Apple Is Atrocious for Your Privacy

Apple is often perceived as a privacy white knight. A shining beacon of hope in the technology landscape. The one company that truly cares about your privacy. The one company that will go to great lengths to defend it from those who are eager to violate it. Through their flowery marketing and advertising campaigns, they have convinced the most gullible of us that they are different from their competitors. They have convinced us that, unlike other big tech companies, they have no interest in your data and that they have a business model to prove this. All of this is a lie.

Apple collects every piece of data that they are capable of about their users. This includes but is not limited to location, IP address, browsing records, search history, app data, product interaction, payment information, messaging metadata, music library, playlists, play and pause times, songs played, personal demographics, salary, income, assets and even health data. Not only is Apple willing to share your personal data with third parties, but they are willing to monetize it by tracking and targeting you with ads. To say that they are a privacy alternative to their competitors is laughable. Apple does not truly care about your privacy nor are they much different from other big tech companies. What they do care about is increasing shareholder value. One need only to refer to their privacy policy to confirm what Apple truly values. However, Apple tricks the public into believing that their true privacy policy is located at https://www.apple.com/privacy/ when in fact this is just more of their deceptive marketing material and is not only disingenuous, but an affront to those seeking information about Apple's practices. To find the actual legal document regarding Apple's privacy practices, users must navigate to https://www.apple.com/legal/privacy. However, even this does not afford the full scope of Apple's data collection when using their products. To know the extent of it, users must locate the individual data policies for each of Apple's products and services. None of these are easy to find for the average person. Often, they are linked in sub-pages in no apparent order.

You may have heard or read about the new privacy labels for apps featured in the iOS and Mac App Stores. If you have not, think of them as something that gives a rundown of an app's privacy policy. Apple's privacy labels are akin to nutrition facts for food, which tell us how many calories, how much fat, sodium, protein, fiber or nutrients foods contain. The privacy labels have three categories: Data Used to Track You, Data Linked to You, and Data Not Linked to You, with bullet points for each detailing what the app has going on under the surface. A label might reveal that an app wants to collect your location data, financial details, and contact information, and links all of that to an in-service account or identifiers like your device's ID number. The label might also show that the app goes a step farther and shares that information with other companies to track you across their websites and services as well. Sounds useful, no? But is it fair? Do these same privacy labels apply to Apple's own apps, specifically those that are installed by default on all iPhones? Sadly, the answer is “no.” You can only find the privacy labels for these on a web page that lists them. Even more inexcusable is that privacy labels are designed in a way that gives Apple's own apps special treatment because their data practices are defined as first party and do not constitute tracking according to Apple's definitions. For instance, Apple states that your personal data is not shared with third parties for their own marketing purposes. However, what comprises personal or non-personal data is not concrete. Apple considers their advertising ID to be non-personal, but third party developers use it to track and target you across the web and apps owned by other companies. Wouldn't you consider an Operating System level identifier like Apple's advertising ID to be quite personal?

Apple also allows third party developers to collect your precise location without disclosing it to you. Normally, developers would have to disclose this practice, but a loophole allows them to circumvent this. So long as they de-identify and coarsen your location, everything goes. As per Apple's own definition, coarse location is information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places. It is impossible, however, to de-identify your location info as your location, technically speaking, is your identity. The pattern of places you have been to at a given time is unique and numerous studies have proven that anonymous location databases are nothing more than a vain hope. Apple may not want third party developers augmenting their databases with personally identifiable data, but Apple certainly reserves that right for itself. It combines the non-personal data obtained through a variety of technologies with the personal data they already possess. In this sense, they are refusing to hold themselves to the same standards they set for others.

Another popular service that Apple touts as private and secure is iCloud. They flaunt it as being “built with industry-standard security technologies, employs strict policies to protect your information, and is leading the industry by adopting privacy-preserving technologies like end-to-end encryption for your data.” This is more lip service and this stance only applies if users don't back up their data to iCloud. Apple and others can, in fact, have full access to every bit of information you store in iCloud as a back up because Apple possesses the keys to decrypt that information. iCloud is not at all private from Apple, the government or law enforcement agencies. As many security experts have stated, iCloud is just someone else's computer. By definition and when referring to it in the technology sense, the cloud can be a single or multiple servers that can be accessed through the internet. My readers might be thinking, “but didn't Apple at one point plan to support end-to-end encryption (E2EE) for user data in iCloud?” They certainly did and this would have been fantastic for their users because it would have meant that their data would be kept secret (encrypted) until it reaches them. But Apple didn't execute their plan and reneged when the FBI complained that it would prevent them from accessing user data for investigative purposes. Not only that, but Apple willingly complies with government requests for user data. Apple's own transparency report from 2020 shows that they complied with 82 percent of US government data requests.

Despite what they would have you believe, Apple is not your friend. Apple does not care about your privacy. They are a publicly traded corporation that does care about one thing: profit. Do not trust them. Instead, choose and support those that prove they do respect your privacy rather than try to impress and deceive you with superfluous marketing and PR talk.

Other sources:

Developer Guidelines for Privacy Practices Apple Advertising App Store Apple Pay Apple Music iCloud

Signed – He Who Fights for the User