - When the server is running on Wi-Fi, it advertises itself via mDNS (
_http._tcp, or_https._tcpwhen HTTPS is enabled) so that other devices on the same network can discover it automatically. This advertisement stops when the server is stopped. - The developer is not responsible for any unauthorised access or uploaded content resulting from the user’s network or authentication configuration.
7. Children’s Privacy
The App is not directed at children under the age of 13 and does not knowingly collect personal information from them.
8. Changes to This Policy
This Privacy Policy may be updated without prior notice. Continued use of the App after changes constitutes acceptance of the revised policy. The update history is available on the Google Play app page.
9. Contact
For questions about this Privacy Policy, please contact:
Email: app@ubi.jp