Monday, February 1, 2021

Misleading and Inaccurate iOS Privacy Labels

Geoffrey A. Fowler (Hacker News, MacRumors):

I downloaded a de-stressing app called the Satisfying Slime Simulator that gets the App Store’s highest-level label for privacy. It turned out to be the wrong kind of slimy, covertly sending information — including a way to track my iPhone — to Facebook, Google and other companies. Behind the scenes, apps can be data vampires, probing our phones to help target ads or sell information about us to data firms and even governments.

As I write this column, Apple still has an inaccurate label for Satisfying Slime. And it’s not the only deception. When I spot-checked what a couple dozen apps claim about privacy in the App Store, I found more than a dozen that were either misleading or flat-out inaccurate. They included the popular game Match 3D, social network Rumble and even the PBS Kids Video app.


Apple’s big privacy product is built on a shaky foundation: the honor system. In tiny print on the detail page of each app label, Apple says, “This information has not been verified by Apple.”


Irony alert, there’s a tech giant that is more transparent: Facebook. With a setting called “off-Facebook activity” that it launched in 2020, you can actually see all the different apps and websites that are feeding your data to Facebook and ask the social network to stop using the data to target you with ads.


Update (2021-02-19): Michael Potuck:

Now the US House Committee on Energy & Commerce is urging Apple to “improve the validity of its App Privacy labels” along with asking for more specifics on the system.

US House Energy and Commerce Committee chairman Frank Pallone Jr. (D-NJ) and Consumer Protection and Commerce Subcommittee Chair Jan Schakowsky (D-IL) penned the letter to Apple CEO Tim Cook this week about concerns over the App Store privacy labels (first spotted by MacRumors).

Update (2021-03-11): John Gruber:

Effectively PBS submitted a privacy nutrition label based on changes to their app that weren’t yet — but soon were — live in the App Store. The rest of the inaccurate nutrition labels Fowler found are rather obscure apps.


And if Apple’s new privacy labels are useless, why are so many apps making changes to their actual privacy policies? Would PBS have removed the tracking identifier from its PBS Kids app in the first place? I’m guessing not.

1 Comment RSS · Twitter

A do not track option in Safari asked websites nicely. Didn’t work. Years later active intelligent tracking prevention, ITP, was born as a countermeasure. Now how asking apps to respect the same honour system is going to be different?

Is ITP backed in from day to actively enforce privacy requests on apps?

Is this new honour based disclosure system, including the one soon to be delivered by iOS/iPadOS 14.5, simply an instrument of the ad industry, of which Apple is major representative, to carefully position themselves just ahead of a curve of eroding trust?

Because in iOS Settings > Privacy > Tracking > Learn more reads “When you decline to give permission…App developers are responsible for ensuring they comply with your choices.”.

Developers can fingerprint by other means than the official advertising id controlled by Apple. And they do.

Leave a Comment