'Privacy. That’s Apple,’ the slogan proclaims. New research from Aalto University in Finland begs to differ.
The researchers studied eight default apps, the ones that are pretty much unavoidable on a new device, be it a computer, tablet or mobile phone: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My and Touch ID. They collected all publicly available privacy-related information on these apps, from technical documentation to privacy policies and user manuals.
'Due to the way the user interface is designed, users don’t know what is going on. For example, the user is given the option to enable or not enable Siri, Apple’s virtual assistant. But enabling only refers to whether you use Siri’s voice control. Siri collects data in the background from other apps you use, regardless of your choice, unless you understand how to go into the settings and specifically change that,’ says Associate Professor Janne Lindqvist, head of the computer science department at Aalto.
'The online instructions for restricting data access are very complex and confusing, and the steps required are scattered in different places. There’s no clear direction on whether to go to the app settings, the central settings – or even both,’ says Amel Bourdoucen, a doctoral researcher at Aalto.
In addition, the instructions didn’t list all the necessary steps or explain how collected data is processed.
The researchers also demonstrated these problems experimentally. They interviewed users and asked them to try changing the settings.
‘It turned out that the participants weren’t able to prevent any of the apps from sharing their data with other applications or the service provider,’ Bourdoucen says.
Everyone knows when Apple says privacy they just mean from others.
deleted by creator
Interesting (kinda) coincidence. I’ve just switched from Android back to iPhone, after about 10 years away from the platform.
But I use an always-on Wireguard VPN back to my home network, with my DNS set to my Pi-hole servers and my firewall rules blocking access to all external DNS servers, except from my Pi-holes for upstream resolution.
I’m yet to do some p-caps to see what I’m missing in this setup - while I’m confident it did a great job of protecting me from a lot of Google’s data-harvesting shenanigans, I’m yet to investigate what I need to do to achieve a similar outcome for my iPhone.
deleted by creator
if you disable “Allow Apps to Request to Track”, it prevents non-Apple apps from tracking entirely cross-site/apps.
Thanks for that - great tip for new players.
This sounds like an exaggeration though.
To me it seems like these researchers are saying the switch is confusing and complicated. That is not to say that Apple secretly collect data after lying to their users.
The problem with Siri, first example, is more about Apple’s (characteristic) terminology garbage. Siri’s voice control has nothing to do with Siri’s search suggestion, yet they marketed both as Siri. Actually, you can turn them both off, but since the voice control is just called Siri, they confused their users.
That’s different from "collecting data even when supposedly disabled.
(Tbf, even if they were better termed, my mom would still manage to confuse herself… mo matter what Apple do, the average user won’t be able to turn off anything.)
That said, there’s no point trying to convince someone on the internet anyway, and so I don’t really know why I wrote this comment.
Depends on whether you consider dark-patterns to be “lying”. If a normal user would reasonably think that data isn’t being collected based on the settings they chose, then is it dishonest for them to still be collecting data? Is it good enough for them to say “well we technically never said that disabling X disabled all the invasive functionality needed to do X.”
Depends on whether you consider dark-patterns to be “lying”
https://www.apple.com/privacy/ “Privacy. That’s Apple.”. That and then doing dark patterns, I consider that lying, yes.
Maybe this research and language is intended to suggest that there is a point past which “confusingly and unintuitively designed” strongly resembles “intentionally deceiving”? We’re probably not going to get internal emails saying “make it complicated so that we can collect users’ data”.
Also, researchers don’t really control how university press departments write up their results. Even less so when they’re interviewed by media.
Addendum: Apple takes great pride in UI and user-centered design, and lately they have been highlighting privacy as a differentiator from Android. Maybe they just dropped the ball, maybe people don’t care, maybe people aren’t very bright. Still, some people have questions:)
Maybe this research and language is intended to suggest that there is a point past which “confusingly and unintuitively designed” strongly resembles “intentionally deceiving”? We’re probably not going to get internal emails saying “make it complicated so that we can collect users’ data”.
This is Apple that pride themselves on UX as you mention. They mainstreamed opinionated design. If they do it a certain way there is a reason, which is not always with the user’s interests in mind. It’s not because Bob in development couldn’t think of a better way. Other brands might get away with that excuse but not Apple.
Of course Apple collect data. The reason they wanted to prevent other apps from collecting data was so only they can use their data, and their ad network could have an advantage over the others.
Yes, they have an ad network, and want to significantly expand it: https://proton.me/blog/apple-ad-company, https://www.forbes.com/sites/johnkoetsier/2021/10/19/apples-ad-network-is-the-biggest-beneficiary-of-apples-new-marketing-rules-report/, https://digiday.com/media-buying/apples-expanding-ad-ambitions-a-closer-look-at-its-journey-toward-a-comprehensive-ad-tech-stack/
Obviously a Google phone will be at least as bad, but I’m curious how de-googled Android forks like graphene would fare.
Much better for sure.
Also a lot less functionality of course.
I’ve been running graphene for almost a year I think, and I haven’t had to make any functional sacrifices. Though I was already not using Google’s voice assistant features.
I have to agree, I never used the VA features. I was prepared to have issues with banking apps and such but found myself not having issues with even those.
I was kinda expecting that sooner or later. Although it seems that it is only the basic interaction metadata - device info, crash logs, etc.