search

nightscout / Trio

MIT License
49 stars 154 forks source link

Connect Cockpit Diabetes App to Trio Directly - by Lukas Schuster (@schusterlich) #193

Open tmhastings opened 2 months ago

tmhastings commented 2 months ago

From Lukas Schuster @schusterlich (primary dev of Cockpit) to connect Trio data directly to Cockpit without going through Apple Health. Doing so will enable Trio users to access the premium membership for free to view their Trio data and data analysis in Cockpit.

what needs to be done is:

Check if the App is Installed: In the app that is calling your custom URL scheme, you need to first check if your app can handle the URL. This can be done using the canOpenURL: method of UIApplication. This method returns a Boolean indicating whether or not your app can handle the URL scheme.

Code-Snippet:

if UIApplication.shared.canOpenURL(URL(string: "diabetes-cockpit://")!) {
    UIApplication.shared.open(URL(string: "diabetes-cockpit://?activate=iaps")!, options: [:], completionHandler: nil)
} else {
    // App is not installed, open App Store link
    UIApplication.shared.open(URL(string: "[https://apps.apple.com/us/app/diabetes-cockpit/id1580577116")!](https://apps.apple.com/us/app/diabetes-cockpit/id1580577116%22)!), options: [:], completionHandler: nil)
}

Configure URL Schemes: Make sure that the calling app has your custom URL scheme listed in its Info.plist under LSApplicationQueriesSchemes. This step is necessary for the app to check if your app is installed:

Code-Snippet:

 <key>LSApplicationQueriesSchemes</key>
<array>
    <string>diabetes-cockpit</string>
</array>
LiroyvH commented 2 months ago

This will kind of end up looking like an in-app advertisement. But that aside; looking over the privacy policy, it collects quite a lot of data with which they can do quite much. If this (commercial? speaking of free memberships 'n all :)) app is integrated, even if the user has it installed: there should, if possible, probably be a prompt to ask if the user actually wants to enable sharing all data 1:1 to Cockpit? Doing so without clear question just because the user has Cockpit installed sounds like a potential problem as it concerns extremely sensitive private medical data.

Thing is: through Apple Health, you can control what the app can see (for example: if you only want it to see BG for stats, but that's it.). If it has full access to all data available in Trio: there's no such control other than the remaining Health-categories not collected within Trio. Would be careful adding integration and ensure the control of sharing data yes/no is on the side of this app rather than relying on the external app.

If such data sharing is unfortunately already instantly possible (due to no limitations on data Trio shares locally), then I'm not sure why a button in-app is required to prompt the user to download & install Cockpit and would tread carefully to avoid entertaining multiple such requests (for de facto in-app advertising).

flyingpie101 commented 2 months ago

For me, this is exactly the same as adding Tidepool integration. It needs to be disabled by default and enabled and setup by the Trio end user.

tmhastings commented 2 months ago

Agreed. No data sharing should be enabled by default at all.

schusterlich commented 2 months ago

Hey everyone :) Thanks for including me in the conversation!

Theresa and I discussed Cockpit and its benefits for more Loopers. Built with community support over the last 2 years, it’s specifically for Loopers. I put it on the official AppStore for better availability and safety, as it handles sensitive health data, and I’m personally liable. Transparency about data usage is crucial.

Since the app is for this community, I want to offer it for free to members. A simple way to enable this is through a community status, activated by the deep link Theresa mentioned. This grants free access to all usually paid features without requiring a direct data connection. Community status should maintain a 100% free app for the community. I oppose any data sharing without explicit consent and understanding, which would be illegal.

The easiest and safest path is using Apple Health, plus providing the deep link for activation, which contains no data.

There is an option to integrate data with Cockpit’s backend, but it requires significant effort and clear communication about data handling. Activating the community status would still be necessary. If you feel this is the best way of doing it, we can talk about it!

I’d ofc be happy about the visibility and if my work were useful to more people, which is why I created the project. If there are any concerns regarding data sharing, let’s talk about it. Nothing should be shared automatically; any sharing must be an informed opt-in decision and never required for free use of the app.

