I received this email and I am glad they were forthcoming about it. I feel confident that any information collected will not result in a breach any less than Facebook or any additional nefarious social platforms.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Hearing Study Bug Results in Accidental Historical Data Collection From Participants
- Thread starter MacRumors
- Start date
- Sort by reaction score
Apple is building a lot of its reputation around its attention to privacy and security. We essentially take them at their word because trust is everything here. If this were Facebook, I and most others here would blow off the apology as more cynical corporate doublespeak. At some point there just isn’t much difference between incompetence and ill intent.
Apple’s success depends on getting this right. They should have processes and well tested frameworks to prevent this. Saying "bugs happen" lets them off too easy. Apple can’t make mistakes when it comes to privacy. They can’t make mistakes when it comes to their wearable health initiative. The bar needs to be higher than that. Mistakes in these areas need to be seen as the failures that they are.
Last edited:
By signing up and agreeing I just assume there’s going to be bugs and things. Nothing is perfect.. if you don’t want possible mistakes or bugs, then don’t sign up.
Everything you do on your device generates log files or "historical data".
Some of the items like ambient sound are recorded as part of health data.
In all cases the data is stored on the iPhone or in iCloud in encrypted formats to which Apple does no have the keys.
There's nothing surreptitious about this "historical data" it's all normal operation of the devices.
Have you tried backing up and restoring from an iTunes (well it's not in iTunes any more, it's in the finder but I still call it iTunes) encrypted backup instead of iCloud? Those appear to be a good way to copy literally everything over from one device to another, I almost have nothing to re-set-up after transferring to a new device that way. It's also pretty quick.
It's been 1/2 a decade since I was even able to back up even one of my devices to iCloud so I've been doing it this way because of that, however it does work pretty well in general.
up next, our covid tracing app did collect location data on you, and shared it with the goverment. opps, sorry.
Come on, you know some POS ambulance chasing lawyer is going to find someone to start the case. Anytime Apple is involved some lawyer decides they can make a buck.
People talk a lot about HIPAA, but HIPAA actually gets in the way of better healthcare. Why? Because HIPAA makes it almost impossible to get useful health data.
With the right data we could see what treatments work, which don't work, and which are wastes of money, for every diagnosable condition for each age and ethnic group. Unfortunately, that data set is pretty much impossible to get in the US due to HIPAA. "Oh boy, I have an age bucket of 17-65. BFD." Anyone with a brain knows there's a difference between a 17 year old and a 55 year old.
I'm sure it's possible in other countries. It's technically possible to do in the US if you're an academic and have access to the various ACPDs, but most health researchers on the academic side have a surprising lack of imagination when it comes to health data. Maybe they're just intimidated by the size of the data set?
Anyway, enough random ranting about HIPAA. It's unclear if this is a real issue anyway, because the study is collecting data daily and storing it, and yesterday's data is technically "historical." So the fact that they might have been asking for that data again is more of a waste of bandwidth than a privacy issue.
With the right data we could see what treatments work, which don't work, and which are wastes of money, for every diagnosable condition for each age and ethnic group. Unfortunately, that data set is pretty much impossible to get in the US due to HIPAA. "Oh boy, I have an age bucket of 17-65. BFD." Anyone with a brain knows there's a difference between a 17 year old and a 55 year old.
I'm sure it's possible in other countries. It's technically possible to do in the US if you're an academic and have access to the various ACPDs, but most health researchers on the academic side have a surprising lack of imagination when it comes to health data. Maybe they're just intimidated by the size of the data set?
Anyway, enough random ranting about HIPAA. It's unclear if this is a real issue anyway, because the study is collecting data daily and storing it, and yesterday's data is technically "historical." So the fact that they might have been asking for that data again is more of a waste of bandwidth than a privacy issue.
Perhaps if you understood technologies, basic English or even just read the article you would know the answers to your questions and doubts.
Keep in mind that we Live in a world where our government literally had to label a conspiracy theory started on message boards as an actual possible security threat, and where congress has literal conspiracy theorists in it.
People love thinking that Corporations and the government actually thinks they’re important.
Newsflash: they don’t
Yes and no. G-d doesn't make mistakes, humans do. Companies run by humans make mistakes. Software developed by humans have bugs. Protocols have bugs and so on and so forth. (A mistake that is repeated is no longer called a bug, it's called a feature. /s) Repeating the same mistake over and over, would at least, give me pause, the company (meaning the humans running the company) are not incorporating past performance into future plans.
I imagine for a tech company when they discover this bug, they just either keep or delete the data and don't tell the user. "Why unnecessarily stress out the user?" "It will harm our brand image." I applaud Apple's approach in being upfront with the accidental data collection. They still took a more "We did this but it's ok because you said this" approach - probably not to get in the headlines or add stress to the user. Either way, I wish more tech companies were honest when they made mistakes, share steps they took to prevent the mistake reoccurring, and gave options to the user on how to remedy the mistake. "If you would like us to use this data in the research, please opt-in otherwise the data will be removed in 30 days..." Etc...
Just my thoughts,
Just my thoughts,
Can't put it past opportunistic "lawyers", but this is exactly why Apple was proactive and forthcoming about it.... to ensure that any legal action was protected against.
The Health app is just one app of an entire underlying "Health Framework". The Health app itself doesn't collect data, but rather serves as a way for you to view the data that's been collected from a number of other sources.
Is it possible that the app that you are choosing to use is submitting this data to the Health framework, and that's the data that you're seeing in the Health app, too?
Nice burn and all, and I don’t mean to sound dense here, but what are you talking about? I have no questions or doubts and I don’t see anything in the article that contradicts anything I said... Please read my comments, read the article, and if you still think you have a point then make it directly.
Everybody makes mistakes, but some are more forgivable than others. UI glitches don’t bother me much. Privacy and security failures do. A lot. This isn’t the first time Apple blew it on what they consider a core competence. You start making bugs like this a fireable offense and you start to see less of them. You laugh in the break room about how only god doesn’t make mistakes and you see more of them.
As others have pointed out, the magnitude of the direct impact of this particular failure wasn’t enormous but it does show that Apple still has blind spots internally. When you do something reckless, you don’t just say “relax, nobody got hurt”— you look at what could happen if that kind of behavior continues and take the lapse in judgement seriously.
Apple needs to hold themselves to a higher standard than you’re suggesting. That means continuing to be transparent about their failures to the outside world despite the bad PR, as they were here, while taking it incredibly seriously internally. They will only take this seriously if their customers do.
Good reputations are easy to lose, and people are always looking for a reason to knock some one off a high horse. I believe Apple is better than most at privacy but they need to keep proving it. So I start the count again:
It’s been | 01 | days since the last privacy breach.
Last edited:
Sorry to be direct, but get a grip. Were you apart of this study? And if so, did you read the email on what data was obtained without consent? It’s not a big deal. A lot these days (re: data, privacy, etc.) is inexcusable, this is not one of those times, IMO.
How one views this is purely subjective. Privacy and security is not binary and mistakes happen. If we are discussing PII that went out, that's a different scope than length of time for some historical data. And whether someone was fired for this or not, we don't know. Basically perfection doesn't exist.
Every company has blind spots, wasn't there a recent outage with google and aws? Shouldn't have happened, but the response should be aligned with the issue at hand.
Keep saying Apple should hold themselves to a higher standard, they do, but mistakes happen. There is no such thing as nobody will ever not make a mistake. It's those who don't learn from the past who are doomed to repeat it.
Good reputations are easy to lose, but a reputation is given not taken. I still give Apple's reputation high marks, but that's me.