Home iOS Apple needs to act against fake app-privacy promises

Apple needs to act against fake app-privacy promises


Apple will need to become more aggressive in how it polices the privacy promises developers make when selling apps in the App Store. What can enterprise users do to protect themselves and their users in the meantime?

What’s the problem?

Some developers continue to abuse the spirit of Apple’s App Store Privacy rules. This extends to posting misleading information on App Privacy Labels, along with outright violation of promises not to track devices. Some developers continue to ignore do-not-track requests to exfiltrate device-tracking information.

The Washington Post, which recently launched its own digital ads network, has identified multiple instances in which rogue App Store apps fail to maintain a promise of user privacy.

When a user says they don’t want an app to track them, the app should respect that request. But the report cites numerous cases in which the apps continue to harvest the same information, no matter what the user requests. This data may be sold to third-party data tracking firms, or used to provide targeted advertising, the report says. What it doesn’t say is that failure to respect user wishes is a betrayal of trust.

What might help?

The Post has spoken to ex-iCloud engineer, Johnny Lin, who argues that: “When it comes to stopping third-party trackers, App Tracking Transparency is a dud. Worse, giving users the option to tap an ‘Ask App Not To Track’ button may even give users a false sense of privacy.”

That’s a harsh criticism and it seems appropriate to observe that Lin has an interest here. His company develops Lockdown, which blocks “tracing, ads and badware” in all apps, not just Safari. Perhaps Apple should adopt the same approach. But given the months of pushback the company faced when it introduced App Tracking Transparency, at Apple’s scale achieving this will take time. Surveillance capitalism has a lot of money to spend opposing such plans; as it stands users, particularly enterprise users, should take steps to protect themselves.

Copyright © 2021 IDG Communications, Inc.