Hacker News new | past | comments | ask | show | jobs | submit login

One approach on iOS is to store unique identifier in the “Keychain” (or iCloud itself) which is data kept in the cloud tied to a user’s Apple ID account. Of course this is only an impediment to a determined stalker (who could create a new Apple ID). But a determined stalker could also use a fake name and get a new phone number.

See https://stackoverflow.com/questions/25276393/how-to-ban-an-i... for more details.




>One approach on iOS is to store unique identifier in the “Keychain” (or iCloud itself) which is data kept in the cloud tied to a user’s Apple ID account

Wouldn't it be obviously visible because you can see the app/file on icloud?

Also, I'm pretty sure the keychain idea is banned by app store guidelines.


Haha, the funny thing is that the service isn’t even storing that piece of data – the user is! So GDPR, etc. should be covered.

Although, if the user finds out about the mechanism they can just delete the entry from their keychain.


That keychain is different from the publicly viewable one in settings


I think you are incorrect. I've looked into my Keychain Access > iCloud on Mac and found some entries that seemlike they were created with the APIs you suggest.

E.g. WizzAir has three entries: `WizzAirLogin.username`, `WizzAirLogin.password` an `WizzAirLogin.firstName`.

Or Spotify stored `com.spotify.login.credentials`, `com.spotify.connect.lastStoredDataKey` and `com.spotify.connect.iplSessionHistoryDataKey`.


If that's true (and only the app who stored the item can retrieve it) I wonder who is responsible for GDPR regarding its storage.

Is the app responsible? But it cannot even access the data after it is deleted.

Apple? They have no idea what the data is.

User? They don't even know about the data and cannot access it either.

No one?




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: