Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I received this email and I am glad they were forthcoming about it. I feel confident that any information collected will not result in a breach any less than Facebook or any additional nefarious social platforms.
 
LOL: "Bugs like this shouldn't happen." Bugs are always going to happen for the foreseeable future, even major ones. This is an insignificant trivial issue that no one is going to care about.

Apple is building a lot of its reputation around its attention to privacy and security. We essentially take them at their word because trust is everything here. If this were Facebook, I and most others here would blow off the apology as more cynical corporate doublespeak. At some point there just isn’t much difference between incompetence and ill intent.

Apple’s success depends on getting this right. They should have processes and well tested frameworks to prevent this. Saying "bugs happen" lets them off too easy. Apple can’t make mistakes when it comes to privacy. They can’t make mistakes when it comes to their wearable health initiative. The bar needs to be higher than that. Mistakes in these areas need to be seen as the failures that they are.
 
Last edited:
  • Disagree
Reactions: paper cup
By signing up and agreeing I just assume there’s going to be bugs and things. Nothing is perfect.. if you don’t want possible mistakes or bugs, then don’t sign up.
 
  • Like
Reactions: KeithBN and DaveN
This sounds fine and dandy. Good response. EXCEPT the part about historical data... Now I'd like to know if they accidentally had access to historical data about headphone volume, etc... what other historical data do they collect on my device? If something as seemingly frivolous as headphone volume is kept, that means lots of other "historical data" may be collected. And if that's the case, other breaches in security (thinking Cambridge Analytica type issues here) may be harvesting that said data. Things like historical data of keystrokes would be a nightmare.
Everything you do on your device generates log files or "historical data".
Some of the items like ambient sound are recorded as part of health data.
In all cases the data is stored on the iPhone or in iCloud in encrypted formats to which Apple does no have the keys.

There's nothing surreptitious about this "historical data" it's all normal operation of the devices.
 
  • Like
Reactions: KeithBN and DaveN
I have and it keeps my health data, but it doesn't do the research stuff.
Have you tried backing up and restoring from an iTunes (well it's not in iTunes any more, it's in the finder but I still call it iTunes) encrypted backup instead of iCloud? Those appear to be a good way to copy literally everything over from one device to another, I almost have nothing to re-set-up after transferring to a new device that way. It's also pretty quick.

It's been 1/2 a decade since I was even able to back up even one of my devices to iCloud so I've been doing it this way because of that, however it does work pretty well in general.
 
I got the email earlier. I appreciate them being open. It’s not identifiable and they are correcting the problem from persisting. Class action lawsuits? Don’t be so dramatic.
 
  • Like
Reactions: KeithBN
I really can’t see a class action lawsuit after a study accidentally got a few extra weeks worth of environmental decibel readings, headphone volume settings, and heart rate data... All of which was all technically consented to - just maybe not “specifically” for the week prior to signing.

I’m kind of thankful that this bug came forward alongside data / a study that honestly isn’t very lucrative sounding in terms of data harvest. These aren’t deep-diving health statistics or additional data types that weren’t meant to be collected.
Come on, you know some POS ambulance chasing lawyer is going to find someone to start the case. Anytime Apple is involved some lawyer decides they can make a buck.
 
People talk a lot about HIPAA, but HIPAA actually gets in the way of better healthcare. Why? Because HIPAA makes it almost impossible to get useful health data.

With the right data we could see what treatments work, which don't work, and which are wastes of money, for every diagnosable condition for each age and ethnic group. Unfortunately, that data set is pretty much impossible to get in the US due to HIPAA. "Oh boy, I have an age bucket of 17-65. BFD." Anyone with a brain knows there's a difference between a 17 year old and a 55 year old.

I'm sure it's possible in other countries. It's technically possible to do in the US if you're an academic and have access to the various ACPDs, but most health researchers on the academic side have a surprising lack of imagination when it comes to health data. Maybe they're just intimidated by the size of the data set?

