Hacker News new | past | comments | ask | show | jobs | submit login

This is the other side of the coin regarding the debate of whether Apple should build its own first party versions of these kinds of apps.

When Apple announced period tracking in its Health app, there was another round of articles of how Apple eats its own from the app store.

I mostly agree that it's problematic that Apple runs the App Store AND competes with other apps on it. But we have to take this sort of thing into consideration too.

But we have found again and again, that these third party apps have absolutely no data protections and will happily sell your data to other entities.

So if you want to track your period (and other such sensitive data) and not have your sex life sold to everyone, use the first party app. Even Apple can't see your data.

There's nothing stopping Apple (or any other app store vendor) from creating a middle ground, by requiring third parties to agree in advance to a strong set of data-handling and privacy rules in order to sell apps in their store. They could even periodically audit those third-party products; failure to live up to the terms the third party agreed to when they published the app would be pretty solid grounds for kicking them out of the store.

That stuff would cut into the planet-size hoard of profit Apple makes off the app store, though, so I wouldn't hold my breath.

Sure there is.

There are dozens of times when app developers say "oops" during a data sharing leak, either because they want to fake not having known that they were sharing data, or (probably more likely) they were using an SDK that itself was leaking tons of data that they didn't know they were signing up for.

Apple closes loopholes, the press cries about App Store dominance, app developers cry out, new rules are put in, and then they circumvent those rules. Rinse and repeat.

It would also be nearly impossible to enforce. How would Apple be able to verify that a company is complying with these terms? I don't think many companies would be happy to let Apple poke around in their backend, just as I don't think Apple wants to spend the resources to do that.

Edit: "impossible" -> "nearly impossible"

Write in compliance requirements with provisions for regular third party audits.

If personal data companies don’t start regulating themselves they will get it forced on them by the government. Financial, medical, and defense companies already do it.

> requiring third parties to agree in advance to a strong set of data-handling and privacy rules

Aka the Facebook model.. tldr: "developer, click here to promise to behave". Aka the "click here if you are 18 or older" model. Thanks Zuck, for giving us Cambridge Analytica.

What a bunch of effing liars. "We promise we keep your data secure" is yet another meaningless statement...

It sounds like we need something like Europe's GDPR. Of course, we'll never get that in America because it's anti-business.

I don't think the GDPR is anti-business at all. It's just pro-consumer. If your business model depends on playing loose with customer data, then that's a huge red flag about what you're doing anyway.

I try to shy away from blanket statements but this seems like a pretty good one :P

It's anti-businesses that have business models that depend on playing loose with customer data. For the pro-business people, they don't like that, because anything that's against just about any business is bad in their eyes; the only thing that's important to them is profit.

Or Apple can earn the 30% fee and simply prevent this behaviour during app submission.

Except the fee is charged from app developers, and in this case, supposedly 'earned' for the benefit of usrs.

...by blocking usage of Facebook SDKs? People would lose their minds!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact