back to article Apple to require privacy policy on all apps

Apple will require all apps developers to include a privacy policy that outlines what they will do with their users' data, starting October 3. The new policy was announced this week on the company's developer forum and will affect all apps, including those under testing. As well as requiring a policy to exist, Apple also notes …

  1. Anonymous Coward
    Anonymous Coward

    4 Lane Privacy Highway

    Apple outspoken Privacy advocate, even if this App move seems symbolic.

    Google caught slurping MasterCard transactions in a secret backroom deal.

    Facebook the number #1 sociopath train rolls on with Zuck in total denial.

    Microsoft execs claim not to slurp/sell user data. Nadalla confirms they do.

    1. Anonymous Coward
      Anonymous Coward

      Re: 4 Lane Privacy Highway

      Weird, as Google forced developers to do this over a year ago. That does seem to fit your highway, so just pretend it's not true, and what the internet told you must be true....

    2. Michael Jarve

      Re: 4 Lane Privacy Highway

      What you're seeing here is the difference between a services company, e.g. The Facebook, et al, and a products company. Google, etc. make their bread on the long tail of monetizing the consumer to other customers via behavioral profiling and advertising, whereas Apple's gravy is the immediate gratification of purchasing an expensive piece of jewelry that they profit from immediately. If The Facebook and sundry had an option/business model where they charged each customer $700-$1000 upfront every 2-3 years for their glorified BBS/email service, and did not make their money selling personal data to any comer, I'm sure they'd be just as resolute in their protection of intimate personal data. If Apple sold their cell phones and watches at a loss (hold your laughter) and made up for it selling the buyer's intimate details to any comer, they'd be singing a different tune.

      As it is, it's different business models. There is nothing for nothing- pay for it up front, or pay for it with your privacy.

      Samsung and its ilk are a bit different- some try to have the best (from the shareholder's perspective) of both worlds, buying into Google's data gorging operations for next to nothing, but also charging the up-front premium of Apple's walled-garden for their product. Good for them, I say. They have it figured out that in most cases you can get them coming and going. That said, there are some cases where I think Apple, being Apple, could say in their advertisements, in 72-point impact font "WE SELL ALL YOUR INFORMATION TO WALL STREET AND ISIS, AT AMAZING PROFIT!!!!!" and it would only increase sales.

      1. imaginarynumber

        Re: 4 Lane Privacy Highway

        Apple don't need to sniff their customers' data but they are happy to in the pursuit of profits.

        When promoting their iAD advertising platform, they bragged that they knew what apps customers use, how and when they use them.

        Advertisers were able to target punters based on age, gender, location, income, previous advert engagement.

        1. Anonymous Coward
          Anonymous Coward

          Re: 4 Lane Privacy Highway

          When promoting their iAD advertising platform, they bragged that they knew what apps customers use, how and when they use them.

          Advertisers were able to target punters based on age, gender, location, income, previous advert engagement.

          Apple have since realised that it is far more profitable for them to promote privacy.

          I'm OK with self interest if it aligns with my needs. Apple's gear saves me a lot of time. It's not just easier to secure a full platform with Apple (mobile, tablet, desk/laptop), it's also considerably easier to maintain it that way. Add to that a TCO that actually comes out better than other platforms and it wasn't a difficult choice for us.

          That said, we have the luxury of a fully Open Standards based backbone, so integrating Apple's gear into that is easy. If you're using proprietary standards (or those that pretend to be Open but aren't), your options may differ also because large scale (Enterprise) management of MacOS and iOS devices is IMHO still primitive in comparison to, for instance, Windows platforms.

        2. gnasher729 Silver badge

          Re: 4 Lane Privacy Highway

          iAd is dead. Apple has taken technical measures now so that a random app cannot find out what other applications are installed on your device (only if you give Apple a list of those apps, and give them a good reason why you should know if these apps are installed. For example, if you want the user to be able to send emails to your support, then you can check whether the Mail app is installed).

          1. Anonymous Coward
            Anonymous Coward

            Re: 4 Lane Privacy Highway

            "iAd is dead. "

            No it's been rebranded and gone underground. You might want to go and read apples privacy policy, they still sell anonymous data build from your browser and location history, just like Google, Facebook and Microsoft does..

            "We may also use personal information for internal purposes such as auditing, data analysis, and research to improve Apple’s products, services, and customer communications."

            "Ads that are delivered by Apple’s advertising platform may appear in Apple News and in the App Store. If you do not wish to receive ads targeted to your interests from Apple's advertising platform, you can choose to enable Limit Ad Tracking"

            "Apple and our partners also use cookies and other technologies to remember personal information when you use our website, online services, and applications"

            "we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data."

            "To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device"

      2. joed

        Re: 4 Lane Privacy Highway

        "What you're seeing here is the difference between a services company, e.g." - so where does the MS stand? They charge you for OS and snoop regardless of the upfront revenue. Double dipping?

