What We Learned From Apple’s New Privacy Labels

We all know that Apps collect our data. Yet one of the few ways to find out what an app does with our information involves reading the privacy policy.

Let’s be real: Nobody does that.

So at the end of last year, Apple introduced a new requirement for all software developers, who publish apps through their App Store. Apps should now include so-called privacy labels, which list the types of data being collected in an easily scannable format. The label resembles a nutritional marker on food packaging.

These labels, which began appearing in the App Store in December, are the latest effort by tech designers Create data security and digital privacy, Those that are connected are easy to understand for all of us. You may be familiar with earlier iterations, such as the padlock symbol in a web browser. A locked padlock tells us that a website is more secure, while an unlocked suggestion suggests that a website may be more vulnerable to attack.

The question is whether Apple’s new labels will affect people’s choices. “When they read it or see it, does it change how they use the app or stop downloading the app?” Asked a research scientist Stephanie Nguyen who has Studied user experience design and data privacy.

To put a label to the test, I worked on dozens of apps. Then I focused on the privacy label for messaging apps WhatsApp and Signal, streaming music apps Spotify and Apple Music, and for fun, MyQ, I use to open my garage door remotely.

I have learned a lot. Privacy labels have shown that apps that look similar in function may differ to a great extent in how they handle our information. I also found that a lot of data is being collected when you least expect it, including inside the products you paid for.

But while the labels were often illuminating, they sometimes caused more confusion.

To find the new label, iPhone and iPad users with the latest operating systems (iOS and iPadOS 14.3) can open the App Store and search for an app. Inside the application details, see “App Privacy”. The place where a box with the label appears.

Apple has divided the privacy labels into three categories so that we can get a complete picture of the type of information an app collects. They:

  • The data used to track you. This information is used to follow your activities on apps and websites. For example, your email address can help identify whether you were also a person using another app where you entered the same email address.

  • Your data: This information is associated with your identity, such as your purchase history or contact information. Using this data, a music app can see that your account has purchased a certain song.

  • The data is not linked to you: This information is not directly linked to you or your account. For example, a mapping app can collect data from a motion sensor to provide turn-by-turn instructions for all. It does not save your account information.

Now let us see what these labels say about specific apps.

on the surface, WhatsApp, owned by FacebookSeems almost identical The hint. Offer both Encrypted message, Which scrape your messages so that only the recipient can understand them. Both also depend on your phone number to create an account and receive messages.

But their privacy label immediately reveals how different they are under the hood. The bottom one is the first one Whatsapp. Have one for the next one The hint:

The label quickly made it clear that WhatsApp taps far more of our data than the signal. When I asked the companies about this, Signal said that it tried to get less information.

For group chats, the WhatsApp privacy label revealed that the app has access to user content, including group chat names and group profile photos. Signal, which does not, said it was A complex group chat system has been created He encrypts the content of the conversation, including the people participating in the chat and their avatars.

For people’s contacts, the WhatsApp privacy label revealed that the app could access our contact list; No signal. With WhatsApp, you have the option to upload your address book to the company’s server, which can help you find your friends and family who are using the app. But on the signal, the contact list is stored on your phone, and the company cannot tap it.

“In some instances, not collecting data is more difficult,” said the founder of Signal, Moxie Maralinspike. “We’ve gone to greater lengths to design and build technology that doesn’t have access.”

A WhatsApp spokesperson referred to the company’s website Explaining its privacy label. The website said that WhatsApp can prevent abuse and people who violate the law.

I then kept a close eye on the privacy label for a reasonably intuitive app: Chamberlain’s MyQ, a company selling Gabor Door Openers. The MyQ app works with a $ 40 hub that connects to a Wi-Fi router so you can open and close your garage door remotely.

Here’s what the label says about the data collected by the app. Warning: this is long.

Why have I paid to track my name, email address, device identifier and usage data to open my garage door?

Answer: For advertising.

Elizabeth Lindmulder, who oversees connected devices for the Chamberlain Group, said the company collected data to target advertising people across the web. Chamberlain also has partnerships with other companies, such as Amazon, and data is shared with partners when people choose to use their services.

In this case, the label successfully caused me to stop and think: Yuck. Maybe I will return to my old garage remote which has no internet connection.

Finally, I compared the privacy labels for two streaming music apps: Spotify and Apple Music. This experiment unfortunately took me into a rabbit hole of confusion.

Just look at the label. One for the first Spotify. Next to Apple Music

These look different from the other labels featured in this article because they are just previews – Spotify’s label was so long that we couldn’t display its entirety. And when I dug into the label, both had such confusing or misleading terminology, which could not immediately connect the dots to use our data.

One piece of jargon in Spotify’s label was that it collected people’s “rough locations” for advertising. what does this mean?

Spotify said that this applies to people who have free accounts that receive advertisements. The application pulls device information to obtain approximate locations so that it can run relevant advertisements for users where they are. But most people are unlikely to understand it by reading the label.

Apple Music’s privacy label suggested that it link data to you for advertising purposes – even if the app doesn’t show ads or doesn’t run. In college On apple’s website Did I know that what Apple Music listens to you can provide information about upcoming releases and new artists that are relevant to your interests.

Privacy labels are particularly confusing when it comes to Apple’s own apps. This is because some Apple apps appeared in the Apple Store with the label Privacy, while others did not.

Apple may have removed some of its apps – such as FaceTime, Mail, and Apple Maps – and then downloaded them to the App Store, so they can be found there with the label Privacy. But its phone and message apps cannot be removed from devices and hence the app store does not have privacy labels. Instead, the privacy labels for those apps are inside Hard-to-find support documentation.

The result is that Apple’s app has a low data practice. If Apple wants to lead a privacy conversation, it can set a better example by making the language clear – and its labeling program is less self-serving. Apple did not pursue the issue when I asked why all apps should not be held to the same standards.

Ms. Nguyen, researcher, said that there had to be a lot for the privacy label to succeed. In addition to behavior change, he said, companies should be honest about describing their data collection. Most important, people should be able to understand the information.

“I can’t imagine that my mother would ever stop looking at a label and say, ‘I should look at the data associated with me and the data should not be linked to me,” she said. “what does that even mean?”

Source link

Leave a Comment