|
| 1 | +--- |
| 2 | +title: Apple's "Privacy Nutrition Labels" are a Gift to Scam Apps |
| 3 | +--- |
| 4 | + |
| 5 | +### "App Privacy" should give users verified information, instead of a false sense of security |
| 6 | + |
| 7 | +With the recent release of iOS 14, Apple enabled a new feature called "App Privacy" (or "[Privacy Nutrition Labels](https://www.seattletimes.com/business/technology/new-from-apple-at-wwdc-hand-washing-alerts-iphone-widgets-and-privacy-nutrition-labels/)") in the App Store, which supposedly shows users what information apps collect, and how that information is used. For example, you might have seen people making fun of the Facebook app's long App Privacy section - like the tweet below: |
| 8 | + |
| 9 | + |
| 10 | + |
| 11 | +This, on the surface, *seems* like a win for consumer privacy. |
| 12 | + |
| 13 | +So why is the App Store's App Privacy actually terrible for user privacy? |
| 14 | +### Flaw #1: For popular apps, App Privacy doesn't actually tell us anything we don't already know |
| 15 | +At this moment in 2020, the fact that Facebook is bad for privacy is already well-known. There are countless articles, documentaries, and reports about the many ways that Facebook exploits user data. Even Mark Zuckerberg admitted this: |
| 16 | + |
| 17 | +>  |
| 18 | +
|
| 19 | +So while App Privacy does make Apple *look good* via viral tweets like the one above, there is little to no new information here for users. People aren't on Facebook because they think Facebook respects privacy, people are on Facebook because it's hard to get all their friends to move to a different social network at the same time ("network effects"), and it has nothing to do with privacy. Nobody *wants* to be on Facebook, everyone*knows* it's horrible for privacy - and showing users this long App Privacy list doesn't actually change anything. |
| 20 | + |
| 21 | +As a thought experiment for the usefulness of App Privacy, imagine that Facebook changed their App Privacy and wrote that they didn't collect any user information. Of course, nobody would believe them. For well-known apps, App Privacy at best only confirms what users already know. |
| 22 | + |
| 23 | +### Flaw #2: For other apps, App Privacy incentivizes dishonesty because it's self-reported |
| 24 | +For apps that aren't as popular, App Privacy is detrimental for privacy, because Apple relies entirely on the app developer to be honest about their privacy practices. This creates bad incentives - it's like asking restaurants to do their own health inspections and provide their own health scores. |
| 25 | + |
| 26 | +Let's say a user is searching for a new email app, and is choosing between two candidates on the App Store. One is created by a dishonest developer who fully intends to sell user emails to as many third parties as they can, and the other is created by an honest developer who only uses anonymized analytics in their app. Here's what happens: |
| 27 | + |
| 28 | + |
| 29 | + |
| 30 | +In this situation, both the dishonest and the honest email apps collect basic, anonymized analytics. The dishonest app also secretly sells user emails to third parties. The dishonest app, however, writes in their App Privacy that they don't collect or sell *any* data, while the honest app admits that they collect basic analytics data. So a user shopping for apps reads the App Privacy for both apps, decides that they want to "maximize their privacy", and downloads the dishonest app. The end result is that the contents of their emails are sold to third-parties. |
| 31 | + |
| 32 | +Apple doesn't verify any of the App Privacy information that app developers submit - because they *can't*. *There is currently no way for Apple to know what an app does with user data after the data is sent to the app.* But by drumming up hype about "App Privacy" and **calling it equivalent to "Privacy Nutrition Labels", Apple very strongly implies that the privacy information is vetted, when that is absolutely false**. This creates a false sense of security. |
| 33 | + |
| 34 | +Unfortunately, Apple is further disincentivized to remove dishonest apps, because ill-gotten profits from selling user data go back to buying App Store Search Ads, where they can rope in even more user data. By doing this, the dishonest apps are essentially bribing Apple to show up first in App Store search results. I previously wrote about the magnitude of top-selling apps doing exactly this on the App Store [here](/2020/11/25/how-to-make-80000.html). The App Store's "scam apps" problem has only gotten worse, and App Privacy will help them seem more legitimate than ever before to unsuspecting users. |
| 35 | + |
| 36 | +### App Store's "App Privacy" takes an old idea and makes it worse |
| 37 | +In a nutshell, Apple's App Privacy is amplifying the worst privacy invention ever - the Privacy Policy, aka the "We Pinky-Promise to Not Steal Your Data" document. Privacy Policies are bad not just because they're impossible to enforce and easy to abuse, but also because they're not [legally binding](https://ir.lawnet.fordham.edu/iplj/vol27/iss1/5/), and in the rare case that violations are caught, [the](https://www.abine.com/blog/2012/facebook-privacy-violated-by-new-ads/) [penalties](https://www.theverge.com/2018/4/24/17275994/yahoo-sec-fine-2014-data-breach-35-million) [are](https://uk.reuters.com/article/us-facebook-france/facebook-fined-150000-euros-by-french-data-watchdog-idUKKCN18C10C) [slaps on the wrist](http://www.consumerwatchdog.org/blog/google-ruling-shows-need-do-not-track-and-strong-antitrust-action). Apple's App Privacy repackages the Privacy Policy to make it look more trustworthy with Apple Design™, but fixes none of the inherent flaws with it. |
| 38 | + |
| 39 | +Apple needs a much better approach than depending on the honesty of app developers and profit-driven companies. Here are two alternatives that are far better for privacy: |
| 40 | + |
| 41 | +One approach is to ask for *proof* from developers that their privacy claims are actually true - for example, enforcing the [Openly Operated](https://openlyoperated.org) transparency standard, which puts the responsibility on companies to prove their claims before being allowed to access users' personal data. This approach is already working with apps that are serving hundreds of thousands of people daily. |
| 42 | + |
| 43 | +Another approach is to rely on neutral third party reports and reviews, like what [Privacy Review](https://privacyreview.co) does - it's like a Snopes or PolitiFact, but for apps. By involving groups that have no financial interest in the apps, App Privacy can become a source of trustworthy privacy information, and thus weed out app developers that abuse or sell user data, instead of giving them an open, unvetted space to lie. |
| 44 | + |
| 45 | +### Final note |
| 46 | + |
| 47 | +Apple's App Privacy is flawed because it creates a heavily-manipulated *illusion* of transparency, without any of the benefits of true transparency. It gives financial incentives for apps to be more dishonest, and we hope Apple alters their course on this for both the health of the App Store ecosystem, as well as their 1.5 billion users worldwide. In the meantime, we advise that you take App Privacy with a large grain of salt, because it's not at all a dependable indicator of trustworthiness - and may simply indicate an app developer's willingness to lie. |
0 commit comments