Apart from synching which feeds you are following and the app settings using iCloud (which only Apple have access to), Heartfeed doesn’t connect any data allowing it to identify any individual users. As a matter of fact, it doesn’t collect any data at all (with one potential exception, explained below); the app runs fully on your iOS device when it retrieves feeds/news, with no server interaction whatsoever (apart from pulling down the feeds from the feed sources, of course!).

The one exception mentioned is if you in the settings allow to share your feeds for usage in the top list available inside the app. If you allow this, this will happen:

  • A unique for the device UUID (Universally Unique Identifier) is generated. This is completely random and has no info/data about the user, the device or anything. It is only used so the app on a single device can only contribute its configured feeds once.
  • The feed list is uploaded to my server.
  • If feeds are changed (and you still allow sharing of feeds), the new feed list is uploaded using the same UUID
  • Whenever I upload a new version of Heartfeed, I include a list with the most used feeds in the app so other users can more easily find (hopefully) interesting feeds.

No IP or any such thing is recorded when a file is uploaded; the result is just that a file with the name name <UUID>.txt appears on my server with no trace of who uploaded it or any such thing; no logging is done for where it came from. All such lists are then added together to produce the top list.

Note that to avoid anything making it possible to identify users or somesuch (which I have no interest in), if you use the app on two separate devices the configured feeds will both contribute to the top list (if you’ve allowed this in the settings for each device) since I intentionally do not synch the UUID as an app setting through iCloud; it’s unique per device, so both devices will produce an identical file (if you synch which feeds you subscribe to through iCloud) but with different names. This of course means the top list will not strictly speaking be correct since multiple-device users will slant the statistics, but the top list is only there as a help for finding feeds, not to be perfect 🙂

If you have more questions concerning privacy or similar things, just contact me and I can tell you exactly what happens inside Heartfeed!