|
1 | 1 | --- |
2 | | -title: Apple's "Privacy Nutrition Labels" are a Gift to Scam Apps |
| 2 | +title: Apple's "Privacy Nutrition Labels" are a Blessing and a Curse |
3 | 3 | --- |
4 | 4 |
|
5 | | -### "App Privacy" should give users verified information, instead of a false sense of security |
| 5 | +### "App Privacy" should give users verified information, not a false sense of security |
6 | 6 |
|
7 | | -With the recent release of iOS 14, Apple enabled a new feature called "App Privacy" (or "[Privacy Nutrition Labels](https://www.seattletimes.com/business/technology/new-from-apple-at-wwdc-hand-washing-alerts-iphone-widgets-and-privacy-nutrition-labels/)") in the App Store, which supposedly shows users what information apps collect, and how that information is used. For example, you might have seen people making fun of the Facebook app's long App Privacy section - like the tweet below: |
| 7 | +With the recent release of iOS 14, Apple enabled a new feature called "App Privacy" (or what they call [Privacy Nutrition Labels](https://www.seattletimes.com/business/technology/new-from-apple-at-wwdc-hand-washing-alerts-iphone-widgets-and-privacy-nutrition-labels/)) in the App Store, which supposedly shows users what information apps collect, and how it's used. For example, the Facebook app's extremely long App Privacy section, which details all the information they collect, is already the subject of viral tweets such as this one: |
8 | 8 |
|
9 | | - |
| 9 | + |
10 | 10 |
|
11 | | -This, on the surface, *seems* like a win for consumer privacy. So what's the catch? |
12 | | -### Flaw #1: For popular apps, App Privacy doesn't tell users anything new. |
13 | | -At this moment in 2020, the fact that Facebook is bad for privacy is already well-known. There are countless articles, documentaries, and reports about the many ways that Facebook exploits user data. Even Mark Zuckerberg admitted this: |
| 11 | +Most people are already aware that Facebook has terrible privacy practices, but Apple still deserves a lot of credit for exposing Facebook so publicly on their official platform. Raising awareness about privacy is terrific, and this is definitely the right direction. So what's the catch? |
14 | 12 |
|
15 | | ->  |
| 13 | +The problem with Apple's App Privacy is that it's entirely self-reported. The app developer gets to make whatever privacy claims they want, and none of that information is vetted. There's no verification by Apple or by any other source. |
16 | 14 |
|
17 | | -People are only on Facebook because their friends are on it. Nobody *wants* to be on Facebook, everyone *knows* it's horrible for privacy - and so showing users this long App Privacy list doesn't actually change anything. |
| 15 | +App Privacy is not new. It's re-branding and simplification of the Privacy Policy, aka the "We Pinky-Promise to Not Steal Your Data" document. Unfortunately, App Privacy doesn't fix the Privacy Policy's inherent and critical flaw: Privacy Policies contain no proof of the privacy claims they make. |
18 | 16 |
|
19 | | -As a thought experiment for the usefulness of App Privacy, imagine if Facebook changed their App Privacy and wrote that they didn't collect any user information. Of course, nobody would believe them. For well-known apps, App Privacy at best only confirms what users already know. |
| 17 | +Apple doesn't verify any of the App Privacy information that app developers submit - because they *can't*. There is currently no way for Apple to know what an app does with user data after the data is sent to the app. But by calling it equivalent to "Privacy Nutrition Labels", Apple irresponsibly implies that this privacy information is vetted, when that is absolutely false. |
20 | 18 |
|
21 | | -### Flaw #2: App Privacy's reliance on self-reporting creates a false sense of security. |
22 | | -For most other apps, App Privacy is bad for privacy because Apple relies entirely on the app developer to be honest about their privacy practices. This creates poor incentives - it's like asking restaurants to do their own health inspections and provide their own health scores. |
| 19 | +This results in two unintended consequences: it creates a false sense of security for users, and an incentive for more dishonest and privacy-invasive apps in the App Store. |
| 20 | +### A False Sense of Security for Users |
| 21 | +The Privacy Policy, and by extension, App Privacy, has been a failure due to its inaccuracy and lack of reliability. This is partially because even the app developers themselves may not know what user data is being given to third parties, or who those third parties give user data to. |
23 | 22 |
|
24 | | -Apple doesn't verify any of the App Privacy information that app developers submit - because they *can't*. *There is currently no way for Apple to know what an app does with user data after the data is sent to the app.* But by drumming up hype about "App Privacy" and **calling it equivalent to "Privacy Nutrition Labels", Apple very strongly implies that the privacy information is vetted, when that is absolutely false**. |
| 23 | +One example of this is a recent privacy scandal involving the [mass selling of user data](https://9to5mac.com/2020/11/20/us-military-buys-location-data-from-muslim-prayer-app-and-more/) to the U.S. military, with location data harvested from various apps - a Craigslist app, a Muslim prayer app, weather apps, and many others. This was possible because these apps used a third-party integration that sold location data. And since the app developer didn't even know the third-party integration was doing this, they of course didn't mention it in their apps' Privacy Policies (or App Privacy) - they can't include what they don't even know. |
