A report by the Financial Times seems to assert that Apple let app developers compile customer data from iPhone users without their permission. This is not a new story, but it shows that those of us who have denied permission to track apps can still be tracked, thanks to a loophole.
When privacy...is not
Apple's resolution to introduce app tracking privacy controls produced much controversy and a huge setback for Fb. The latter even complained that it would complicate life for small businesses. Apple took a while, but introduced it anyway.
The way the feature works is that the moment an app asks for permission to track your activity on other companies' apps and sites, it must grant the permission. Most people say no, which means that the entities that want to pursue you and what you do should have many setbacks to do so.
The theory is that this denies companies that make money collecting, retaining and selling your information the right to track what you do online. But it seems that certain developers have found what could be a loophole in the system, a loophole that the Financial Times report suggests that Apple lets developers exploit.
What lagoon is used?
The report asserts that Facebook and Snapchat exploit a loophole in Apple's guidelines in a way that I think undermines the spirit, if not the rules, around tracking.
Apple's specific developer guidelines for fingerprinting and other technologies designed to identify a device or user say:
“Under the Apple Developer Program licensing agreement, you cannot extract data from a device for the purpose of uniquely identifying it. Examples of user or device data include, but are not restricted to: properties of a user's internet browser and its settings, user's device and settings, user's location, or user's network connection. Applications that participate in this practice or that reference the SDK (including but not limited to promotional networks, attribution and analytics services) may be rejected on the App Store.
The flaw is that services like Snap and Fb have altered the way they digest data to create anonymous user pools, rather than identifying individuals.
The way it works, supposedly, is that they still aggregate your information, but don't share "unique and recognizable" data. Instead, they summarize what they call "signals" from an iPhone at the group level, allowing them to target groups of users. Personal data is anonymized and unique identifiers are supposedly not summarized.
Facebook's Sheryl Sandberg said the company is also working to rebuild its promotional infrastructure "using more aggregated or anonymous data."
What this means in practice is that a person who regularly purchases online at Target may be included (albeit anonymously) in a cohort of those who do so, but should not have a "customer of the service". Target” next to her name in the file.
One rule to call them all
Even if it doesn't work that way.
This MIT Technology Review report gives you a rather gruesome perspective on how even anonymous data can be exploited to create substantial amounts of information about.
We know from bitter experience that surveillance capitalists will seek to transform any amount of information into actionable data that they can then sell to others. Those who acquire that data often employ AI and their existing data stacks to develop stacks of information about. This means that the target buyer is going to receive tailored ads, even if they have asked not to be followed.
Although absolutely no one, technically, has broken the rules.
I think it is a hiatus in an ongoing war. Apple always and at all times affirms that it thinks that the best way to protect people's data is not to summarize it first. It has made privacy a mainstay of its product offering. We know that the battle for privacy, like security, is eternal. Whenever Apple improves it, others will try to undermine it, as it seems to be happening here.
What is lacking is regulation.
Crush your system
I believe the loophole used here violates the spirit and hopes of Apple's rule that this data "cannot be combined with other data to track a user across apps and sites owned by other companies, unless the user gives it permission." has given permission to track". "
While Apple's app tracking controls represent an improvement in user privacy, I don't think an ordinary person on the street would understand the nuance differences; They could not easily understand why this loophole appears to be authorized.
With this in mind, Apple should tighten its privacy protections. I think we will probably see it act to warn future app developers against such a bending of its rules, probably at WWDC.
Apple's ban cites its development program license pact.
This strongly suggests that it reserves the right to punish developers who go against the spirit of this pact. There should be consequences for companies that choose to undermine end-user protection.
Should Apple remove your friend from…Fb?
It wouldn't be the first time Apple has threatened to fire Fb. He did so for the last time after finding out that family slaves were being sold on Fb's Instagram service.
So will Apple start Fb from its servers for supposedly undermining the spirit of its developer pact?
Not if you're to think of the Financial Times: The report suggests that Apple winces at the practice. He also says that while Apple did not respond to questions, it said that privacy "remains its star in the north."
My feeling? Perhaps it is time for Apple to make a symbolic case to illustrate what privacy is serious about. It means punishing those who violate the spirit of your developer contract. It is time to test the privacy promise of applications distributed through the App Store.
Follow me on Twitter or join me at the AppleHolic Bar & Grill and the Apple Discussion Sets on MeWe.
Copyright © two thousand twenty-one IDG Communications, Inc.