The Fotogroep Waalre app (called “Photo Club Waalre” in English) has a new version on the Apple App Store. Starting with v2.1.0 the app’s source code is now also available on a public GitHub repository.
This was a matter of conforming to GitHub conventions (like having a markdown readme file). But it took quite some work to make a version that is functionally indistinguishable from the App Store version, but avoids exposing personal data of photo club members.
It may sound strange to have two version, where one has access some additional sensitive data, but there is no difference visible in the user interface. The story is that the App Store version indeed reads in a small amount of information (like phone numbers) that are currently not used by the app. The data is part of an existing file, and might be used in the future for password-protected features. So, without doing anything special, anyone with the source code would, if they cared, have gotten access to this data.
Technically this posed quite a challenge. It was solved by having two versions of a URL: the public URL is used by the GitHub version, the private URL is used by the App Store version. The private URL is actually on GitHub, but is stored there in encrypted form. Actually the only difference between both ”versions” of the app is whether the private URL is encrypted. Software then detects that it is encrypted and uses the secondary URL. See our GitCrypt article for the details how all this works.