HackerTrans
TopNewTrendsCommentsPastAskShowJobs

throwawa86753

no profile record

comments

throwawa86753
·3 lata temu·discuss
preface: i don't have any receipts to physically prove this.

i worked at a large health co. that had a partnership with apple to publish an app (which apple wrote the code for, designed, etc.) under health co.'s name. the purpose of the partnership was to promote use of HealthKit on apple devices and increase sales/adoption.

much later, i took over technical ownership of the partnership and while i was getting up to speed, the value of the partnership didn't make much sense to me from apple's perspective -- it seemed to be incredibly beneficial to health co. and ostensibly not very much so for apple, health co. got a free, polished health app for its customers and apple got… not much of anything? a small boost in sales at most. yet, it was clear it was a priority for apple based on how they managed the partnership (very responsive, helpful, etc.).

suddenly, a few months after i got up to speed, apple informed health co. that they were terminating the relationship on a near future date (a couple months at most). this was surprising given the seeming importance of the partnership to apple in the past, and we weren't able to get convincing reasons as to why apple's attitude had changed.

but then, once it came time for apple to transfer ownership of the app to use, things got a bit odd.

* at first, they told us they'd be fine with handing over non-sensitive code and assets (e.g. removing apple internal libraries, etc.).

* then, they said instead of handing over code they'd do a technical overview of the architecture and the code but couldn't give us the physical code.

* then finally, they reversed course entirely and informed us it was impossible to de-instrument their sensitive "telemetry" from the code and couldn't share any information about the code with us at all (mind you, this was an app that was published by US that we were legally responsible for).

this led me to suppose that their code was doing something they didn't want us to see. given the purpose of the app, the most valuable, nefarious thing you could do was vacuum up massive amounts of user health data about all of health co.'s users -- not only that, but being able to do it at one step removed, not legally AS apple (not their app, after all).

this speculation was reinforced when i realized the date of termination of our partnership was one day prior to the change to the App Store's privacy disclosure guidelines -- they made one final update to the App Store (probably removing the telemetry, etc.) and didn't have to make a disclosure about data usage. any subsequent updates would have had to have made this disclosure.