Here's a Reddit thread of other people experiencing the same issue: https://www.reddit.com/r/ios/comments/1su82sc/headspace_app_...
Here's a Reddit thread of other people experiencing the same issue: https://www.reddit.com/r/ios/comments/1su82sc/headspace_app_...
This is fascinating. I am very curious to find out what the actual cause of this turns out to be.
same. i get blasted with ads for this app on whatever platform, never installed it myself. the amount of promotions + this = my underdeveloped brain is so ready to assume the worst here. been a while since i used my pitchfork & i'm here for the riot.
if it is, in fact, something nefarious at play that would be a pretty crazy 2026 era exploit. but i'm certain it's a bug/artifact of some sort that, for whatever reason, affects this specific app.
Maybe the developer was using Headspace as part of the test data and it bled into production?
It's hard to imagine what Headspace would like to achieve if this were an exploit executed by them. It's so salient, that it makes no sense to do on purpose. At least some portion of Apple employees and their families are going to be affected by this, and this would escalate to the legal department immediately.
My money is on Apple being the buggy one here.
> My money is on Apple being the buggy one here.
Yeah I'm thinking some sort of test artifact bleeding into prod and subject so some nightly process is likely the case.
This seems like a good guess. Seems like it was deployed Thursday based on the app reviews
I feel sorry for the headspace devs if it's really 100% Apple's fault.
I wish Apple released incident reports in cases like these. I hate that their secrecy obsession extends so far beyond hardware.
It downloaded itself on my phone as well. I thought it was some quirk with the Apple Watch sync because I used to have headspace installed at some point and that automatically shows up on the Apple Watch but deleting an app on the iPhone doesn’t always delete the corresponding Apple Watch app. So if you open headspace on the Apple Watch I assumed it redownloaded itself on the iPhone.
Based on that I'd guess either a meditation app company has figured out how to circumvent a lot of controls put in place by Apple, or it's a bug on Apple's side
Yeah, I think the latter is more likely than the former. Perhaps a server side bug that's silently downloading the app on any device that's installed it previously?
But why this one specific app and no others?
Maybe it’s like that time Apple thought everyone wanted that awful free U2 album that they automatically added to everyone’s iTunes library. (I know this isn’t actually the case but it’s the funniest explanation)
Maybe it’s Apple’s equivalent of Guru Meditation.
Maybe Apple typo’d an app id incorrectly for some iOS core app thing in 26.4.2 and the one-character error is this app? I don’t know that anyone’s done a ‘likelihood of collision’ analysis on appstore unique IDs yet. Certainly I could see iOS having a “must be on the device” system set up for apps like Phone and Settings that has a last-ditch of reinstalling it if somehow deleted. Would be especially interesting if some core app that can’t normally be deleted is currently unprotected (back up your device locally first!).
Right, that's what confuses me the most. I was very surprised to find the reddit thread showing that other people are also having this specific app silently installed on their devices.
Headspace leaves health data, that's where my first guess would be
My guess is it's a bug on the App Store side which will actually hurt Headspace in the long run. If this was a casino app I'd feel a bit differently, but I'd be shocked if someone at Headspace did this deliberately.
I'm trying to imagine the headspace of a user who deletes an app, only to see it pop back the next morning. Probably not a very relaxing experience :)
Or it is a mandated backdoor, and someone internally objected, and made it easier to exploit than it should be, or leaked how to exploit it?
> mandated backdoor
Probably one from the repository of backdoors "accidentally" introduced or "never" discovered.
The mechanism's there, just needs to be woven with other exploits.
Makes no sense for headspace to be using it if that were the case.
[dead]
looks like, no where its safea anymore