Comment by bijant
4 years ago
I‘m sorry for You. I can see how you‘d think that your software is providing society a service. And yet from my perspective your software is malware. I don’t think you have considered the legal ramifications of your software in all markets where the app store is offered. Aside from the legal risk to You, there is also a reputational risk to Apple, a company trying to rebrand itself by focussing on privacy (CSAM nonwithstanding). Do you have safeguards that can 100% rule out the use of your App as spyware ? I think you should move on with your life.
> And yet from my perspective your software is malware.
At first I thought exactly this. This app is disclosing what it does, in the open. The product is very direct and clear what it does, and how it does it. One of the hallmarks of malware is that is is doing things without the user knowing, or in many cases wanting. The only way I would install this is if I wanted it to do exactly what it does.
> Do you have safeguards that can 100% rule out the use of your App as spyware ?
I'm not sure that this is really what is needed here. Any app with telemetry, especially screenshots could be used as spyware. In this case, the app is not hidden, is installed by the user, and it is very clear what it does. There's nothing clandestine or spy-ish about it. It is literally marketed saying this app will take and send screenshots to a person you pick.
> I don’t think you have considered the legal ramifications
This is probably where the biggest potential problems really are: truple is collecting evidence that likely would be used against users in court - be it civil court where it could be used to prove you were doing something bad at 10am (you were chatting instead of working) last week or criminal court where the screenshot might be used as direct evidence of a crime.
With regards to the last point. Truple offers end-to-end encryption. We also permanently delete all accountability data once it's 15 days old. Not saying it's without risk, just that I've done everything I can to mitigate the risks of data getting into hands it shouldn't.
Competitors currently allowed by Apple don't offer end-to-end encryption. Most delete data eventually, but 15 days is the shortest retention I'm aware of.
It's not malware if it's voluntarily installed and wanted by the end user, provides a persistent notification indicating that monitoring is occurring, etc. These are the requirements Apple/Google have for parental control type apps.
In case you didn't read the full description, Apple is allowing competitors to do the same thing.
I've gone over privacy concerns with lawyers though I appreciate your concern/suggestions.
> And yet from my perspective your software is malware.
So don't buy/install it. But don't take away that choice from other people. I have a good married friend who uses parental control software on himself to reduce the temptation to look at porn. It basically just gives his wife access to his browsing history. Sure, he could bypass it a number of ways if he was really determined, but it's more about just raising the level of effort required so that impulsive usage is mitigated.
> So don't buy/install it. But don't take away that choice from other people.
It's not that simple. You are purposefully bringing up an extremely rare use case to detract from the fact that 99% of users of this software are going to be abusive parents who install it on their children's phones without consent. (Or heck, maybe even abusive spouses.) If parents are that concerned, even banning their children from "innocent" apps like Twitter or computer/phone use altogether is better than this invasive 1984-like software.
Designing systems that don't empower abusers is so, so incredibly important.
Completely separately, though, it's also the case that OP is essentially building an Internet-connected backdoor into the system that will have been permitted to monitor cross-app activity. Even if data is E2E encrypted, that doesn't mean the software is immune from vulnerabilities that could then piggyback on the elevated permissions given to the app. And OP being a bootstrapped developer without the resources to have robust security practices is a liability here. Apple's response to treat this as a vulnerability is reasonable.
(As a side note, if OP wanted to distribute source code and unsigned binaries, macOS would allow an end user to run that software, and that's a perfectly reasonable caveat emptor for me. But Apple is under no obligation to digitally vouch for software that enables abusers and hackers.)
1 reply →
> install it on their children's phones without consent
That's a curious phrasing. Are you implying a parent needs consent from their minor child to install something, anything they deem appropriate, on "their" phone?
7 replies →
I'm not at all convinced this is an extremely rare use case. There are hundreds of thousands of Christian pastors, priests and ministers of religion who would probably find this very useful. There are a lot of Christians who would also find this useful, for themselves.
> You are purposefully bringing up an extremely rare use case to detract from the fact that 99% of users of this software are going to be abusive parents
What exactly is abusive about me wanting to know if my 6 year old is watching porn?
Are parents that signed up for Youtube Kids abusive, too? Is Google abusive for filtering the videos? And are all those who shared articles about how porn was showing up in YTKids abusive for letting parents know that their children might have been exposed to mature material?
5 replies →
> So don't buy/install it. But don't take away that choice from other people.
You mean the choice to install malware on other people's devices? Why shouldn't it be taken away?
Reveal to a loved one, someone of their choosing. It's not revealing it to the world or even to Truple.
> The whole purpose of this software is to the reveal the private life of others. Why should people be able to install malware on other people's devices? People shouldn't be allowed to do it to other peoples devices. People should be allowed to install software on their down devices, for their kids or for their own use to help with online behaviors/addictions.
9 replies →
It would be a bit less of an issue if Apple allowed apps outside of their store to be installed to begin with.
Off topic, I knew marriages could be toxic but this is peak. If you don't trust your partner 100%+ the marriage is already dead IMHO.
My friend doesn't trust himself not to look at porn without a safety rail, so he bought a safety rail and gave his wife the key, so to speak. How does that make his marriage toxic?
3 replies →
> And yet from my perspective your software is malware.
Your perspective is objectively incorrect. Something cannot be "malware" if it is intentionally installed for a purpose beneficial to the installer, doesn't contain hidden anti-features, or doesn't make itself intentionally hard to uninstall (modulo the obvious cases where that's a feature, such as find-my-stolen-device tools, and this one).
> I think you should move on with your life.
This is useless and the opposite of helpful. If you don't have anything constructive to say on HN, perhaps you shouldn't say anything at all.
> I‘m sorry for You. I can see how you‘d think that your software is providing society a service.
...and this is downright condescending.
I also don't want Apple approving apps which can essentially take over everything and eliminate all safety or privacy guarantees... but this developer is also saying that Apple has approved competitors of the same nature.
I don't know how accurate the fine details are, but this story in its broad outlines seems very unfair and capricious.
Competitors are allowed to capture screenshots randomly and send those screenshots to someone. The details are very similar. Interestingly enough, competitors don't end-to-end encrypt the data. Only I do that.
If there was some little tweak that was super important to Apple, I'd hope they'd let me know about it instead of being silent though. I'm willing to adjust based on their feedback, but they say nothing.
> I also don't want Apple approving apps which can essentially take over everything and eliminate all safety or privacy guarantees.
Unfortunately, it won't happen because that would mean Apple need to ban MDM software from the App Store. Thousands of thousands of companies using MDM and it won't be a good move for Apple if they attempt to do so. Apple could do it, but they will lose profits, money talks louder than doing for the goodwill.
MDM = mobile device management, in case you didn’t know like I didn’t.