What we learned from Apple’s new privacy label

We all know that Apps collect our data. Yet one of the few ways to find out what an app does with our information involves reading the privacy policy.

Let’s be real: Nobody does that.

So at the end of last year, Apple introduced a new requirement for all software developers, who publish apps through their App Store. Apps should now include so-called privacy labels, which list the types of data being collected in an easily scannable format. The label resembles a nutritional marker on food packaging.

These labels, which began appearing in the App Store in December, are the latest effort by tech designers We make data security easier for everyone to understand. You may be familiar with earlier iterations, such as the padlock symbol in a web browser. A locked padlock tells us that a website is trusted, while an unlocked suggestion suggests that a website may be malicious.

The question is whether Apple’s new labels will affect people’s choices. “When they read it or see it, does it change how they use the app or stop downloading the app?” Asked a research scientist Stephanie Nguyen who has Studied user experience design and data privacy.

To put labels to the test, I worked on dozens of apps. Then I focused on the privacy label for messaging apps WhatsApp and Signal, streaming music apps Spotify and Apple Music and for the fun, MyQ, I use to open my garage door from a distance.

I have learned a lot. The privacy label revealed that apps that look similar in function may differ to a great extent in how they handle our information. I also found that a lot of data is being collected when you least expect it, including inside the products you paid for.

But while the labels were often illuminating, they sometimes caused more confusion.

To find new labels, iPhone and iPad users with the latest operating systems (iOS and iPadOS 14.3) can open the App Store and search for an app. Inside the application details, see “App Privacy”. The place where a box with the label appears.

Apple has divided privacy labels into three categories so that we can get a complete picture of the type of information an app collects. They are:

  • The data used to track you. This information is used to follow your activities on apps and websites. For example, your email address can help identify whether you were also a person using another app where you entered the same email address.

  • Your data: This information is associated with your identity, such as your purchase history or contact information. Using this data, a music app can see that your account has purchased a certain song.

  • The data is not linked to you: This information is not directly linked to you or your account. For example, a mapping app can collect data from a motion sensor to provide turn-by-turn instructions for all. It does not save your account information.

Now let us see what these labels say about specific apps.

on the surface, WhatsApp, owned by FacebookSeems almost identical The signal. Offer both Encrypted message, Which scrape your messages so that only the recipient can understand them. Both also depend on your phone number to create an account and receive messages.

But their privacy label immediately reveals how different they are under the hood. The bottom one is the first one Whatsapp. Have one for the next one The signal:

The label quickly made it clear that WhatsApp taps far more of our data than the signal. When I asked the companies about this, Signal said that it tried to get less information.

For group chat, the WhatsApp privacy label showed that the app has access to user content, including group chat names and group profile photos. Signal, which does not, said it was A complex group chat system has been created He encrypts the content of the conversation, including the people participating in the chat and their avatars.

For people’s contacts, the WhatsApp privacy label revealed that the app could access our contact list; No signal. With WhatsApp, you have the option to upload your address book to the company’s server, which can help you find your friends and family who are using the app. But on the signal, the contact list is stored on your phone, and the company cannot tap it.

“In some instances, it is more difficult not to collect data,” said the founder of Signal, Moxie Marlinspike. “We have gone to greater lengths to build designs and technology that we don’t have access to.”

A WhatsApp spokesperson referred to the company’s website Explaining its privacy label. The website said that WhatsApp can prevent the misuse of user content and those who violate the law.

Then I took a close look at the privacy label for a suitably innocuous app: Chamberlain’s MyQ, a company selling gabber door openers. The MyQ app works with a $ 40 hub that connects to a Wi-Fi router so you can open and close your garage door remotely.

Here’s what the label says about the data collected by the app. Warning: this is long.

Why would I pay to open my garage door to track my name, email address, device identifier and usage data?

Answer: For advertising.

Elizabeth Lindmulder, who oversees connected devices for the Chamberlain Group, said the company collected data to target people with advertisements across the web. Chamberlain also has partnerships with other companies, such as Amazon, and data is shared with partners when people choose to use their services.

In this case, the label successfully caused me to stop and think: Yuck. Maybe I will return to my old garage remote with no internet connection.

Finally, I compared the privacy labels for two streaming music apps: Spotify and Apple Music. This experiment unfortunately put me in a state of confusion.

Just look at the label. One for the first Spotify. Next to Apple Music

These look different from the other labels featured in this article because they are just previews – Spotify’s label was so long that we couldn’t display its entirety. And when I dug into the label, both had such confusing or misleading terminology, which could not immediately connect the dots to use our data.

One piece of jargon in Spotify’s label was that it collected people’s “rough locations” for advertising. what does this mean?

Spotify said that it is applicable for those who have free accounts that receive advertisements. The application pulls device information to obtain approximate locations so that it can run relevant advertisements for users where they are. But most people are unlikely to understand this by reading labels.

Apple Music’s privacy label suggested that it link data to you for advertising purposes – even if the app doesn’t show ads or run ads. In college On apple’s website Did I Know that Apple Music Watch What You Hear This may provide information about upcoming releases and new artists that are relevant to your interests.

Privacy labels are particularly confusing when it comes to Apple’s own apps. This is because some Apple apps appeared in the Apple Store with the label Privacy, while others did not.

Apple may have removed some of its apps – such as FaceTime, Mail, and Apple Maps – and then downloaded them to the App Store, so they can be found there with the label Privacy. But its phone and message apps cannot be removed from devices and hence the App Store does not have privacy labels. Instead, the privacy labels for those apps are in. Hard-to-find support documentation.

The result is that Apple’s app’s data practices are less upfront. If Apple wants to lead a privacy conversation, it can set a better example by making the language clearer – and its labeling program less self-serving. Apple did not pursue the issue when I asked why all apps should not be held to the same standards.

Ms. Nguyen, researcher, said that there had to be a lot for the privacy label to succeed. In addition to behavior change, she said, companies should be honest about describing their data collection. Most important, people have to be able to understand the information.

He said, “I can’t imagine that my mother would ever stop looking at a label and say, ‘Don’t let me see the data associated with me and the data associated with me.” “what does that even mean?”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *