Sunrise Calendar receives security update following backlash

sunrise calendar

One of our favorite calendar apps, Sunrise Calendar, received a minor but important update today. The app has been reworked to no longer send your Apple credentials—for those who use iCloud Calendar—to their third-party servers.

The update follows a spell of user backlash, spearheaded by a handful of prominent iOS developers who criticized the app for requiring users to offer up their Apple IDs and passwords and then sending them to non-Apple servers…

Shortly after we published our post on the backlash earlier this week, Sunrise Calendar CEO Pierre Valade informed us that they were already working on a fix to send Apple ID info directly Apple and hoped it would be out this week.

The update went live this morning, along with this post from the Sunrise blog:

“We’ve updated the Sunrise app (version 2.11) to never send the Apple credentials to our servers, as suggested by our community. The update is now live.
Security and user’s privacy are very important to us and we are grateful to the community for the suggestions we’ve received on that issue.”

And here are the release notes from the App Store regarding the update:

Dear user,

This update brings security improvements.

A bigger update will be available in a few weeks, thanks for your support and feedback!

– Team Sunrise
@sunrise / 

These security improvements should be enough to put water on the fire. Even though the app still requests your iCloud info, it no longer sends it to third-party servers—servers that were exposed in the high profile MongoHQ hack last fall.

Though there’s no immediate risk, we’d recommend current Sunrise Calendar users to grab this security update from the App Store. And a big high five goes out to the Sunrise team for addressing user concerns both quickly and efficiently.