Get started with App.net.

mrgan

For years I’ve rejected app ideas that would require the user’s Apple ID and password, certain that Apple would reject such apps swiftly. Now, Sunrise app—which asks for this info, and a whole lot more—is not just approved, but prominently featured. Sigh.

replies

repost

stars

jaredsinclair

@mrgan What the hell do they need that for?!

mrgan

@jaredsinclair To get full access to your calendar, they claim. They also want full FB access. It’s the most snoopy app I can recall.

scottjal

@mrgan creepy.

ronnie

@mrgan And they were part of the MongoHQ [mobile.theverge.com] hacking debacle. @jaredsinclair

jaredsinclair

@ronnie “all of their data and credentials are safe, with the exception of their iCloud calendar data…” So everything is fine, nothing is ruined, except the keys to your entire digital life — better change those. @mrgan

infante

@mrgan On top of that, Apple featured a calendar app with natural language processing whose example for entering an event is "Lunch tomorrow at 9pm".

mrgan

@infante That’s funny, but not really important. Sunrise’s approach is literally dangerous.

infante

@mrgan Especially since calendar access does not require the Apple ID, right?

ronnie

@jaredsinclair I used the app at the time, my email to them was ugly. They deleted my account quickly. I was surprised to it featured on the App Store so prominently. @mrgan

savaran

@mrgan though as horrible as it is, to be fair Apple shouldn't use your normal password for accessing CalDAV.

mrgan

@infante They need more than the API allows, I get that. But still, no.

mrgan

@savaran …what kind of password should they use?

savaran

@mrgan well it's not uncommon for services to support app specific passwords these days, there's no reason Apple couldn't support them for pieces of iCloud

steveriggins

@mrgan that has to be a major oversight, no?

mrgan

@savaran That sounds like an absolute nightmare. Most users have a hard enough time with passwords as it is.

mrgan

@steveriggins And the sad thing is, that’s the best possible explanation.

steveriggins

@mrgan I did get past registration. Do they actually use their own UI to collect that info, vs just asking for permission to your calendars???

steveriggins

@mrgan did not I mean, sorry

mrgan

@steveriggins Yup, they straight-up ask for your Apple ID and password. With FB, they also ask you to log in vs using the OS authentication.

steveriggins

@mrgan so wait, I fret over getting a 9 day review for a perfectly clean app and these guys ah that just makes me angry at all parties now lol

paulkruczynski

@ronnie a fool and their identity are soon parted /cc @mrgan @jaredsinclair

mrgan

@steveriggins I don’t want to get into it publicly but yeah, this fills me with volcanic rage about all the times I’ve hit the approval wall.

mrgan

@paulkruczynski @jaredsinclair Blaming “fools” is the wrong approach. Technology can’t just be secure; it also has to be approachably so.

paulkruczynski

@mrgan @jaredsinclair I'm sorry, I don't understand. I'm for approachable technology, but not the way sunrise.am handles it

mrgan

@paulkruczynski @jaredsinclair Then I don’t understand what you originally meant. You’re calling users fools instead of calling Sunrise and Apple scoundrels.

biggsjm

@mrgan @paulkruczynski @jaredsinclair what I don’t understand is how the iPad version can have a 4-star rating. I looked at several reviews most were 1-star / privacy warnings.

paulkruczynski

@mrgan @jaredsinclair Well, ok, it's an unclear two-part critique. I think what sunrise.am is offering has value, HOWEVER the terms of the agreement aren't worth it to the user—privacy, data mining. I have empathy, but users should know better by now (1/2)

paulkruczynski

@mrgan @jaredsinclair (2/2) by "should" I mean by how many regular people hate what Facebook does. But, worse, yes, is Sunrise, Apple, etc, to allow these setups in the first place. It's a bit wild west still, in reality. Users need more protection.

paulkruczynski

@mrgan @jaredsinclair The "fools" part was just a flippant turn of phrase.

mrgan

@paulkruczynski Agreed, then. Some people make it far too easy to compromise their information; and sadly, some companies do, too.

sanz

@savaran @mrgan They claim use a secure access token that only be used for icloud. Is this possible?

dominikto

@sanz @savaran @mrgan iCloud CardDAV/CalDAV auth works via http basic auth with Apple ID/password afaik.

savaran

@dominikto yeah, the work I've done with CalDAV hasn't given me any indication that Apple supports any kind of advanced authentication @sanz @mrgan

dominikto

@savaran there is a token in a header, but iirc that’s short-lived after authenticating via basic auth.