this post was submitted on 07 Jul 2023
23 points (100.0% liked)
Memmy - An iOS client for Lemmy
5076 readers
1 users here now
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Hey dev here. The only reason a device ID is recorded is for push notifications. The source code for this is available at https://GitHub.com/memmy-app/memmy-push. We need the push notification token for your device (unique to the app actually, and I’m not fully confident the privacy notification is required but because Apple can be anal, I added it)
If you do not enable push notifications then no data is transmitted to us at all. Everything stays on device.
Also, here is the code where this data is transmitted to Memmy's server https://github.com/Memmy-App/memmy/blob/e67ce00ec8dcc4897bf9740478594cf72fbbe3f2/src/hooks/notifications/useNotifications.ts#L59
According to Apple the device ID used by Memmy is coupled to my identity.
But Apollo used the device ID that wasn't coupled to my identity.
I can't speak for how this worked for Apollo, however I can explain the reasoning behind marking it like this.
Apple's policy on whether something is linked to an identity or not:
Your auth token is (in my opinion) tied to your identity. With that auth token, we technically have access to your email address (among the rest of your Lemmy settings) because that data can be retrieved from the API using the same auth token. Note You must not tie the data to other datasets that enable it to be linked to the user's identity.
This is, to me, an issue that cannot be resolved because of the current state of authentication. It is not possible to request a "read only" scope, where we could simply have you create a new token for us to store that only gives us access to your notifications. Lemmy does not currently support this. This is also why there is a notification to users before enabling push notifications. We want to be completely transparent in what we could do with the data transmitted before you transmit it.
Now I might be wrong in my interpretation of the actual policies and what does constitute linking. If that is the case, I'm totally fine with someone correcting me and we can go from there.
Edit: Markdown messed that up.
Again, I should also note that the token transmitted to us is NOT a token that can be used for tracking. It is not unique to your device, and if you were to just uninstall the app this ID would change and you'd need to update it by re-enabling push notifications. However, Apple does not specify which device ID they refer to in this requirement, instead saying "Such as the device's advertising identifier, or other device-level ID"
Edit 2: Also, for reference here is a list of possible reasons for using the device ID:
I’d just like to say thanks for taking OP’s question so seriously and going beyond mere transparency and into genuine user education. Understanding your decision-making process on this is really awesome from a “can I trust this app?” perspective, in addition to the source code being open to all.