Thanks so much for investing your efforts into the community. Having worked in the diabets industry for 10y+ i can confirm you - its people like you that move the industry forward indirectly 🙌

TLDR: I strongly oppose any data sharing without clear consent. Cockpit was created by the community, and I want to grant everyone free access to paid features. iAPS should not share any data by default. Theresa and I concluded that activating free access through a deep link is the easiest solution for now.

Have a good day/evening/morning :) - whichever timezone you sit in! Best, Lukas

On 15.05.2024, at 20:21, tmhastings @.***> wrote:

Agreed. No data sharing should be enabled by default at all.

— Reply to this email directly, view it on GitHub https://github.com/nightscout/Trio/issues/193#issuecomment-2113168895, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABNQ3YEVG3Z56MXR5YUBEXLZCORUPAVCNFSM6AAAAABHYT7ZFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJTGE3DQOBZGU. You are receiving this because you were mentioned.

LiroyvH commented 2 months ago

Thanks for the feedback Lukas. Happy to entertain a discussion/air some of my personal concerns.

If there's going to be direct data sharing: I oppose any data sharing without explicit consent and understanding, which would be illegal.

Thing is, that's typically the crux. Such things are covered by and governed in the Privacy Policy and thus if that was "clearly consented to" (though nobody reads that stuff, but that's on them.) when installing the app: consent is technically and legally pretty much already addressed prior to any such new integrations as proposed. But that doesn't mean people really understand the implication of linking even more data to it through Trio and stuff like that is honestly what concerns me the most. The policy states that the collected (medical) data may be shared with and/or sold to third-parties and be used for an array of commercial purposes, about which I personally feel integration with such commercial efforts should be avoided in FOSS-applications - especially those that handle extraordinary sensitive data such as Trio. (To be even more frank, if we want to actually keep it pure: Trio should probably include a warning with integrations such as Nightscout as well to warn users that (portions of) the data will leave the app and will be governed by the privacy policy of whichever company, person or organization hosts your Nightscout.)

If it does not concern direct data sharing from Trio to Cockpit but only an in-app button of sorts: I personally don't really see the use of that. There's multiple apps for diabetes patients, such as yours, Sugarmate, Tidepool (though their app is more of an upload vessel, lol) but even Dexcom Clarity and whatnot. I personally feel that it's best to avoid de facto in-app advertisements to other apps unless it's really absolutely necessary and very useful. (And to be clear: I don't think your app is not useful, don't get me wrong - but an in-app button linking to your app wouldn't really add anything at all other than a link to a, from a grande perspective, random application). The data can be shared through Apple Health - with full control over the data you do/don't want to feed the app and extra terms set by Apple. Furthermore I'm concerned with a snowball effect: make such a button for one application and others come circling around to get the same treatment and all of course allegedly for the greater good of the loop community. (Which may me be good intentioned but may also be just a cashgrab in a nice wrapper :P You know how it can go sometimes. :)) Next thing you know there's all kinds of buttons to all kinds of apps, links to all kinds of services, etc. and if you don't then you get the discussion "why them but not me? :(" and so on and on.

Last but not least: 'Since the app is for this community, I want to offer it for free to members. A simple way to enable this is through a community status, activated by the deep link Theresa mentioned.' If the primary drive behind this is to ensure members of the looping diabetes community can get a free membership, couldn't you just reverse this? :) Try to detect Trio, Loop or iAPS on the phone. Detected? Grant free membership. Not detected (anymore)? Do not grant free membership.

Ergo, TL;DR:

Btw, I'm just one of the users and I'm just a single opinion. :) Maybe nobody else feels the same, maybe others think it's an absolutely fantastic idea and/or see no reason to think it could be harmful or become a nuisance eventually. But I'm very wary about integrating links to other apps; most notably commercial apps as it feels like a de facto advertisement then. On top of that, I greatly value proper privacy/data protection and the "consent" portion for data sharing is farrrrr too easily obtained to consider it an actually functional security barrier. :P

Oh and in this day and age I believe unfortunately disclaimers are necessary: this is nothing personal or specifically against you, your venture or your app. (I actually use your app and was one of the first beta testers. :P) Just a generic point of view and concern that doing this may open a can of worms long-term. :)

schusterlich commented 2 months ago

Hey Liroy & others,

Thanks for the quick response :)

Regarding "If there's going to be direct data sharing": Part of your reasoning is why I did not suggest direct integration. It's important to keep people informed and have everything be opt-in instead of opt-out, with the opt-in being voluntary. Apart from that, I do generally think that explicit legal consent is a fair option for everyone. However, I did not suggest direct integration anyway 😌

Regarding "If it does not concern direct data sharing from Trio to Cockpit but only an in-app button of sorts": Fair point. This question hinges on whether you, as a team of maintainers, think there is value for people in this app specifically - and this is up to you.

