[DEV] If Simply Plural is still on your phone, leave it installed for now

If you still have Simply Plural installed on your iPhone or Android phone, I recommend leaving it exactly as it is for now. Please don’t uninstall it, and don’t clear its app data.

Reason: The app still functions in offline mode after the shutdown. That indicates at least some data is stored locally on the device. I’m currently investigating whether that local data can be accessed and recovered.

I’m posting this here because it touches the same problem that comes up often in DeGoogling and privacy work: users cannot retrieve/export data that has become trapped inside closed apps, cloud-dependent services, or platform-specific storage. When a service shuts down, the safest first move is often to preserve the device state before trying anything destructive.

I want to be very clear: I do not know yet whether recovery will be possible. I’m not announcing a solution, and I don’t want to give anyone false hope. This post is simply about preserving your options while we investigate.

This investigation is effectively two separate projects, Android-based and iOS-based. Android and iPhone store application data differently, and each platform has its own security model. A recovery method that works on one platform may not work on the other, so both need to be researched independently.

If you uninstall the app or clear its storage now, any locally stored data may be permanently lost. If you leave the app installed, there is at least a chance that recovery will still be possible if a method is found.

For now, the safest course is simple:

- Leave the app installed.
- Do not clear its data.
- Try an export from the app if you still can.
- Back up your phone before making changes.

Disclosure: [DEV] I maintain PluralBridge, an open-source project related to preserving and migrating Simply Plural export data. Any tools, documentation, or research from this investigation will be published publicly. I used AI assistance to help edit the wording of this post.

reddit.com
u/Sharky_J_Yellowfish — 2 days ago

PSA: Don't uninstall Simply Plural if it's still on your phone

If you still have Simply Plural installed, I recommend leaving it exactly as it is for now. Please don't uninstall it, and don't clear its app data.

The reason is that the app still functions in offline mode after the shutdown. That indicates at least some data is stored locally on the device. I'm currently investigating whether that local data can be accessed and recovered.

I want to be very clear: I do not know yet whether recovery will be possible. I'm not announcing a solution, and I don't want to give anyone false hope. This post is simply about preserving your options while we investigate.

Unfortunately, this investigation is effectively two separate projects. Android and iPhone store application data differently, and each platform has its own security model. A recovery method that works on one platform may not work on the other, so both need to be researched independently.

If you uninstall the app or clear its storage now, any locally stored data may be permanently lost. If you leave the app installed, there is at least a chance that recovery will still be possible if a method is found.

I'll share what I learn with the community as the investigation progresses, whether the news is encouraging or not. Any tools, documentation, or research that come out of this effort will be published in the public PluralBridge repository so the work is open and available to everyone.

If you have experience with Android or iPhone application forensics, backups, embedded databases, or mobile data recovery and would like to help investigate, I'd be grateful for the collaboration.

For now, the best advice I can offer is simple: if Simply Plural is still installed on your phone, leave it there.

reddit.com
u/Sharky_J_Yellowfish — 3 days ago
▲ 2 r/foss

GPL-3.0 data portability project looking for contributors/reviewers in auth, consent, audit, and import design

I’m building PluralBridge, a GPL-3.0 open-source data portability project for plural Systems.

The immediate need came from Simply Plural shutting down on July 1. A lot of people need a durable way to preserve, inspect, and eventually migrate their own exported data without handing private System data to a closed service or a black-box importer.

The project has moved past the initial proof/demo stage. The next work is foundational engineering: account boundaries, authorization, consent, audit, and privacy-sensitive import processing.

Audience for this post: FOSS contributors and reviewers who are interested in helping build or review the architecture.

Current help-wanted lanes:

  • user management and account lifecycle
  • authentication and authorization
  • Account-to-System membership
  • RBAC / ABAC / policy-based authorization
  • ReBAC / relationship-based access investigation
  • consent and revocation modeling
  • audit trail design
  • separation of diagnostic logging from evidence-grade audit
  • privacy-sensitive import pipelines
  • import job ledgers
  • import/export as explicit processing purposes
  • scalable REST API / Azure hosting
  • .NET / C# implementation
  • security review and threat modeling

The repo has the usual project basics in place: README, contributing guidance, GPL-3.0 license, and security policy. The current goal is careful architecture and implementation review before the next layer gets built.

