In the past decade, Apple has positioned itself as a privacy-first company. It has butted heads with law enforcement for encrypting people’s phones, messages, and FaceTime calls, and battled Facebook over its creepy ad-tracking practices. But Apple’s business model is also shifting.
For years, Cupertino has made its money by selling expensive hardware—iPhones, iPads, and Macs. However, it has recently pushed to boost its profits by increasing its services, such as subscriptions to Apple Music, iCloud, and Apple TV. And its advertising business is quickly growing.
As a result, Apple’s users are starting to see more ads inside some of Apple’s apps. Apple has always collected some data about its customers—as all businesses do—but its increasing push into services and advertising opens the door for more potential data collection.
“I look at Apple as a positive game changer when we talk about privacy,” says Pernille Tranberg, cofounder of Danish think tank Data Ethics EU. Tranberg says that Apple was the first to block third-party tracking cookies in its browser and has generally put people’s privacy first, although it is not without controversy. “I think they are responsible for a lot of positive [privacy] change. They have actually been doing stuff before it was demanded by the law.”
However, as the company grows its advertising business, there is likely to be increased scrutiny around its practices and the information it has about you. Here’s what you need to know about Apple’s data collection.
The data Apple collects about you is outlined in its privacy policy, which runs to about 4,000 words. (That’s a similar length to other Big Tech firms.) This policy broadly outlines what Apple collects about you, which can include information you provide plus data from some third parties.
Apple also has multiple privacy guides for its individual products and apps, which more specifically outline how they collect and use data. There are around 80 of these privacy outlines, ranging from Apple’s advertising and research programs to Apple Books and sports. The guides are linked within apps and are online. While some information is repeated, in total they hit around 70,000 words—around a novel’s worth of legalese.
Apple’s privacy policy and its extra information guides all start in a similar way: each declaring that the company believes “strongly in fundamental privacy rights” and tries to minimize the amount of data it collects. (Broadly speaking, it collects a lot less information than Google or Facebook and has backed up its claims that it is privacy-focused.)
When you start using Apple’s products, it collects information about you. This can include data needed to sign up to its services or buy products, such as your name, email address, the Apple ID that you create, and your payment details. This kind of information is gathered by almost all businesses you buy things from.
Apple’s privacy policy also says it can collect data on how you use your devices. This can include the apps you use, searches within Apple’s apps, such as the App Store, and analytics or crash data. Other information Apple can collect about you—often only with your permission first—can include your location information, health information, and fitness information. “You are not required to provide the personal data that we have requested. However, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to requests you may have,” Apple’s privacy policy says. In short, if you want to use some of Apple’s own apps, then you may need to hand some data over for them to work.
In many instances, Apple says it has designed its systems to process much of your data on your iPhone or iPad and not send it back to the company’s servers. Game Center, for example, recommends friends to you based on the information on your phone and isn’t sent to Apple. Spending summaries created by Apple Card, which are based on your transaction history, are made on your phone, Apple says.
It also says it has introduced techniques to stop it from collecting too much information about you. While it’s likely you need to let Apple access your real-time location to use many of its map features (your location, time of request, device model and software version, the map view on your screen, and search terms are collected), the company says Apple Maps use is linked to an “identifier that rotates multiple times per hour” and isn’t linked to your Apple ID. This makes it harder to identify you individually. “Because your location can give away your identity, we convert precise locations to less-exact locations within 24 hours,” the company’s privacy documents for Maps say.
For Apple Books, “identifiers” such as a phone’s hardware ID and IP address, as well as your Apple ID, are logged by the company when you download a book. However, your reading activity itself is assigned to unique identifiers, “so that Apple does not learn a particular user’s reading activity.”
Apple started selling ads within the App Store back in 2016, but has expanded advertising presence to the Apple News, Stocks, and Apple TV apps. These ads can appear when you search for things in the App Store’s Today tab and while you browse the apps. Apple says more than 600 million people use the App Store each week, meaning its prime ad real estate.
These ads can take two forms: contextual ads (if you’re searching for a to-do list app, ads may be shown for this type of ad), or personalized ads based on your interests and data. Apple’s policies say the company doesn’t combine its data with that from other companies, known as third-party data. Instead, it just uses the data it collects to show you ads. Many in the advertising industry believe this first-party data may be the next frontier of advertising. “The competition will be about first-party cookies or first-party data, and that’s what Apple is collecting a lot of,” Tranberg says. “That’s all the data you give a company yourself when you sign up to a service or when you use a service.”
Apple says contextual ads within its apps are shown based on your device information (such as keyboard language and mobile carrier), your location data if you have shared it with the apps, the searches you make in the App Store, or the “type of story” you read in News and Stocks apps.
