Hacker News new | ask | show | jobs
by yreg 1246 days ago
Haha, the funny thing is that the service isn’t even storing that piece of data – the user is! So GDPR, etc. should be covered.

Although, if the user finds out about the mechanism they can just delete the entry from their keychain.
1 comments
newZWhoDis 1246 days ago
That keychain is different from the publicly viewable one in settings
link
yreg 1245 days ago
I think you are incorrect. I've looked into my Keychain Access > iCloud on Mac and found some entries that seemlike they were created with the APIs you suggest.

E.g. WizzAir has three entries: `WizzAirLogin.username`, `WizzAirLogin.password` an `WizzAirLogin.firstName`.

Or Spotify stored `com.spotify.login.credentials`, `com.spotify.connect.lastStoredDataKey` and `com.spotify.connect.iplSessionHistoryDataKey`.

link
yreg 1245 days ago
If that's true (and only the app who stored the item can retrieve it) I wonder who is responsible for GDPR regarding its storage.

Is the app responsible? But it cannot even access the data after it is deleted.

Apple? They have no idea what the data is.

User? They don't even know about the data and cannot access it either.

No one?

link