{"id":31128,"date":"2020-12-24T12:50:46","date_gmt":"2020-12-24T17:50:46","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=31128"},"modified":"2025-08-04T10:34:02","modified_gmt":"2025-08-04T14:34:02","slug":"apples-privacy-nutrition-labels-are-a-blessing-and-a-curse","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2020\/12\/24\/apples-privacy-nutrition-labels-are-a-blessing-and-a-curse\/","title":{"rendered":"Apple’s “Privacy Nutrition Labels” Are a Blessing and a Curse"},"content":{"rendered":"

Johnny Lin<\/a> (tweet<\/a>):<\/p>\n

\n

Apple doesn’t verify any of the App Privacy information that app developers submit - because they can’t<\/em>. There is currently no way for Apple to know what an app does with user data after the data is sent to the app. But by calling it equivalent to “Privacy Nutrition Labels”, Apple irresponsibly implies that this privacy information is vetted, when that is absolutely false.<\/p>\n

This results in two unintended consequences: it creates a false sense of security for users, and an incentive for more dishonest and privacy-invasive apps in the App Store.<\/p>\n

[…]<\/p>\n

In this situation, both email apps collect basic analytics. The dishonest app, however, writes in their App Privacy that they don’t collect or sell any<\/em> data, while the honest app admits that they collect basic analytics. So you read the App Privacy for both apps, and decide that since you want to “maximize privacy”, you download the dishonest app - the one that secretly sells your emails to third parties. It’s not your fault - it’s the fault of a poor incentive structure.<\/p>\n<\/blockquote>\n\n

As he notes, Apple is financially incentivized to allow dishonest apps to make lots of money, which they partially pour into App Store Search Ads, and many of these have remained in the store over the long term.<\/p>\n\n

Previously:<\/p>\n