How does HealthKit actually share data? - ios

On the Apple's HealthKit Framework official site it says that
"The HealthKit data is not saved to iCloud or synced across multiple devices. The data is only kept locally on the user’s device."
If it's stored locally and never synced with a cloud then it means that I cannot share it with other users. But then Apple says that it's possible to share your data with your doctors as Epic and Mayo clinic are Apple's partners. How is this possible?
And also, how does the data come from wearable devices to the phone?
It's very confusing.
I would be grateful if anyone could explain that because Apple and others basically say the same things and no one explains how that really works.

HealthKit is a data repository that apps from the App Store use to share health data. The user may choose to authorize an app to read or write HealthKit data. For example, an app from Withings can write weight measurements from its wireless scale to HealthKit and then Strava may read those weight measurements to keep your profile on their site up-to-date. This is how apps share data using HealthKit.

Related

Is there a workaround for CloudKit storing its private database on the user's iCloud account?

Similar to this post: Is privately-stored data in CloudKit stored on the user's iCloud account?.
I was wondering if there is a way to bi-pass this, so that individuals iCloud accounts aren't being charged?..
My team is in the process of designing an MVP iOS SaaS app. We are planning to charge businesses for the data (photos and videos) users are storing on their phones. We are thinking of tracking this via the businesses url, similar to slack's workspace url. And are not sure if CloudKit is the right fit for this use case.
We are want to see if anyone had any recommendations on backend/cloud services to start out with that also won't been a major pain scaling from in the future.
CloudKit seems to have a lot of added native value, I can just see it potentially hindering the business model in the future for being able to charge businesses data amounts per a "workspace".
Is there a workaround for CloudKit storing its private database on the user's iCloud account?
Or would you recommend a different cloud service/backend all together (such as EC2, PostgreSQL, Firebase, Firestore, GCP..)?
Thanks,
Zack

Can data of third-party apps synced to Apple Health be retreived via HealthKit

I am researching the feasibility of an iOS app that can collect data from multiple brands of wearable devices. I am only interested in devices that have apps that are able to sync with Apple Health. Does Apple Health uses HealthKit store to store the data it synced from third-party apps so that I can access it from my iOS app?
Any third-party app can save data to Apple Health using the HealthKit APIs, but it's also possible for an app to ignore HealthKit entirely and keep their wearable device data in their own proprietary system. Apple doesn't automatically ingest all third-party health/wearable data into HealthKit.
It's up to the third-party apps to save their data to HealthKit (and for the user to grant permission to these apps to save the data). Your own iOS app will be able to fetch any data that other apps do save to HealthKit (again, assuming the user grants your own app permission to read data). Each HealthKit sample contains a sourceRevision property that describes the app/device that generated the sample, and you can display that information to your user, filter your queries by that source, etc.

Can the healthkit data leave the iOS device?

Am creating a health related app.
Using healthkit, i can access user health information.
But can i extract the lab data and process it on the server side?
Can we send iOS healthkit data through api server and process data on server side?
I found this thread, some responses from Apple's team
"The short answer is no. The nature of health information is very personal, so we want to keep it as private as possible. This is taken from the HealthKit Framework Documentation:
"The HealthKit data is only kept locally on the user’s device. For security, the HealthKit store is encrypted when the device is not unlocked. The HealthKit store can only be accessed by an authorized app. You cannot access HealthKit from extensions (like the Today view) or from a WatchKit app."
Here's a link to the rest of the documentation, I recommend reading through the HealthKit and Privacy section for some more detail.
Hope that Helps!"
Reference: https://developer.apple.com/forums/thread/11860

App review rejection. How to use CloudKit? Or what is CloudKit for?

I am developing a chat app that uses CloudKit to authenticate the users, store data on the cloud and then exchange content between users.
Initially, according to the reviewer following guideline was breached when asking user to have an iCloud account setup on the device to make use of app entire set of functionality.
5.1 Privacy
5.1.1 Data collection and storage
(ii) If your app doesn’t include significant account-based features, let people use it without a log-in. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law.
On a phone call I explained to him the app allows the user to open it, navigate around. But wont allow the user to create chat rooms or upload/share data within the rooms as it needs CloudKit authentication to store the data to then share it between users. According paragraph (ii) that was a significant account based feature to require authentication. He was fine with that.
Then he said he would still not be able to approve the app because CloudKit should only be used if the app intends to store data on the cloud. Data like, documents, photos, etc... according to him a chat app (WhatsApp a example) that stores images and text on the cloud to then share it between users is not actually storing data on the cloud and for that reason should not be using CloudKit and would be a definitive rejection.
Designing for CloudKit documentation says:
You can represent all the persistent model objects in your app using a CloudKit schema. However, the CloudKit framework should not be used to replace model objects in your app and should not be used for storing objects locally. It is a service for moving data to and from iCloud and sharing data between users of your app.
Not seeing where is my breach when the app:
only asks the user to authenticate when a core feature of the app is
called
uses the authentication to store messages, images, etc... in
the users iCloud account
uses the authentication to exchange this data that has been stored between users
After investing huge amounts of time and money in the app it is hard to accept a permanent rejection for such an odd reason. There is no documentation to sustain his argument or stop us from investing time/money with CloudKit wrongly.
Not sure where to go from here. Anyone with similar issue when using CloudKit?

iOS: What restrictions are there on data gathering from within an app?

I have an app that I did as a proof of concept and put on the app store just to gain experience going through the process but it turns out, it gets quite a few downloads, probably 30 a week. No Angry Birds but the app is very specific on the data it provides. It's a free app and what I would like to do now is gather some data on the users - how often they use it, where they are, what information they are searching and saving. I have no intention of touching personal data but I'd like to be able to aggregate what all the users are doing and see if there's any value in that.
Is this permitted in an iOS app? I see reports where apps are gathering more data than that (like Path pulling all your contacts) and I would think what I am looking to do is pretty standard.
Any advice is appreciated.
Check the App Store approval guidelines. That is the best resource you have.
https://developer.apple.com/appstore/resources/approval/guidelines.html
A few excerpts that may be relevant to you:
Location
4.1 Apps that do not notify and obtain user consent before collecting, transmitting, or using location data will be rejected
4.2 Apps that use location-based APIs for automatic or autonomous control of vehicles, aircraft, or other devices will be rejected
4.3 Apps that use location-based APIs for dispatch, fleet management, or emergency services will be rejected
4.4 Location data can only be used when directly relevant to the features and services provided by the App to the user or to support
approved advertising uses
Privacy
17.1 Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to
information about how and where the data will be used
17.2 Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
17.3 Apps that target minors for data collection will be rejected
Independent of what the guideline says, you should be mindful of your users privacy. As long as you don't pin the information you collect to individual users, I guess you might be fine.
Regarding location data, the guideline states you can't collect for analytical purposes if it is not relevant to the app's usage. However, it is referring to the gps data. You can obtain location for analytical purposes through network access information.

Resources