Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why Apple really cares about your privacy

Rich Mogull | June 26, 2014
In the days and weeks since Apple's WWDC keynote, something's been bugging me, but I couldn't quite put my finger on it. Then, recently, while sitting at the airport, I launched Safari and pulled up Apple's official privacy policy. At first glance, it seemed to be the standard boilerplate issued by the gray suited legal department of a large enterprise, full of the same legalese you see on nearly any site that collects your personal information.

In the days and weeks since Apple's WWDC keynote, something's been bugging me, but I couldn't quite put my finger on it. Then, recently, while sitting at the airport, I launched Safari and pulled up Apple's official privacy policy. At first glance, it seemed to be the standard boilerplate issued by the gray suited legal department of a large enterprise, full of the same legalese you see on nearly any site that collects your personal information.

But then I focused on some of the details, and a certain simplicity emerged:

Personal information will only be shared by Apple to provide or improve our products, services and advertising; it will not be shared with third parties for their marketing purposes.

(Emphasis mine.)

and

Opting out through oo.apple.com applies only to Apple advertising services and does not affect interest-based advertising from other advertising networks. However, if you select Limit Ad Tracking on your mobile device, third party apps are not permitted by contract to use the Advertising Identifier

The iTunes EULA this is not. The longer I looked at the pages of small type, the more I realized how different it was from policies I've read from most other large companies. (That's one of the career hazards of being a security analyst: You have to read a lot of these things.)

The user rules

Yet even the written policy doesn't seem to reflect how Apple really views privacy, as reinforced in the WWDC keynote:

  • iOS extensions were designed to prevent them from being able to circumvent a user's privacy settings. No keyboards sniffing keystrokes and sending them off to the Internet (as has happened on Android).
  • Both HealthKit and HomeKit are designed so users control their own data, and must explicitly allow it to be shared with outsiders.
  • With Touch ID, not only does your fingerprint never leave the device, but apps can never see anything stored in the Secure Enclave.
  • The privacy-minded DuckDuckGo search engine will be a default option, right next to Bing and Google.

And when you really dig into the details, you learn that Apple lets you NSA-proof your iCloud keychain, encrypts Messages and FaceTime calls end-to-end, protects an employee's personal information from his or her employer when using Mobile Device Management, and has designed the iPhone without law-enforcement back doors.

But in the most telling recent news of all, it appears the Apple will randomize the WiFi hardware address of iOS devices to frustrate location and advertising trackers who use this address to know who you are when you move around in public. This is a subtle feature that the vast majority of iOS users won't ever realize exists, even as it protects them.

 

1  2  3  Next Page 

Sign up for MIS Asia eNewsletters.