[robbiet480]

Hello, I’m the original creator of the Home Assistant iOS Companion App. Just wanted to clear up that Nabu Casa took over the iOS and Android apps purely because of requirements by Apple and Google around a corporation being the only entity that can have a development team. At no time did Nabu Casa pay any money to me or anyone else to acquire the apps. They were transferred to Nabu Casa purely for convenience, since Home Assistant Inc doesn’t exist.

[stingraycharles]

Do I understand correctly that you just gave the iOS app out of your hands, for Nabu Casa to maintain? Or is it solely a legal structure?

I find it interesting if it were the former, I personally would have considered monetizing it myself, but then again, it’s probably not a coincidence I haven’t founded any opensource projects as impactful as Home Assistant. :)

[robbiet480]

Nabu Casa doesn't maintain it, the community does. I personally haven't worked on it in a while now because I've been consumed with my new company but it is still being very actively developed. I still have full access to the source code and developer account and such and am a resource to whoever needs my input as time permits.

[sneak]

If the community maintains it, why hasn't the community removed the phone-home surveillance in the iOS client?

This is something I only see in packages maintained by a central authority that wants to consume the data from the community, at the expense of end user privacy.

[zacwest]

I'm the maintainer of the iOS/macOS app these days. I'm not paid by Nabu Casa and I do it in my free time (if anything, Nabu Casa has avoided doing things which may inadvertently monetize my work to not my benefit, which I appreciate).

There's no analytics nor reporting in the app. I've been slowly removing[0] things that talk to servers other than your Home Assistant server, but your private information's never left the device. Right now the app will talk to 2 additional sources, both of which you can disable in the Privacy settings:

1. alerts.home-assistant.io, which will alert for security issues but is strictly a JSON file it loads [1]

2. Firebase Cloud Messaging, for push notifications (since we can't talk to APNS directly in HA)

FCM is a dependency I'm actively trying to kill off in favor of an implementation that is both end-to-end encrypted and talks directly to Apple's Push Notification Service. Apple would not allow a solution where HA talks directly to APNS as they do not want that many active connections, and it would require disclosing private keys for the App Store account.

Unless Robbie wanted to give me his personal Apple ID password, moving the app to the Nabu Casa App Store account was the only way for me to do anything with the app.

[0] https://github.com/home-assistant/iOS/pull/2010 [1] https://github.com/home-assistant/iOS/blob/861a40a50aa201ff4...

[madjam002]

That's freakin awesome, it's so refreshing to see this, especially when Home Assistant is likely to be installed on non-techie's phones and you want to just set it and forget it.

Thank-you for all of your work on the Home Assistant iOS app, it's one of the best parts of the ecosystem imo.

[sneak]

The app privacy label on the iOS App Store directly contradicts your claims.

Is it out of date?

[zacwest]

The privacy labels are larger buckets than what I went into, and they err on the side of being more inclusive. For example, Firebase collects usage data on notifications (when they are received, opened, etc.) by virtue of being used, so that privacy label cannot be removed. It's possible some of the "diagnostics" can be taken off the privacy label.

[sanguy]

Hey Robbie - glad to see you. Yes, the iOS app was transferred prior to Nabu Casa ramping up their current approach.

Too bad; if you hung on you could have gotten some $$$ for it. It would have made me happy to see you financially rewarded as you did contribute a lot early on.