Tell HN: An app is silently installing itself on my iPhone every day

Posted by _-x-_ 13 hours ago

Every day for the past 3 days around 1pm EST the 'Headspace' app has been silently appearing on my iPhone (13 Pro). Automatic downloads are turned off and I've updated to the latest iOS since this started happening.

I googled around and found a couple reddit threads with people reporting the exact same thing starting 2 or 3 days ago. There were reports from people on iPhone 12 and iPhone 17 so it doesn't seem device-specific.

Anyone else seeing this? Does anyone understand how or why this is happening?

322 points | 124 commentspage 2

1659447091 9 hours ago|

Do you use iCloud drive?

This might be a stretch as I am taking a guess at the implementation, but apps can sync with iCloud Drive and I keep getting app folders showing up after telling it not sync but the prefs reset after certain states(not quite sure when/how)-- it then creates a new sync folder when interacting with the app again. (after having turned off sync and deleting the folder -- once it resets)

I am wondering if that app had that feature (icloud drive syncing) and something of the reverse is happening. Where you have a document still on icloud drive from when you installed the app. Maybe there is some action or state change going on after interacting with drive on a mac or something similar. And now it's created the right circumstances for icloud drive to try and sync the file but there is no app on any device so it downloads the app instead since it's missing and there is some dangling file looking for its home.

_-x-_ 9 hours ago|

It still doesn't make sense why the app started silently downloading itself 3 days ago when I haven't had it installed in over a year. I do use iCloud drive but do not see anything related to the app inside of it.

1659447091 9 hours ago||

Did you update iOS before it started happening? Wondering if they may have introduced a regression that is now trying to re-sync everything after the last update (sync files may be hidden, I set files to always show)

_-x-_ 8 hours ago||

I updated after noticing the issue

altairprime 9 hours ago||

The iOS reviews for the app also confirm this story affecting others.

k310 12 hours ago||

Did you ever install it, or Ginger?

An app store search also turned up "Headspace Care" (Ginger)

Ginger is now Headspace Care

It would be beyond malware for an app to install itself, since there's that app store hurdle to leap. (IMO)

_-x-_ 11 hours ago|

I installed the app in March of last year, and then deleted it the same day because I didn't want to pay for the subscription

bastawhiz 9 hours ago||

Do you have MDM enabled on your device? Does your company offer Headspace as a perk and some arcane set of sketchy business agreements led to auto install policy in your company's MDM solution?

_-x-_ 9 hours ago|

No MDM installed

whilenot-dev 7 hours ago||

I think it's worth mentioning that you had the app installed around a year ago, as I can imagine some "restore from backup" scenario at play.

I'm currently with a 13 mini (26.4.2), never had this app installed, and am not encountering this issue.

ddxv 8 hours ago||

If anyone wants to browse some of the SDKs in headspace:

https://appgoblin.info/apps/493145008/sdks

I see normal development and tracking SDKs. If anyone sees something interesting let me know.

speedgoose 8 hours ago||

The Facebook Ads SDK in a mental health app isn’t normal. Or shouldn’t.

Even analytics SDKs is a bit weird to see. Are Amplitude or Sentry hosting data with a healthcare compliant infrastructure ? I won’t bet. Are those SDKs for sure not leaking health care data? It can be inadvertently, especially with Sentry. But I really wonder about why people feel the need to track so much. Do they **** in front of PowerPoint slides showing the tracking data or is it to sell user data?

rkachowski 7 hours ago||

They are normal. They generally want to know if the ad spend resulted in an install. Health care data is radioactive and they would be fucking up very hard if sending this to an analytics service.

speedgoose 7 hours ago|||

I have seen studies where some apps were fucking up very hard and sending healthcare data to services that shouldn’t receive it. Sometimes in clear text.

My trust is very low. Having healthcare data in a Sentry payload by mistake happens to the best of us.

hansvm 7 hours ago|||

Health care companies are radioactively affected by mishandling healthcare data (give or take practical impact being very toothless, especially nowadays). The data itself is mostly not an issue though under any legal theories, and if Joe Schmo hedge fund digs up your colon photos that's not usually an issue.

concinds 6 hours ago||

I never thought there would be online SDK databases, what a useful resource in general. Thank you.

a34729t 10 hours ago||

I would call Apple support; you might even get an engineer call you back. I am sure they would love to know what the hell is going on.

rglover 12 hours ago||

If you've ever installed any companion app on your desktop macOS, your phone will try to sync apps (I think the same with Apple TV). Caught me off guard a few times.

_-x-_ 11 hours ago|

No, I've never downloaded it on my desktop. It appears that I downloaded it onto my phone over a year ago (I got an email in my inbox), but didn't want to pay for it so I deleted it.

dagmx 8 hours ago||

I’m curious if everyone experiencing this is on 26.4.2? It came out 4 days ago according to Wikipedia…it would make sense that it lines up with when people are seeing it start.

I’m on the 26.5 beta and not seeing it at all.

orf 5 hours ago|

Does it happen when WiFi and mobile data are disabled? Try disabling them an hour or so before 1pm EST.

If it still appears then it was never removed in the first place, which is a very different bug to it installing itself.

More comments...