Anyway, enough random ranting about HIPAA. It's unclear if this is a real issue anyway, because the study is collecting data daily and storing it, and yesterday's data is technically "historical." So the fact that they might have been asking for that data again is more of a waste of bandwidth than a privacy issue.
 
  • Like
Reactions: KeithBN
I agree it's refreshing for a company to be upfront and quickly resolve an issue, but Apple needs to be better than this. Bugs like this shouldn't happen, certainly not on anything that resembles a medical study.

This sounds fine and dandy. Good response. EXCEPT the part about historical data... Now I'd like to know if they accidentally had access to historical data about headphone volume, etc... what other historical data do they collect on my device? If something as seemingly frivolous as headphone volume is kept, that means lots of other "historical data" may be collected. And if that's the case, other breaches in security (thinking Cambridge Analytica type issues here) may be harvesting that said data. Things like historical data of keystrokes would be a nightmare.

Exactly. The historical data did not come out of thin air. As always people give Apple a pass and say how concerned they are about our privacy. I hope someone is going to ask Apple how did they manage to collect historical data.

Why does it even log all this data by default? If it can upload historical data from before you did participate, it must also be logging a lot of other stuff forehanded.

Perhaps if you understood technologies, basic English or even just read the article you would know the answers to your questions and doubts.
 
  • Disagree
Reactions: 9927036
Perhaps if you understood technologies, basic English or even just read the article you would know the answers to your questions and doubts.
Keep in mind that we Live in a world where our government literally had to label a conspiracy theory started on message boards as an actual possible security threat, and where congress has literal conspiracy theorists in it.
People love thinking that Corporations and the government actually thinks they’re important.
Newsflash: they don’t
 
[...]Apple can’t make mistakes when it comes to privacy. They can’t make mistakes when it comes to their wearable health initiative. The bar needs to be higher than that. Mistakes in these areas need to be seen as the failures that they are.
Yes and no. G-d doesn't make mistakes, humans do. Companies run by humans make mistakes. Software developed by humans have bugs. Protocols have bugs and so on and so forth. (A mistake that is repeated is no longer called a bug, it's called a feature. /s) Repeating the same mistake over and over, would at least, give me pause, the company (meaning the humans running the company) are not incorporating past performance into future plans.
 
  • Like
Reactions: FCX
I imagine for a tech company when they discover this bug, they just either keep or delete the data and don't tell the user. "Why unnecessarily stress out the user?" "It will harm our brand image." I applaud Apple's approach in being upfront with the accidental data collection. They still took a more "We did this but it's ok because you said this" approach - probably not to get in the headlines or add stress to the user. Either way, I wish more tech companies were honest when they made mistakes, share steps they took to prevent the mistake reoccurring, and gave options to the user on how to remedy the mistake. "If you would like us to use this data in the research, please opt-in otherwise the data will be removed in 30 days..." Etc...

Just my thoughts,
 
I really can’t see a class action lawsuit after a study accidentally got a few extra weeks worth of environmental decibel readings, headphone volume settings, and heart rate data... All of which was all technically consented to - just maybe not “specifically” for the week prior to signing.

I’m kind of thankful that this bug came forward alongside data / a study that honestly isn’t very lucrative sounding in terms of data harvest. These aren’t deep-diving health statistics or additional data types that weren’t meant to be collected.

Can't put it past opportunistic "lawyers", but this is exactly why Apple was proactive and forthcoming about it.... to ensure that any legal action was protected against.
 
I really do wish you could delete the Health app. I know Europe seems to have a new law that states ANY app can be deleted from phones. Hopefully it passes.
The app continues to take in data even though I have it turned off. I use a different app for steps and running, and have Motion privacy turned OFF. However, every few days I check and my data, steps length and such are in the health app. I have to wipe it at least once a week. Why do they keep track when I set it to off?
Very shady of Apple. Can't they just do what they say they're going to do?

The Health app is just one app of an entire underlying "Health Framework". The Health app itself doesn't collect data, but rather serves as a way for you to view the data that's been collected from a number of other sources.