In contrast, when people have personalized advertising turned on, they’re lumped into groups of at least 5,000 people who “share similar characteristics” and then shown ads. (Google is building a broadly similar system for its Chrome browser.) These segments can be based on your name, address, age, gender, and devices registered to your Apple ID. It also uses the music, movies, books, TV shows, and apps you download.
When I turned on personalized ads (I had previously turned them off), Apple’s ad targeting information says I am included in segments based on my age (from my date of birth), my gender (which may be inferred if I have not told Apple), and location (based on my registered postcode). Apple also listed my interests broadly as 10 different categories for apps—including productivity, sport, news, and business. For movies, I am included in the Action and Adventure category, as well as Sci-Fi and Fantasy.
The company’s documentation also says that App Store “browsing activity” is also used to help determine ads that can be shown to you. “App Store browsing activity includes the content and apps you tap and view while browsing the App Store. This information is aggregated across users so that it does not identify you,” the company’s documents say.
This data has the potential to be extensive. “Everything is monitored and sent to Apple almost in real time,” says Tommy Mysk, an app developer and security researcher who runs the software company Mysk with fellow developer Talal Haj Bakry. In November, the Mysk researchers demonstrated how taps on the screen were logged when using the App Store. Their follow-up research demonstrated that analytics data could be used to identify people.
“The App Store is special because there’s no other option,” Mysk says. “There is no other choice. If you don’t like the privacy statement of Apple Music, fine. You can use Spotify—there are alternatives. To the App Store, there is nothing.”
The research has resulted in two class actions against Apple. Separately, France’s data regulator has fined Apple for its advertising practices. Apple spokesperson Shane Bauer says the company was “disappointed” with the French decision and plans to appeal. “Apple Search Ads goes further than any other digital advertising platform we are aware of by providing users with a clear choice as to whether or not they would like personalized ads,” Bauer says. “Additionally, Apple Search Ads never tracks users across 3rd party apps and websites, and only uses first-party data to personalize ads.”
Bauer adds that privacy protections are built into all its apps. “Identifiable information is never shared with third parties and is not used to track users across apps and websites,” Bauer says. “All data used for advertising purposes is disassociated from personal identifiers, and Apple Advertising operates on the basis of de-identified data.”
Apple says that during the first quarter of last year, 78 percent of searches in the App Store where people could have been shown ads were from devices that had personalized ads turned off—the “conversion rate” for advertisers is basically the same for personalized ads and contextual ads, it says.
Apple’s policy for Siri says that if you use the service, your requests are associated with a random identifier and not your Apple ID. Apple also produces “computer-generated transcripts of your Siri requests” to understand you better. The company says the random identifier it uses isn’t linked to any of your other Apple data, isn’t sold, and isn’t used to build a “marketing profile.”
It’s possible to opt out of Apple showing you personalized ads in the App Stores, News, TV, and Stocks apps. If you want to turn off Apple’s personalized ads on iOS, you can do so by going to Settings > Privacy & Security > Apple Advertising and toggling off Personalized Ads. In this menu it’s also possible, if you have personalization on, to view the ad targeting information that Apple uses to show certain ads to you.
Two places where Apple uses your data for ads—the Apple News and Stocks apps—can have their individual settings tweaked to change the identifiers that are linked to you. Within Settings and then each app’s details, you can toggle on the option to reset identifiers that are reported to publishers.
In the Privacy & Security section of Apple’s settings, it may also be worth considering Analytics & Improvements. Within this setting, you can stop Apple’s collection of iPhone and iCloud analytics data, which it says are used to help it improve its products and services. If you want to get the data that Apple has on you, it can be accessed through the company’s download tool.
Albert Fox Cahn, the executive director of the civil rights and privacy group Surveillance Technology Oversight Project, says Apple should do more to highlight its recently announced encrypted iCloud backups. “Many users don’t realize just how vulnerable iCloud data (including device backups and messages) are by default,” Cahn says.
Equally, it’s worth taking some time to review the permissions for your other apps and devices’ sensors in the Privacy & Security section. It’s possible to change your location settings, reviewing what apps can see your location and when; stop third-party apps, such as Facebook, from tracking you across your iPhone; and see what permissions you’ve given to which apps.
https://www.wired.co.uk/
Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy. The app economy in 2023 hit a few snags, as consumer spending last year dropped for the first time by 2% to $167 billion, according to data.ai’s “State of Mobile” report. However, […]
In a financial filing on Thursday, T-Mobile revealed that a hacker accessed a trove of personal data belonging to 37 million customers. The telecom giant said that the “bad actor” started stealing the data, which includes “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of […]
Reddit has confirmed hackers accessed internal documents and source code following a “highly-targeted” phishing attack. A post by Reddit CTO Christopher Slowe, or KeyserSosa, explained that on February 5 the company became aware of the “sophisticated” attack targeting Reddit employees. He says that an as-yet-unidentified attacker sent “plausible-sounding prompts,” which redirected employees to a website masquerading as Reddit’s […]
Leave a Reply