Regarding "Last but not least": Trying to detect other apps on the phone is strongly discouraged by Apple because this practice would allow apps from other big companies, like Instagram, to collect information on all installed apps on your phone. Even indirect detection via URL schemes would permanently kick you out of the app into the phone browser regularly. Hence, this is not a good solution for any user experience, and for very good reason.

Most importantly, I'm not here to convince you or sell you something. I'm here to offer what was thought could be a good addition of one project to the next. If the Trio community is not feeling it, that's totally fine with me, and we can leave it here. I’d rather everyone focus on creating value than get into lengthy discussions that pull people away from it :)

I'm happy to hear you personally seem to find value in Cockpit, and should you as a group feel that it would be a good addition to include the free pro version upgrade of Cockpit, I'm obviously happy about it, and I'm sure we can find a good and safe way of doing so.

Hope you have a good day! And thanks for the work you all do :)

Best, Lukas

On 16.05.2024, at 00:06, Liroy van Hoewijk @.***> wrote:

Thanks for the feedback Lukas. Happy to entertain a discussion/air some of my personal concerns.

If there's going to be direct data sharing: I oppose any data sharing without explicit consent and understanding, which would be illegal.

Thing is, that's typically the crux. Such things are covered by and governed in the Privacy Policy and thus if that was "clearly consented to" (though nobody reads that stuff, but that's on them.) when installing the app: consent is technically and legally pretty much already addressed prior to any such new integrations as proposed. But that doesn't mean people really understand the implication of linking even more data to it through Trio and stuff like that is honestly what concerns me the most. The policy states that the collected (medical) data may be shared with and/or sold to third-parties and be used for an array of commercial purposes, about which I personally feel integration with such commercial efforts should be avoided in FOSS-applications - especially those that handle extraordinary sensitive data such as Trio. (To be even more frank, if we want to actually keep it pure: Trio should probably include a warning with integrations such as Nightscout as well to warn users that (portions of) the data will leave the app and will be governed by the privacy policy of whichever company, person or organization hosts your Nightscout.)

If it does not concern direct data sharing from Trio to Cockpit but only an in-app button of sorts: I personally don't really see the use of that. There's multiple apps for diabetes patients, such as yours, Sugarmate, Tidepool (though their app is more of an upload vessel, lol) but even Dexcom Clarity and whatnot. I personally feel that it's best to avoid de facto in-app advertisements to other apps unless it's really absolutely necessary and very useful. (And to be clear: I don't think your app is not useful, don't get me wrong - but an in-app button linking to your app wouldn't really add anything at all other than a link to a, from a grande perspective, random application). The data can be shared through Apple Health - with full control over the data you do/don't want to feed the app and extra terms set by Apple. Furthermore I'm concerned with a snowball effect: make such a button for one application and others come circling around to get the same treatment and all of course allegedly for the greater good of the loop community. (Which may me be good intentioned but may also be just a cashgrab in a nice wrapper :P You know how it can go sometimes. :)) Next thing you know there's all kinds of buttons to all kinds of apps, links to all kinds of services, etc. and if you don't then you get the discussion "why them but not me? :(" and so on and on.

Last but not least: 'Since the app is for this community, I want to offer it for free to members. A simple way to enable this is through a community status, activated by the deep link Theresa mentioned.' If the primary drive behind this is to ensure members of the looping diabetes community can get a free membership, couldn't you just reverse this? :) Try to detect Trio, Loop or iAPS on the phone. Detected? Grant free membership. Not detected (anymore)? Do not grant free membership.