Is it possible that the app that you are choosing to use is submitting this data to the Health framework, and that's the data that you're seeing in the Health app, too?
 
Perhaps if you understood technologies, basic English or even just read the article you would know the answers to your questions and doubts.
Nice burn and all, and I don’t mean to sound dense here, but what are you talking about? I have no questions or doubts and I don’t see anything in the article that contradicts anything I said... Please read my comments, read the article, and if you still think you have a point then make it directly.
 
  • Disagree
Reactions: paper cup
Yes and no. G-d doesn't make mistakes, humans do. Companies run by humans make mistakes. Software developed by humans have bugs. Protocols have bugs and so on and so forth. (A mistake that is repeated is no longer called a bug, it's called a feature. /s) Repeating the same mistake over and over, would at least, give me pause, the company (meaning the humans running the company) are not incorporating past performance into future plans.
Everybody makes mistakes, but some are more forgivable than others. UI glitches don’t bother me much. Privacy and security failures do. A lot. This isn’t the first time Apple blew it on what they consider a core competence. You start making bugs like this a fireable offense and you start to see less of them. You laugh in the break room about how only god doesn’t make mistakes and you see more of them.

As others have pointed out, the magnitude of the direct impact of this particular failure wasn’t enormous but it does show that Apple still has blind spots internally. When you do something reckless, you don’t just say “relax, nobody got hurt”— you look at what could happen if that kind of behavior continues and take the lapse in judgement seriously.

Apple needs to hold themselves to a higher standard than you’re suggesting. That means continuing to be transparent about their failures to the outside world despite the bad PR, as they were here, while taking it incredibly seriously internally. They will only take this seriously if their customers do.

Good reputations are easy to lose, and people are always looking for a reason to knock some one off a high horse. I believe Apple is better than most at privacy but they need to keep proving it. So I start the count again:

It’s been | 01 | days since the last privacy breach.​
 
Last edited:
  • Like
  • Disagree
Reactions: paper cup and I7guy
So much for privacy.
Sorry to be direct, but get a grip. Were you apart of this study? And if so, did you read the email on what data was obtained without consent? It’s not a big deal. A lot these days (re: data, privacy, etc.) is inexcusable, this is not one of those times, IMO.
 
Everybody makes mistakes, but some are more forgivable than others. UI glitches don’t bother me much. Privacy and security failures do. A lot. This isn’t the first time Apple blew it on what they consider a core competence. You start making bugs like this a fireable offense and you start to see less of them. You laugh in the break room about how only god doesn’t make mistakes and you see more of them.

As others have pointed out, the magnitude of the direct impact of this particular failure wasn’t enormous but it does show that Apple still has blind spots internally. When you do something reckless, you don’t just say “relax, nobody got hurt”— you look at what could happen if that kind of behavior continues and take the lapse in judgement seriously.

Apple needs to hold themselves to a higher standard than you’re suggesting. That means continuing to be transparent about their failures to the outside world despite the bad PR, as they were here, while taking it incredibly seriously internally. They will only take this seriously if their customers do.

Good reputations are easy to lose, and people are always looking for a reason to knock some one off a high horse. I believe Apple is better than most at privacy but they need to keep proving it. So I start the count again:

It’s been | 01 | days since the last privacy breach.​
How one views this is purely subjective. Privacy and security is not binary and mistakes happen. If we are discussing PII that went out, that's a different scope than length of time for some historical data. And whether someone was fired for this or not, we don't know. Basically perfection doesn't exist.

Every company has blind spots, wasn't there a recent outage with google and aws? Shouldn't have happened, but the response should be aligned with the issue at hand.

Keep saying Apple should hold themselves to a higher standard, they do, but mistakes happen. There is no such thing as nobody will ever not make a mistake. It's those who don't learn from the past who are doomed to repeat it.

Good reputations are easy to lose, but a reputation is given not taken. I still give Apple's reputation high marks, but that's me.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.