The Fotogroep Waalre app (called “Photo Club Waalre” in English) has a new version on the Apple App Store. Starting with v2.1.0 the app’s source code is now also available on a public GitHub repository.
This was a matter of conforming to GitHub conventions (like having a markdown readme file). But it took quite some work to make a version that is functionally indistinguishable from the App Store version, but avoids exposing personal data of photo club members.
It may sound strange to have two version, where one has access to some additional sensitive data, but there is no visible difference in the user interface. The story is that the App Store version reads in a little bit of information (like phone numbers) that are currently not used by the app. That data is part of an existing file, and might be used in the future for password-protected features. So, without any additional measures, anyone with the source code would, if they wanted and new how, have access to this data.
Technically this posed a challenge. It was solved by having two versions of a URL: the public URL is used by the GitHub version, the private URL is used by the App Store version. The private URL is actually on GitHub, but is stored there in encrypted (and thus non-working) form. Actually the only difference between both ”versions” of the app is whether the file containing the private URL is encrypted. Software then detects that it is encrypted and uses a fallback URL. See our GitCrypt article for more details on how this works.