Hacker News new | past | comments | ask | show | jobs | submit login
Contact tracing app vetted by Apple found to share data with Foursquare/Google (appleinsider.com)
29 points by clairity 10 days ago | hide | past | web | favorite | 4 comments





They buried the lede here:

> While Care19 does not rely on the recently released Apple-Google Exposure Notification API, Apple was involved in the vetting of the app

The way the article was written, it seemed like the app was using the Exposure Notification API but doesn’t say it wasn’t until half way through, and then says that the app was “vetted” by Apple.

Well, all apps are vetted by Apple, that’s how the iOS App Store process works. The article (and the Washington Post article this is based on) really don’t give details about how involved Apple was, making me believe that this was likely treated as a normal app and was vetted as a normal app.

In other words, I get the frustration with the app sending data to places it shouldn’t like FourSquare, which is pretty irresponsible for an app that’s supposed to be just for contact tracing, but I don’t really see how Apple is part of the problem.


>Well, all apps are vetted by Apple

And as such, Apple is responsible for it existing in their store.

>making me believe that this was likely treated as a normal app and was vetted as a normal app.

You'd think with the privacy issues surrounding contact tracing apps, they would have taken a closer look. Seems negligent not to.

How does Apple get away with both the accolades when it keeps a 'curated walled garden' that's supposed to protect users from themselves, as i've seen quoted many times on hn, yet they get a pass when they end up allowing things users would be upset about and well it's not their fault?

It can't be both ways. If they advertise a safe curated garden, then they do.have responsibility when.something slips through.


> You'd think with the privacy issues surrounding contact tracing apps, they would have taken a closer look. Seems negligent not to.

I don't think if this is a good argument, though. Apple is pushing governments that want a contact tracing app to use their Exposure Notification API, which has strong privacy maintaining limitations - for example, it's decentralized, on the phone. In fact, Apple specifically designates contact tracing apps as ones approved and using the Exposure Notification API[1]. The apps that don't use this API are limited - specifically, they can't keep Bluetooth on in the background (meaning, when the phone is locked).

> How does Apple get away with both the accolades when it keeps a 'curated walled garden' ... yet they get a pass when they end up allowing things users would be upset about?

In general, the "accolades" are with respect to how the phone treats apps, as well as in comparison to Google's Play Store. Apple is much more strict in their review process than Google, so blatantly malicious things like malware don't get through.

In this specific case, without more details I do believe that Apple treated the app as a "normal app", as it didn't use the Exposure Notification API, and what is meant by "vetted" here is that it was reviewed using the normal app review process. If that's not the case I would agree Apple has some culpability but without those details and thus assuming that this app was not treated specially, I don't think Apple is at fault here. If this had happened with an app using the API this would have been a much bigger news story as it would have shown that the review process for the contact tracing apps is very poor since contact tracing apps are specifically forbidden from both getting location data, which this article is talking about.

1: https://developer.apple.com/contact/request/download/Exposur...


Had the same reaction. Originally when I was first reading this article, I thought this app was using Apple's API and Apple thought it was okay for the app to be sending data to third parties. But like you said halfway through the article you read that they don't use their API.

The clickbait is real.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: