Apple Hearing Study Bug Results in Accidental Historical Data Collection From Participants

[MacRumors]

Apple device owners who participated in the Apple Hearing Study that Apple is conducting with the University of Michigan School of Public Health are today receiving emails letting them know about a bug that resulted in excess data collection.

Those who enrolled in the study consented to allow Apple and researchers to collect headphone sound level, environmental sound level, heart rate, and workout data types. The data is used to help researchers better understand the link between long-term sound exposure and the impact on hearing health.

According to the email participants are receiving, a bug in the study caused up to 30 days worth of historical data to be collected. Data collection did not fall outside of what was consented to when participants signed up, but the sign up form did not mention the collection of historical data.

Thank you for your participation in the Apple Hearing Study. When you enrolled in the study, you provided consent to collect certain headphone sound level, environmental sound level, heart rate, and workout data types during the enrollment process. This data is collected to help researchers, listed in the consent form, understand the link between long-term sound exposure and its impact on hearing health. We recently learned that due to a bug, after study enrollment, the Apple Hearing Study unintentionally collected up to 30 days of historical data for these authorized data types. The study only collected data after your consent was obtained. However, the study consent form does not state that historical data will be collected.

The bug has now been fixed with a study app update and historical data received to date have been deleted. We remain committed to your privacy and will continue to monitor for and delete any additional historical data if received until you update your Apple Research app. Please update your Apple Research app to the latest version here, to receive the fix.

At no time did Apple have access to information collected from the Apple Research app that could directly identify you. Please refer to the study informed consent form for additional details on the data that is being collected, how your data is stored, and who your data might be shared with for the purposes of the study.

Richard Neitzel, the principal investigator in the study, says that Apple did not have access to information collected from the Apple Research app that could be used for identification purposes.

The bug has been addressed with an update to the Apple Research app and historical data received to data has been deleted. To ensure no further historical data collection, participants are being asked to update their Apple Research apps.

Article Link: Apple Hearing Study Bug Results in Accidental Historical Data Collection From Participants

 

[Mansu944]

Well, doesn't seem to serious, but I am glad they told us.

 

[Realityck]

Yes very forthcoming with reporting bug and its remediation.

 

[Analog Kid]

I agree it's refreshing for a company to be upfront and quickly resolve an issue, but Apple needs to be better than this. Bugs like this shouldn't happen, certainly not on anything that resembles a medical study.

 

[chipchen]

This sounds fine and dandy. Good response. EXCEPT the part about historical data... Now I'd like to know if they accidentally had access to historical data about headphone volume, etc... what other historical data do they collect on my device? If something as seemingly frivolous as headphone volume is kept, that means lots of other "historical data" may be collected. And if that's the case, other breaches in security (thinking Cambridge Analytica type issues here) may be harvesting that said data. Things like historical data of keystrokes would be a nightmare.

 

[9927036]

This sounds fine and dandy. Good response. EXCEPT the part about historical data... Now I'd like to know if they accidentally had access to historical data about headphone volume, etc... what other historical data do they collect on my device? If something as seemingly frivolous as headphone volume is kept, that means lots of other "historical data" may be collected. And if that's the case, other breaches in security (thinking Cambridge Analytica type issues here) may be harvesting that said data. Things like historical data of keystrokes would be a nightmare.

Exactly. The historical data did not come out of thin air. As always people give Apple a pass and say how concerned they are about our privacy. I hope someone is going to ask Apple how did they manage to collect historical data.

 

[mannyvel]

All that stuff is in the health app/healthkit, and is saved forever. You turned that on when you turned on ambient noise and sound level monitoring, and you can turn it off if you want.

Come on people. If you pretend that you care you should at least pretend to understand the basics of what you consented to.

 

[370zulu]

It is scary how much data about us on stored or collected by devices. Not just iPhones. When I see something like this, it makes me wonder how much of my life is really on my device.

