One of the defensive arguments raised to protest Apple’s decision that developers place what it calls privacy labels alongside their apps has been that the company itself doesn’t apply the same rules to itself.
Apple lives by its own (privacy) rules
Apple has always said it intends to follow the same rules it imposes on developers and has now made privacy labels available for all of its apps, including its system utilities and the App Store itself. “Our privacy labels are designed to help you understand how apps handle your data, including apps we develop at Apple,” the company states on a page where it published the information.
The page describes apps for every Apple hardware platform: iOS, iPadOS, macOS, watchOS, and tvOS.
Announced at WWDC 2020 and officially launched with iOS 14.3, Apple’s Privacy Nutrition Labels are designed to help customers understand detailed information concerning the data apps collect. The idea is that Apple’s users can avoid apps that demand information they don’t want to share, and that developers offering similar functionality while respecting user privacy can demonstrate this commitment.
It should be good for everybody. Naturally, there have been some complaints.
While nations are exploring stringent surveillance of their people, some argue that what technology firms engage in already exceeds this, creating a completely uncontrolled free market in personal information.
This is dangerous, Apple believes. As CEO Tim Cook in January said:
“The fact is that an interconnected ecosystem of companies are purveyors of fake news and peddlers of division, of trackers and hucksters just looking to make a quick buck, is more present in our lives than it has ever been.
“And it has never been so clear how it degrades our fundamental right to privacy and our social fabric. As I’ve said before, if we accept as normal and unavoidable that everything in our lives can be aggregated and sold, then we lose so much more than data. We lose the freedom to be human.”
The problem with the App Privacy Labelling model, of course, is that Apple at present isn’t deeply policing what developers claim. In the small print at the bottom of the page, the company says: “This information has not been verified by Apple.”
That’s interesting, as this also means that by publishing Privacy Labels for its own apps, the company is actually imposing a greater burden of proof on itself than it does on app developers. A company as vast as Apple cannot mislead consumers about the privacy practices of its apps. Other developers can — and some say, do.
That’s doesn’t mean Apple won’t react if it finds a developer is making misleading claims about its app.
The power of crowds
“Similar to how Age Ratings work on the App Store, developers report their own privacy practices,” Apple says.
“If we learn that a developer may have provided inaccurate information, we will work with them to ensure the accuracy of the information.”
That’s useful and should also be a motivation for the most privacy-conscious consumers to vet the claims app developers make. Developers who make false claims should be identified. Developers making false claims who then abuse data they have secretly purloined from users in any way should face consequences.
Now that it has launched App Privacy labels, you can expect the company to continue to innovate in that space. In this case, innovation could mean recruitment of staff to vet and verify privacy claims. Those developers who make claims they cannot support would be identified, warned, named, shamed, and potentially removed from the store. This process would create opportunities for smaller developers to build similar functionality inside products that didn’t take data.
Apple has already begun doing this:
“Apple conducts routine and ongoing audits of the information provided and we work with developers to correct any inaccuracies. Apps that fail to disclose privacy information accurately may have future app updates rejected, or in some cases, be removed from the App Store entirely if they don’t come into compliance.”
In the future, app developers should expect more of the same. Indeed, it seems plausible to expect the company to develop AI testing systems that will vet apps against claimed privacy practices during the App Store approvals process — just as it already analyzes payments to verify against any other kind of fraud.
Meanwhile, developers will be permitted to track users only if they obtain permission using the App Tracking Transparency (ATT) framework that’s coming in iOS 14.5. Despite the many blemishes against its reputation, Facebook is fighting furiously against ATT, making a series of what I see as unconvincing claims to defend its business.
Apple, meanwhile, appears committed to living by its own rules and will continue to improve its handling of personal data and privacy protection systems on its platforms.