    3. gnasher729 Silver badge

      Re: 4 Lane Privacy Highway

      Well, looking at this, I can't help noticing that Apple is not Google, Apple is not Facebook, and Apple is not Microsoft.

  2. Phil Endecott

    How about this:

    This app doesn’t collect any data.

    1. Charles 9

      That's only possible with local-only apps like a text editor or a sensor reader. Anything interactive MUST collect data as a matter of course, and usually use that data. There's a lot of potential for weaseling just from that, no matter what laws you put in place.

      The ONLY way you can prevent something like an e-tailer from collecting and PII is to trust a third party to do it for them. But that just shifts the burden, resulting in a "Quis custodiet ipsos custodes?" situation, which last I checked is an intractable problem. Commerce requires trust at some point, and that trust can always be betrayed.

      1. Anonymous Coward
        Anonymous Coward

        re: Anything interactive MUST collect data as a matter of course, and usually use that data

        Really?????

        Are you saying that any app that I interact with will collect my data?

        I beg to differ. I've tested a good number of interactive apps using my home network and a packet sniffer.

        My home firewall locks everything down pretty tight so when I get a new app, I have to open up the firewall so that it can be used by the app when my phone is on WiFi.

        Things like timetable lookups and where my train is right now don't sniff my data.

        I'm not saying that all apps don't slurp my data but to say that "Anything interactive MUST collect data as a matter of course, and usually use that data" is clearly wrong. Some apps do and some apps don't.

        1. Another User

          Re: re: Anything interactive MUST collect data as a matter of course, and usually use that data

          ‘Timetable lookup”. For convenience the app will ask you for your location as this is likely to be the place where you want to lookup the timetable.

          So collection of PII.

          You are using the app in two different cities. Now the app vendor could sell the data to a train company and you will get special offers.

          In a Facebook way the app could ask for your contact list so that your contacts could be offered cheap fares to visit your on your birthday.

          I guess this looks like a prime example why privacy rules need to be in place.

        2. gnasher729 Silver badge

          Re: re: Anything interactive MUST collect data as a matter of course, and usually use that data

          "Are you saying that any app that I interact with will collect my data?"

          No. What he is saying is that any app that you use interactively, needs to get _some_ data from you. Just today I used the Maps application to get directions from one place to another. The directions come from Apple's server, and took a major traffic jam into consideration (which unfortunately took the life of a bycicle rider). Apple needed my starting location and my destination, otherwise they wouldn't be able to give directions.

          The privacy statement is there to tell me what Apple does with my start and end location. Clearly Apple must _receive_ that data, but there is no good reason why they would keep that information. Same for all the other information that other companies receive.

          1. Richard 12 Silver badge

            Re: re: Anything interactive MUST collect data as a matter of course, and usually use that data

            Why must Apple receive that data?

            My satnav has no outbound connections of any kind, yet is perfectly capable of doing the same job you describe.

            It receives broadcast traffic reports and applies them to its map. I can update the map by downloading a file containing "All of country or region X" and installing it.

            So why does any central authority need to be told anything at all about any of my journeys?

            1. Anonymous Coward
              Anonymous Coward

              Re: re: Anything interactive MUST collect data as a matter of course, and usually use that data

              Apple as pumping you location data into Apple maps trying to make it a viable competitor to Google maps (they have a long way to go!!)

              Wonderd why your battery life was crap? Even when you aren't using Apple maps, they are tracking your location and sending it to the mothership which then gets monitised and fed into Apple maps...

              It's mentioned by Apple engineers here, and it's also in the privacy policy (but well hidden), it's also mandatory and can't be switched off...

              "It’s doing this by using first-party data gathered by iPhones "

              https://techcrunch.com/2018/06/29/apple-is-rebuilding-maps-from-the-ground-up/?guccounter=1

              1. Dan 55 Silver badge
                FAIL

                Re: re: Anything interactive MUST collect data as a matter of course, and usually use that data

                1) Why on Earth would it suck up your battery life, your location is uploaded when only when Apple Maps is running and used to improve only Apple Maps?

                Quote from your own link:

                “We specifically don’t collect data, even from point A to point B,” notes Cue. “We collect data — when we do it — in an anonymous fashion, in subsections of the whole, so we couldn’t even say that there is a person that went from point A to point B. We’re collecting the segments of it. As you can imagine, that’s always been a key part of doing this. Honestly, we don’t think it buys us anything [to collect more]. We’re not losing any features or capabilities by doing this.”

                The segments that he is referring to are sliced out of any given person’s navigation session. [i.e. only when Apple Maps is running] Neither the beginning or the end of any trip is ever transmitted to Apple. Rotating identifiers, not personal information, are assigned to any data or requests sent to Apple and it augments the “ground truth” data provided by its own mapping vehicles with this “probe data” sent back from iPhones.