 

[JosephAW]

Accidental right

 

[ghostface147]

My only issue is that each time I wipe my phone, for whatever reason, I have to start the program all over again and then the clock resets. Oh well.

 

[mannyvel]

My only issue is that each time I wipe my phone, for whatever reason, I have to start the program all over again and then the clock resets. Oh well.

You need to turn on iCloud Health (Settings-> iCloud -> Health). My data is around 300MB, and I have a couple of years of data in there.

 

[G725]

Why does it even log all this data by default? If it can upload historical data from before you did participate, it must also be logging a lot of other stuff forehanded.

 

[bobmans]

Why does it even log all this data by default? If it can upload historical data from before you did participate, it must also be logging a lot of other stuff forehanded.

Uhm, did you know there's a health app on your phone? What is a health app without data about your health?

 

[nitramluap]

Why does it even log all this data by default? If it can upload historical data from before you did participate, it must also be logging a lot of other stuff forehanded.

Um... so it can do 'smart' phone things. How is this not obvious to everyone after 13 years of using these things??

 

[ghostface147]

You need to turn on iCloud Health (Settings-> iCloud -> Health). My data is around 300MB, and I have a couple of years of data in there.

I have and it keeps my health data, but it doesn't do the research stuff.

 

[Apple Knowledge Navigator]

Cue the conspiracy/Big Brother theories in 3... 2...

 

[mannyvel]

I have and it keeps my health data, but it doesn't do the research stuff.

That's probably worth filing a bug over. Since they have your profile they should be linking your new profile to your old data.

 

[ZipZap]

Revisit the title of this thread. Arg

 

[azmscle]

This sounds fine and dandy. Good response. EXCEPT the part about historical data... Now I'd like to know if they accidentally had access to historical data about headphone volume, etc... what other historical data do they collect on my device? If something as seemingly frivolous as headphone volume is kept, that means lots of other "historical data" may be collected. And if that's the case, other breaches in security (thinking Cambridge Analytica type issues here) may be harvesting that said data. Things like historical data of keystrokes would be a nightmare.

It specifically states that the historical data was only collected on the authorized data types. But go on and keep fear mongering.

 

[truthertech]

I agree it's refreshing for a company to be upfront and quickly resolve an issue, but Apple needs to be better than this. Bugs like this shouldn't happen, certainly not on anything that resembles a medical study.

LOL: "Bugs like this shouldn't happen." Bugs are always going to happen for the foreseeable future, even major ones. This is an insignificant trivial issue that no one is going to care about.

 

[Rafagon]

How much money does the study pay? That's what I want to know.

 

[EricOSU]

Cue class action lawsuit in 3...2...1

 

[a2rael]

I really do wish you could delete the Health app. I know Europe seems to have a new law that states ANY app can be deleted from phones. Hopefully it passes.
The app continues to take in data even though I have it turned off. I use a different app for steps and running, and have Motion privacy turned OFF. However, every few days I check and my data, steps length and such are in the health app. I have to wipe it at least once a week. Why do they keep track when I set it to off?
Very shady of Apple. Can't they just do what they say they're going to do?

 

[anthonyjr]

Cue class action lawsuit in 3...2...1

I really can’t see a class action lawsuit after a study accidentally got a few extra weeks worth of environmental decibel readings, headphone volume settings, and heart rate data... All of which was all technically consented to - just maybe not “specifically” for the week prior to signing.

I’m kind of thankful that this bug came forward alongside data / a study that honestly isn’t very lucrative sounding in terms of data harvest. These aren’t deep-diving health statistics or additional data types that weren’t meant to be collected.

 

[montuori]

Accidental right

Yep. IRBs do not take kindly to PIs who intentionally don't follow protocols and HIPAA violations can result in fines that are not just slaps on the wrist. I think the good money is on this incident being accidental (not "accidental" with scare quotes) and they're speaking the truth when they say the data are anonymous.

I can understand the skepticism but sometimes a mistake is just a mistake.