25 | 24 |
|
26 | | -Let's say a user is searching for a new email app, and is choosing between two candidates on the App Store. One is created by a dishonest developer who intends to sell user emails to third parties, and the other is created by an honest developer who only uses basic, anonymized analytics. Which app does the user end up choosing? |
| 25 | +Another example is the case of poor security practices, resulting in security breaches. It seems like every week, some company "regrettably" announces that [they've been hacked](https://haveibeenpwned.com/PwnedWebsites). Last week, it was SolarWinds, who apparently set their server password to "[solarwinds123](https://www.reuters.com/article/global-cyber-solarwinds/hackers-at-center-of-sprawling-spy-campaign-turned-solarwinds-dominance-against-it-idUSKBN28P2N8)". Negligent, cheap, and lazy security practices like this are commonplace, and are opaque to even the most detailed Privacy Policies. |
| 26 | + |
| 27 | +Both real-world examples above seriously impact user data and privacy, and unfortunately in both cases, App Privacy doesn't help, and worse, may give users a false sense of safety. |
| 28 | +### Incentivizing Dishonest and Privacy-Invasive Apps |
| 29 | +The App Store ecosystem is a competitive place. For every app, there are at least two or three apps with similar functionality competing for the same users. And you don't need five email apps - you need one good one. Users choose apps based on many factors: features, design, screenshots, reviews, and now with iOS 14, App Privacy. So to win the most users, developers are now incentivized to make their App Privacy look good. Key phrase: "**look** good". |
| 30 | + |
| 31 | +Again, App Privacy is based on Privacy Policies, so it relies on the app developer to be honest - it's like asking restaurants to do their own health inspections and provide their own health scores. Now that App Privacy makes the Privacy Policy much more prominent, how does this affect the incentive structure for App Store apps? |
| 32 | + |
| 33 | +Let's say you're choosing between two email apps on the App Store - both seem similar in features and design. Unbeknownst to you, however, one email app is created by a dishonest developer who intends to extract extra profit by selling your emails to third parties, while the other email app is honest and does not do this. Which app do you end up choosing? |
27 | 34 |
|
28 | 35 |  |
29 | 36 |
|
30 | | -In this situation, both email apps collect basic, anonymized analytics. The dishonest app, however, writes in their App Privacy that they don't collect or sell *any* data, while the honest app admits that they collect basic analytics data. So a user shopping for apps reads the App Privacy for both apps, decides that they want to "maximize their privacy", and downloads the dishonest app - the one that will secretly sell the user's emails. |
| 37 | +In this situation, both email apps collect basic analytics. The dishonest app, however, writes in their App Privacy that they don't collect or sell *any* data, while the honest app admits that they collect basic analytics. So you read the App Privacy for both apps, and decide that since you want to "maximize privacy", you download the dishonest app - the one that secretly sells your emails to third parties. It's not your fault - it's the fault of a poor incentive structure. |
| 38 | + |
| 39 | +This results in a nightmare feedback loop: Dishonest apps make more money due to their willingness to lie on their App Privacy, and then use their ill-gotten profits to buy Apple's App Store Search Ads, which allows them to appear first in search results and rope in more downloads and more user data. Sell the user data, rinse and repeat. I previously wrote about the magnitude of top-selling apps doing exactly this on the App Store [here](/2020/11/25/how-to-make-80000.html). The App Store's "scam apps" problem hasn't gotten better since then, and the introduction of App Privacy will now help them seem even more legitimate than ever before to unsuspecting users. |
31 | 40 |
|
32 | | -This results in a nightmare feedback loop: Dishonest apps make more money due to "better" App Privacy, and then use their ill-gotten profits to buy Apple's App Store Search Ads, which allows them to appear first in search results and rope in more downloads and more user data. Sell the user data, rinse and repeat. I previously wrote about the magnitude of top-selling apps doing exactly this on the App Store [here](/2020/11/25/how-to-make-80000.html). The App Store's "scam apps" problem has only gotten worse, and App Privacy will help them seem more legitimate than ever before to unsuspecting users. |
| 41 | +### Finding Apps That Truly Respect Privacy |
| 42 | +So what can be done about App Privacy's ease of abuse? |
33 | 43 |
|
34 | | -### App Store's "App Privacy" takes an old idea and makes it worse. |
35 | | -In a nutshell, Apple's App Privacy is amplifying the worst privacy invention ever - the Privacy Policy, aka the "We Pinky-Promise to Not Steal Your Data" document. Privacy Policies are bad not just because they're impossible to enforce and easy to abuse, but also because they're not [legally binding](https://ir.lawnet.fordham.edu/iplj/vol27/iss1/5/), and in the rare case that violations are caught, [the](https://www.abine.com/blog/2012/facebook-privacy-violated-by-new-ads/) [penalties](https://www.theverge.com/2018/4/24/17275994/yahoo-sec-fine-2014-data-breach-35-million) [are](https://uk.reuters.com/article/us-facebook-france/facebook-fined-150000-euros-by-french-data-watchdog-idUKKCN18C10C) [slaps on the wrist](http://www.consumerwatchdog.org/blog/google-ruling-shows-need-do-not-track-and-strong-antitrust-action). Apple's App Privacy repackages the Privacy Policy to make it look more trustworthy with Apple Design™, but fixes none of the inherent flaws with it. |