                Because only random segments of any person’s drive is ever sent and that data is completely anonymized, there is never a way to tell if any trip was ever a single individual. The local system signs the IDs and only it knows to whom that ID refers. Apple is working very hard here to not know anything about its users. This kind of privacy can’t be added on at the end, it has to be woven in at the ground level.

                2) Of course you are also aware that Google slurp your location all the time, not even just when Google Maps is running. The best you can get is going to your Google Account settings and clearing location history and then flipping the switches to not update your location history. That means you can't see your location history on the dashboard, but Google still know what it is. And what do Google do with all collected data? Yes, they monetise it via their ad network.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: re: Anything interactive MUST collect data as a matter of course, and usually use that data

                  You know that location services are OPT IN on Android right? It's in the initial setup process. If you are a tinfoil hat nutter, or a criminal, you can always just not tick to say you want it...

                  Me, I use it alot, it's handy for filling in timesheets when I forget what time I got to work.. you also get slot of handy location context services. I also don't have anything to hide, and don't give a hoot if advertisers have anonymized data on me for advertising purposes, as if I have to see adverts, I would rather see relevant ones...

                  1. Dan 55 Silver badge

                    Re: re: Anything interactive MUST collect data as a matter of course, and usually use that data

                    Of course they're not opt in, and you know that.

                    Google responds to location-stalking outcry by… tweaking words on its BS support page

                    Google has responded to an outcry over how it continues to keep a record on people's whereabouts – even when they specifically opt-out – by changing the word of its misleading help page.

                    And a whole article which makes it pretty clear that location services are a) opt out and b) hidden under obscure settings.

                    Bloke hurls sueball over Google's 'is it off yet?' location data slurping

                    Security researchers confirmed that even when users turn off "location history" in their settings, Google still merrily gathers information on where those users are, saving it all to personal profiles.

                    The class-action case, filed shortly after the AP's report was published, alleges this activity is in violation of the California Invasion of Privacy Act (CIPA).

                    "Google's conduct is contrary to users' reasonable expectations of privacy," the lawsuit stated. "Despite the recognized sensitivity of location data, Google collects this data against the express wishes and expectations of its users," it added.

                    [...]

                    "As recently publicly revealed, turning off 'Location History' only stopped Google from creating a location timeline that the user could view," the case said. "Google, however, continues to track the phone owners and keep a record of their locations."

                    Google risks mega-fine in EU over location 'stalking'

                    Several privacy watchers agree that as it stands, users are misled, and can't give informed consent. That exposes the company to financial penalty under GDPR rules: which could be 2 per cent or 4 per cent of turnover.

                    "Burying its stalking settings, while distracting users with a deliberately crippled 'Location history' button, isn't just deceitful - it's unlawful," campaigner Phil Booth opined. "Without proper consent or legitimate purpose, Google is breaching the GDPR rights of every EU citizen it has been tracking.

                    Google keeps tracking you even when you specifically tell it not to: Maps, Search won't take no for an answer

                    Google has admitted that its option to "pause" the gathering of your location data doesn’t apply to its Maps and Search apps – which will continue to track you even when you specifically choose to halt such monitoring.

                    Researchers at Princeton University in the US this week confirmed on both Android handhelds and iPhones that even if you go into your smartphone's settings and turn off "location history", Google continues to snoop on your whereabouts and save it to your personal profile.

                    That may seem contradictory, however, Google assured the Associated Press that it is all fine and above-board because the small print says the search biz will keep tracking you regardless.

            2. Kevin Johnston

              Re: re: Anything interactive MUST collect data as a matter of course, and usually use that data

              I think there is some confusion here because of the wording used. Collect can mean simply Receive/Use/Discard or it could mean Receive/Store

              There would be a lot less wiggle-room if people were to use words which more clearly explained which side of the fence such as 'Gather and retain your data' for the slurpers or 'only make use of your responses within the app' for the minimalists.

              Obviously this will never come to pass as the slurpers will want to blur the lines as much as possible so that the less observant users give more permission than they would otherwise.

          2. Pascal Monett Silver badge

            Re: Apple needed my starting location and my destination

            Well of course it did, but that doesn't mean you were at the starting point. Not until you start using Apple GPS, obviously.

            I can check out the road from New York to Philadelphia, but I live in France, so any consideration that I am at either of those locations is wrong. Of course, I'm guessing that >90% of such consultations is done by people who actually are at the starting point, so the assumption must be generally right, but still : until you've turned on your GPS, the app is not supposed to know where you are.

            @Richard 12 : your SatNav is a complete package, with self-contained maps (that you should be able to update). A smartphone may have maps for "offline" use with certain apps, but generally they use the server for the data and for navigation.

  3. ecofeco Silver badge
    FAIL

    Oh well, that will show them!

    How about a privacy policy that mandates real privacy?

  4. spold Silver badge

    Abridged too far

    The full headline is "Apple to require privacy policy no-one will read on all apps".

  5. Anonymous Coward
    Anonymous Coward

    Your privacy is very important to us

    PS: Don't forget to pick up the cream for your rash on the way home.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like