Conversation
Opt-out (with first-foreground prompt) weekly check-in to https://lf.bjorkert.se/api/telemetry/checkin. Trigger fires from both AppDelegate.didFinishLaunchingWithOptions (covers background launches) and SceneDelegate.sceneDidBecomeActive (covers foregrounds), keeping cadence honest for follower-style usage where the app is rarely opened. Payload covers app/iOS/device version, build origin (TestFlight or not), time zone, and a few selected settings (units, remoteType, appearanceMode, contactEnabled, calendarEnabled, backgroundRefreshMethod). Salted-and-truncated SHA-256 hashes of Dexcom username and Nightscout host are sent only when those backends are configured. A sliding 7-day cold-launch counter rides along as a stability signal. No glucose, insulin, carbs, Nightscout URL/token, Dexcom credentials, or logs leave the device. Settings -> Diagnostics has the toggle, a privacy summary, and a "What's sent" inspector that renders the exact JSON about to be posted.
Collaborator
|
I tested this - so you should be getting data from my mope site. |
- Drop hashed Nightscout host and hashed Dexcom username; replace with usesNightscout / usesDexcom booleans. The salt is committed in source, so a hashed NS URL is reverse-lookupable from a forum post, and the hashed host is effectively a patient identifier the patient never consented to. - Drop timeZone from the payload. - Send IDFV raw rather than hashed — it's already an opaque per-vendor UUID, hashing it with a public salt is purely cosmetic. - Add followingApp (Loop / Trio / ...), omitted when device isn't yet known. - Switch cadence from "weekly + every cold launch + on build change" to once per 24h via TaskScheduler. Startup fires one immediate ping when the build SHA changed since the last successful send. The settings toggle re-arms the scheduler when flipped from off to on.
IDFV (sent raw) plus the existing instance field already gives a stable per-install identifier, so the separate generated UUID is redundant. One fewer stable identifier in the wire.
AppDelegate handles the launch-time SHA-change shortcut and TaskScheduler handles the 24h cadence; the foreground hook also calling maybeSend produced two pings per cold launch (and two first-seen Telegram alerts). The hook keeps its other job — presenting the consent sheet on first foreground when the user hasn't decided yet.
Collaborator
TestTest again with some privacy issues updated. I saved the json of what was sent in prior instance and then saved again the one now that some security issues were updated. This is what is sent after the update: These items are no longer included: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
AppDelegate.application(_:didFinishLaunchingWithOptions:)andSceneDelegate.sceneDidBecomeActive, so cadence stays honest for follower-style usage where the app is rarely opened.https://lf.bjorkert.se/api/telemetry/checkinwith a Bearer token committed in source. The token is intentionally not a secret — the backend's TLS, NGINX rate limit, schema validation, MongoDB dedup index, and an insert+find-only role are what bound abuse.User-facing documentation
loopandlearn/loopfollowdocs#30 — adds a new Privacy → Anonymous Telemetry page covering what is and isn't sent, opt-out, frequency, and where reports go.
Payload
{ "clientId": "<permanent UUID, generated locally on first launch>", "appVersion": "6.0.7", "buildNumber": "100", "buildBranch": "dev", "buildSha": "d691b34", "buildDate": "2026-04-15", "isTestFlight": true, "hashedTeamId": "<salted SHA-256 of dev team, 16 hex chars>", "instance": "LoopFollow", "hashedIDFV": "<salted SHA-256 of identifierForVendor>", "device": "iPhone15,2", "platform": "iOS", "osVersion": "17.5", "timeZone": "Europe/Stockholm", "hashedDexcomAccount": "<sent only when Dexcom Share is configured>", "hashedNightscoutHost": "<sent only when Nightscout is configured>", "backgroundRefreshMethod": "Silent Tune", "units": "mg/dL", "remoteType": "none", "appearanceMode": "dark", "contactEnabled": false, "calendarEnabled": false, "coldLaunches7d": 12 }The server adds
receivedAtandweekBucketbefore storing.What is NOT sent
No glucose, insulin, carbs, treatments, or any other health data. No Nightscout URL or API token. No Dexcom credentials. No remote-command secrets or APNS keys. No location data. No logs — logs are only ever shared if the user explicitly exports them via the existing flow.
User-facing surfaces
Cadence and resilience
buildShachange forces an immediate re-send.Files
LoopFollow/Helpers/Telemetry.swiftTelemetryClientplus three SwiftUI views (consent, preview, privacy).LoopFollow/Storage/Storage.swiftLoopFollow/Helpers/BuildDetails.swiftcommitShaaccessor mirroring the existingbranchaccessor.LoopFollow/Application/AppDelegate.swiftmaybeSend()on every cold launch.LoopFollow/Application/SceneDelegate.swiftmaybeSend()and presents the consent prompt on first foreground.LoopFollow/Settings/GeneralSettingsView.swiftLoopFollow/Log/LogManager.swift.telemetrylog category.LoopFollow.xcodeproj/project.pbxprojTelemetry.swift.