| 44 | +Apple has said that developers caught lying on their App Privacy will be banned, but this threat has no teeth. First, as mentioned earlier, it's impossible for Apple to catch liars because Apple has no way of knowing if app developers are telling the truth about privacy - this threat is only effective against the most visible companies like Facebook, who are already under heavy scrutiny. Second, Apple is not financially incentivized to eliminate profitable apps from the App Store (since they take 30% of revenues as well as App Store Ads), and other than specific removals of a few scandals that go viral in the media, they aren't spending the time or resources to individually verify the 2 million apps on the App Store. |
36 | 45 |
|
37 | | -Apple needs a much better approach than totally depending on the honesty of profit-driven app companies. Here are two alternatives that are far better for privacy: |
| 46 | +Luckily, you don't need to depend on Apple. Here how to find and choose truly privacy-respecting apps: |
38 | 47 |
|
39 | | -One approach is to ask for *proof* from developers that their privacy claims are actually true - for example, enforcing the [Openly Operated](https://openlyoperated.org) transparency standard, which puts the responsibility on companies to prove their claims before being allowed to access users' personal data. This approach is already working with apps that are serving hundreds of thousands of people daily. |
| 48 | +First, look for apps that are 100% open source. Open source is the "organic" of software, and it means the app's code is publicly visible, so there's nothing to hide. There are no unknown third-party integrations, and everything the app does, including collection of data and how it's used, is accessible by everyone. Importantly, ensure that not just the app, but also the app's servers (where your data is stored and transferred in the cloud) are 100% open source. |
40 | 49 |
|
41 | | -Another approach is to rely on neutral third party reports and reviews, like what [Privacy Review](https://privacyreview.co) does - it's like a Snopes or PolitiFact, but for apps. By involving groups that have no financial interest in the apps, App Privacy can become a source of trustworthy privacy information, and thus weed out app developers that abuse or sell user data, instead of giving them an open, unvetted space to lie. |
| 50 | +Second, check a site like [Privacy Review](https://privacyreview.co) for neutral third party analyses on the tracking behaviors of specific apps. Instead of trusting App Store's App Privacy, which is self-reported, these sites use tools like [Lockdown Privacy](https://lockdownprivacy.com) to see exactly what connections to trackers are made - it's like a Snopes, but for apps. Watch out, though, for review sites that get a "referral bonus" from your app signups or downloads - these are almost always scams, because they only get paid when you purchase the app. |
| 51 | + |
| 52 | +Third, make sure that management and ownership of the company is clear. Who is the CEO? Where are they located and are they a real company? Or are they a series of offshore shell companies that allow the owners to stay anonymous? You'll be surprised how often that last one is true, especially for so-called privacy apps that are [malware](https://www.techspot.com/news/60828-popular-free-vpn-service-hola-dodgy.html) or [data-mining](https://9to5mac.com/2017/08/07/hotspot-shield-snooping-on-users-vpn/) companies [in disguise](https://techcrunch.com/2020/12/16/australia-sues-facebook-over-its-use-of-onavo-to-snoop/). |
42 | 53 |
|
43 | 54 | ### Final note |
44 | 55 |
|
45 | | -Apple's App Privacy creates a heavily-manipulated *illusion* of transparency, without any of the benefits of true transparency. It gives financial incentives for apps to be more dishonest, and we hope Apple alters their course on this for the health of the App Store ecosystem, as well as their 1.5 billion users worldwide. In the meantime, we advise that you take App Privacy with a large grain of salt, because it's not at all a dependable indicator of trustworthiness - and may simply indicate an app developer's willingness to lie. |
| 56 | +Apple's App Privacy creates a heavily-manipulated *illusion* of transparency, without any of the benefits of true transparency. It gives financial incentives for apps to be more dishonest, and Apple would be well-advised to change course on this for the health of the App Store ecosystem and their 1.5 billion customers. |
| 57 | + |
| 58 | +App Privacy has a lot of potential. It shouldn't just be a watered-down Privacy Policy that misleads users. It should instead adopt a verifiable transparency standard like [Openly Operated](https://openlyoperated.org), which puts the responsibility on the companies to prove their security and privacy claims before being allowed to access user data. |
| 59 | + |
| 60 | +In the meantime, we advise that you (and your family and friends) to take App Privacy with a heavy grain of salt, because it's not at all a dependable indicator of trustworthiness - and may simply indicate an app developer's willingness to lie. |
0 commit comments