GitHub / Git repository: https://github.com/needsofmany/PluralBridge

Moderator guidance welcome if contributor calls belong somewhere else.

u/Sharky_J_Yellowfish — 22 days ago

Designing security and audit boundaries for a privacy-sensitive data portability app

I’m working on the high-level design and architecture of a browser app that I am developing to fill the vacuum of a similar app that is closing up shop on July 1. The app consists of a web client front end, a REST API service on the backend, and Azure as the scalable data store and API service hosting.

I am one of the users of the app that is shutting down, so while I have a solid understanding and black-box design, I grossly underestimated the scale. I was led to believe that the subscriber base came in at 100K subscribers, and that the concurrency was below 5K. I have since learned that in fact there are 500K subscribers and concurrency of 10-15K users at any time.

Given these new scaling assumptions and the privacy-sensitive data, I need to rethink scalability and security. In addition, I need to consider that 500K users / 10-15K concurrent users may be the low end. I don’t want to have to come back to the drawing board and do another redesign. I am currently working through the architecture for this system and would appreciate feedback on the user/security model before implementation gets too far along.

The system started as a data-preservation use case: users, such as myself, need to export their data before the service closes down for good. That was actually the easy part. The harder design problem is that the data is sensitive, may not always map cleanly to one individual owner, and needs to be able to address different communities with different rules around consent, shared access, privacy, support roles, and auditability.

The thing I want to avoid is building a simple “user logs in, admin manages everything” model that works for an early prototype but becomes the wrong foundation later.

The main architecture questions I’m wrestling with are:

  • I am leaning toward treating each System as the primary security, privacy, import, and audit boundary. Does that seem like the right boundary, or is there a better model?
  • How should I model shared ownership when data may belong to a group rather than a single person?
  • Would you start with RBAC, ABAC, policy-based authorization, or a hybrid?
  • How would you model consent and revocation so that it is invoked when needed, but is abstracted from the business layer of the code?
  • What belongs in an audit trail versus ordinary diagnostic logs?
  • How do you make audit records useful for event accountability without turning the audit system itself into a privacy risk or “noise pollution”?
  • What early decisions would you avoid because they become painful if the system later has to scale?

While this isn’t strictly a medical app — data is private as in any app, but not because of HIPAA — it may need to support health-adjacent or clinical data. I want to avoid treating identity, consent, and auditability as adornments or “flair.”

For people who have designed systems with sensitive user data, multi-tenant boundaries, shared access, or audit requirements: what architecture patterns would you consider first, and what traps would you avoid?

reddit.com
u/Sharky_J_Yellowfish — 22 days ago
▲ 17 r/SimplyPlural+1 crossposts

PluralBridge: export help now, import path in progress for Simply Plural Systems

Hi everyone,

We're working on PluralBridge, an independent project focused on helping Systems preserve and move their own data as the Simply Plural shutdown approaches.

The first priority is export safety. A lot of people need help getting their Simply Plural data out before the July 1 deadline, so we’ve put together public export guidance here:

https://thepluralbridge.org/

The next priority is import. We’re building PluralBridge so Simply Plural Systems have a place to go with their exported data, rather than being left with a file and no clear path forward. The project is still under active development, and the current hosted demo uses anonymized data only.

A few important boundaries:

Please do not send us Simply Plural tokens, passwords, export files, private System data, or screenshots with private information. PluralBridge is being built around privacy and data ownership, and we do not want people handing over sensitive data in public threads or DMs.

PluralBridge is an independent project. It is not affiliated with Simply Plural or Apparyllis.

For general contact: info@thepluralbridge.org
For support/export help: support@thepluralbridge.org

The goal is simple: help Systems get their data out safely now, then keep building the bridge toward import and migration.

u/Sharky_J_Yellowfish — 21 days ago