Ergo, TL;DR:

If it's direct data sharing, I think this should be handled with care (and thinking about it, I believe a warning should be placed with Nightscout and Tidepool integrations as well) and be explicitly opt-in on Trio's side as the app must be able to protect itself rather than relying on the third-party app to do the protecting of the data If it's not direct data sharing: then at the end of the day its just an advertisement button for one out of many apps on the market (both free as well as paid) and I don't think it's wise to entertain that. The button then doesn't serve any purpose other than driving traffic to it. I don't want to deny you new users, but I also believe Trio and other FOSS apps should not be the place for this. But that is just that: my personal opinion. If the whole point of this is just for giving away free memberships to users, detecting Trio, Loop or even iAPS from Cockpit would make more sense to me. (One place to alter the code, instead of 3 or more places to alter code. :)) Btw, I'm just one of the users and I'm just a single opinion. :) Maybe nobody else feels the same, maybe others think it's an absolutely fantastic idea and/or see no reason to think it could be harmful or become a nuisance eventually. But I'm very wary about integrating links to other apps; most notably commercial apps as it feels like a de facto advertisement then. On top of that, I greatly value proper privacy/data protection and the "consent" portion for data sharing is farrrrr too easily obtained to consider it an actually functional security barrier. :P

Oh and in this day and age I believe unfortunately disclaimers are necessary: this is nothing personal or specifically against you, your venture or your app. (I actually use your app and was one of the first beta testers. :P) Just a generic point of view and concern that doing this may open a can of worms long-term. :)

— Reply to this email directly, view it on GitHub https://github.com/nightscout/Trio/issues/193#issuecomment-2113530084, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABNQ3YABJRX73UQZNNO5KM3ZCPL65AVCNFSM6AAAAABHYT7ZFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJTGUZTAMBYGQ. You are receiving this because you were mentioned.

pheltzel commented 1 month ago

I think we should absolutely explore options that would let users more easily view and gain insight on their BG and treatment data to help reduce the burden of manually calculating this data. To me, that's the main part of the equation in automating treatment that's missing -- and that most users struggle with. Obviously we want to be cautious and transparent around privacy, but if you opt-in to make use of the data, that's the user's call. I hope we are not dismissing this idea out of hand. That is a mistake imo. Appreciate @tmhastings introducing this and @schusterlich's offer and thoughts on it as well.

schusterlich commented 1 month ago

Thanks for the kind response, im def happy to jump on a call! Lets all grab a coffee or tea and have a chat :)?

Best, Lukas

On 17.05.2024, at 17:44, Paul Heltzel @.***> wrote:

I think we should absolutely explore options that would let users more easily view and gain insight on their BG and treatment data to help reduce the burden of manually calculating this data. To me, that's the main part of the equation in automating treatment that's missing -- and that most users struggle with. Obviously we want to be cautious and transparent around privacy, but if you opt-in to make use of the data, that's the user's call. I hope we are not dismissing this idea out of hand. That is a mistake imo. Appreciate @tmhastings https://github.com/tmhastings introducing this and @schusterlich https://github.com/schusterlich's offer and thoughts on it as well.

— Reply to this email directly, view it on GitHub https://github.com/nightscout/Trio/issues/193#issuecomment-2117878248, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABNQ3YCOUVALNI4NLPJBY5LZCYQWTAVCNFSM6AAAAABHYT7ZFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJXHA3TQMRUHA. You are receiving this because you were mentioned.

Sjoerd-Bo3 commented 1 week ago

hey 👋 - silence for 30 days 🤐 ... anybody? triage is required!

schusterlich commented 1 week ago

Let’s go! Would be cool to e-meet you for a coffee :)How does next week look for you?Best, LukasSent from my iPhoneOn 04.07.2024, at 03:12, Sjoerd Bozon @.***> wrote: hey 👋 - silence for 30 days 🤐 ... anybody? triage is required!

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

Sjoerd-Bo3 commented 1 week ago

Let’s go! Would be cool to e-meet you for a coffee :)How does next week look for you?Best, LukasSent from my iPhoneOn 04.07.2024, at 03:12, Sjoerd Bozon @.> wrote: hey 👋 - silence for 30 days 🤐 ... anybody? triage is required! —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.>

We can arrange something, but after 1.0.0 Not at this moment. This was an automated message