Wednesday, December 9, 2020

iOS App Privacy Labels

Juli Clover:

As part of iOS 14, Apple is introducing a new App Store feature that will provide privacy details for each app that you’re downloading, which the company has said can be likened to a “nutrition label” for apps.

In a new Developer Support document, Apple outlines the information that developers will need to provide on their App Store pages for customers. Apple is relying on developers to offer up their own privacy policies, and developers will need to start adding this information to App Store Connect starting in the fall.

Hartley Charlton:

WhatsApp, which is owned by Facebook, has accused Apple of anti-competitive behavior because iMessage is preinstalled on iPhones and does not need to be downloaded from the App Store, where the new privacy labels will be shown.


WhatsApp submitted the required information to Apple on Monday, but said in a blog post that “Apple’s template does not shed light on the lengths apps may go to protect sensitive information.” The spokesperson told Axios, “while WhatsApp cannot see people’s messages or precise location, we’re stuck using the same broad labels with apps that do.”

Joe Rossignol:

Apple today assured that its new requirement for privacy information on the App Store will apply equally to all iOS apps, including its own.

This means that the dozens of Apple apps available through the App Store, such as Apple Books and Apple Podcasts, will display the same privacy “nutritional labels” as third-party apps. And for built-in iOS apps, like Messages, Apple says that it will make the same privacy information available to users on its website. Apple says this information will be presented in the same way as it appears on the App Store.

Ben Thompson:

What makes that Apple advertisement so misleading is the level of individuality it implies in terms of data collection and application.


The Internet offers two clear alternatives: either a million blooming flowers, or all-encompassing behemoths that succeed by controlling access to customers. In the case of information, that alternative is Google, and in the case of products, it is Amazon.

What is notable about both is how relatively untouched they are by Apple’s privacy campaign. Yes, Google has app SDKs, but they also have an even larger presence on the web than Facebook, have somewhat less need for data given the directed nature of search advertising, and oh yeah, are the default search engine on Apple devices, which makes it that much easier to ensure that information flows via Google’s channels (like AMP pages, which get around Apple’s recent cookie-crackdowns by being served from Google’s own URLs). […]

Amazon, meanwhile, is increasingly where shopping searches start, particularly for Prime customers, and the company’s ad business is exploding. Needless to say, Amazon doesn’t need to request special permission for IDFAs or to share emails with 3rd parties to finely target its ads: everything is self-contained, and to the extent the company advertises on platforms like Google, it can still keep information about customer interests and conversions to itself. That means that in the long run, independent merchants who wish to actually find their customers will have no choice but to be an Amazon third-party merchant instead of setting up an independent shop on a platform like Shopify.


Update (2020-12-16): Apple (Hacker News):

The App Store now helps users better understand an app’s privacy practices before they download the app on any Apple platform. On each app’s product page, users can learn about some of the data types an app may collect, and whether that data is linked to them or used to track them. As a reminder, your app’s privacy information is required to submit new apps and app updates to the App Store, and some data is optional to disclose if it meets specific criteria, such as certain data from health research apps and regulated financial services. You may update your answers at any time without resubmitting your app or going through App Review.

Khaos Tian:

Guess HI didn’t get a chance to partipate in designing this, what’s up with this shadow when there is a proper card design just right above it 😝

Update (2021-01-04): Dev:

The difference between WhatsApp and Signal (both end-to-end encrypted) in the new App Store privacy section is stark


Update (2021-01-05): Dave Wood:

I think the Signal labels just show that developers don’t know how to answer the questions, or that at least they’re using different measuring sticks. How is it possible that ‘Contact Info’ is collected, but not ‘Linked to you’. It is you.

Dan Frakes:

These privacy labels 😳

Update (2021-01-12): Dave Wood:

More evidence that Signal’s App Privacy response is bullshit. Not only do they collect your contact info, they upload your address book to their servers, and then expose you to other users.

Glenn Fleishman:

As always, the question is whether disclosure prompts changes by individuals. The App Privacy listing is just a disclosure: users can’t opt in or out of different kinds of data collection—it’s all or nothing. But unlike a standard software EULA (end-user license agreement) or dense privacy policy, Apple’s requirements and presentation make it quite clear what’s up, assuming the developer has been truthful, of course. Then you take it or leave it: you either buy or install the app or don’t.

However, Apple is about to enable an option that will give you choice over one set of items disclosed in App Privacy. Sometime soon—the company hasn’t yet said when—Apple will require that you opt into third-party tracking. That’s what has Facebook quaking, and what I’ll explain next.

Update (2021-01-22): Juli Clover:

On January 5, Google told TechCrunch that the data would be added to its iOS apps “this week or the next week,” but both this week and the next week have come and gone with no update. It has now been well over a month since Google last updated its apps.

Update (2021-02-05): Thomasbcn:

Google’s iOS apps release cycle before & after Apple asks to disclose privacy labels.

Thie pattern is probably just a coincidence.

Comments RSS · Twitter

Leave a Comment