[sneak]

If the community maintains it, why hasn't the community removed the phone-home surveillance in the iOS client?

This is something I only see in packages maintained by a central authority that wants to consume the data from the community, at the expense of end user privacy.

[zacwest]

I'm the maintainer of the iOS/macOS app these days. I'm not paid by Nabu Casa and I do it in my free time (if anything, Nabu Casa has avoided doing things which may inadvertently monetize my work to not my benefit, which I appreciate).

There's no analytics nor reporting in the app. I've been slowly removing[0] things that talk to servers other than your Home Assistant server, but your private information's never left the device. Right now the app will talk to 2 additional sources, both of which you can disable in the Privacy settings:

1. alerts.home-assistant.io, which will alert for security issues but is strictly a JSON file it loads [1]

2. Firebase Cloud Messaging, for push notifications (since we can't talk to APNS directly in HA)

FCM is a dependency I'm actively trying to kill off in favor of an implementation that is both end-to-end encrypted and talks directly to Apple's Push Notification Service. Apple would not allow a solution where HA talks directly to APNS as they do not want that many active connections, and it would require disclosing private keys for the App Store account.

Unless Robbie wanted to give me his personal Apple ID password, moving the app to the Nabu Casa App Store account was the only way for me to do anything with the app.

[0] https://github.com/home-assistant/iOS/pull/2010 [1] https://github.com/home-assistant/iOS/blob/861a40a50aa201ff4...

[madjam002]

That's freakin awesome, it's so refreshing to see this, especially when Home Assistant is likely to be installed on non-techie's phones and you want to just set it and forget it.

Thank-you for all of your work on the Home Assistant iOS app, it's one of the best parts of the ecosystem imo.

[sneak]

The app privacy label on the iOS App Store directly contradicts your claims.

Is it out of date?

[zacwest]

The privacy labels are larger buckets than what I went into, and they err on the side of being more inclusive. For example, Firebase collects usage data on notifications (when they are received, opened, etc.) by virtue of being used, so that privacy label cannot be removed. It's possible some of the "diagnostics" can be taken off the privacy label.

[sneak]

Is it possible to entirely disable FCM in the client to avoid its phoning home to Google? If I wanted Google to have my home event data I would just use Google Home.

[zacwest]

Yes. The toggle in Privacy will make the app not initialize Firebase. The library will still be in memory, but I don't believe it does anything. I also do not want Google to receive anything, which is why it's going to be removed once we have a replacement.

[pabs3]

Re memory, maybe use dlopen to load Firebase when it is enabled?