I'm working for years as a developer building iOS applications. Apple got so strict the last months maybe last year it's just incredible. Lots of questions about monetization and background services, they really want you to have a solid business case for background location or just don't use it.
As a consumer I'm happy they take those steps though. My privacy is worth money. Either somebody sells it and gives me a "free" OS or somebody sells me an OS and I don't "sell" my privacy.
I was on the phone with Apple once, arguing about why the iOS app I put together at work shouldn't be rejected for running location services all the time. The point the representative at Apple made was that something like that needs to be primarily for the user's benefit, as opposed to it being primarily for the benefit of the people behind the app. I was able to demonstrate that to them, and the app was approved.
Apple is about apps being for the benefit of the user.
The last time I checked it was still possible to buy a computer without Windows, as well as buy Windows that can be transferred between machines. Most people just don't bother with that.
Good luck with that. Even though it is possible it is much harder than just to ignore the problem and pay the Microsoft tax. And if you're going to buy a computer without windows why would you then buy Windows separately, that's much more expensive, and people that go out of their way to buy machines without Windows likely don't run Windows at all.
You can have a windows partition on a machine that is primarily Linux. First install Windows and then install Linux and there's no issue. Windows 10 today does not require a licence to operate it will not lock you out if you never activate.
They're positioning themselves to this space. It was interesting in the sense that it never was really marketed this way (by Apple); it was just the remainder product that didn't sell out your information.
It's always good to sell a "feature" you've always had which costs you nothing.
Apple always took location privacy seriously. I remember an interview between Steve Jobs and Walt Mossberg years ago on this subject. I looked it up again: https://www.youtube.com/watch?v=39iKLwlUqBo
Apple is being hypocritical in this case. Giving in to the demands of government when it hurts their business ( if it did take privacy as seriously as HN makes it out to be, they would take a stand in China) while advocating privacy in Western world.
Apple are legally required to follow the law of countries they do business in. In China the law requires that the government, not third party apps, gains access to additional information. Apple can limit third party app privacy violations while still following the law.
The only stand Apple could take here is:
- Stop selling in China
- Have executives go to jail
Just as if they violated US law or EU-member's law.
That is a poor argument. "Selling" a product is not a principle or a virtue that one is required to comply with. Protecting the privacy of users is. Being non-discriminatory is. What if they had to do business in a country that forbids gay people from working? Using your logic - "Oh well they had to fire all their gay employees to just follow the law".
Its hypocritical of Apple to suggest they truly care about privacy other than as a means to simply differentiate themselves to sell some more shiny objects - which might well be a common cutthroat business tactic.
Your logic is bonkers. Not every principle or virtue is a hill that every inch is worth dying over. The US and EU (and pretty much every other country) also have many laws and regulations that are not privacy friendly. You claim this means they should close up shop (or only sell to seasteaders) if they are a true privacyman? It's a recycled version of the 'Al Gore has a big house' joke, guess he's doesn't really care about the environment. Heyo!
If people simply admitted that Apple (like many others) will compromise on their privacy principles in exchange for commercial gain - we would never have been having a conversation on this topic. People want to hold Apple to a higher standard.. maybe thats also part of the problem.
Is it really that simple? Put yourself in the execs' shoes for a few minutes. You can obey the laws of China and do business in China... or you can take a stand on principle and leave the market, giving up not only the revenue, but the small amount of positive influence you might have on their society as a whole.
How is that necessarily any better for humanity than simply obeying the local laws, going along to get along, while making it clear to your Chinese customers that their counterparts in more enlightened countries enjoy more privacy, more features, and an overall better experience?
I spoke with some people at a certain well-known company working on satellite Internet service a while back, and I asked them the same question. "What are you going to do when the Chinese try to shut you down for providing uncensored Internet service?" It was hard to argue with their response. They feel it is possible to make money and be a positive influence in various closed totalitarian societies including China. I think that's basically Apple's take on it as well.
Overt disobedience to the regime is rarely a good option for companies operating at global scale. It will get your employees declared criminals in large areas of the planet, and it can literally get your customers killed.
Well, I'm saying that we should probably ignore Apple when they say[1] stuff like "At Apple, we believe privacy is a fundamental human right." My cynical reading would be "At Apple, we're going to compromise on what we believe to be a fundamental human right, to make a few bucks, and if in the process we happen to have a positive impact on some dictatorial regimes, that would be cool too".
>Overt disobedience to the regime is rarely a good option for companies operating at global scale.
To be sure, it is never a good option. People have tried to sue the Chinese government, unsuccessfully so far. Nobody is denying that the chinese government has a horrible human rights record too.
>It will get your employees declared criminals in large areas of the planet, and it can literally get your customers killed.
Are we still talking about Apple in China? I don't know which customer was killed, or which employee was declared a criminal..
Are we still talking about Apple in China? I don't know which customer was killed, or which employee was declared a criminal..
No, I switched contexts to the satellite Internet service developer I mentioned. They are on track to deploy a significant LEO constellation over the next few years. If they succeed, they will effectively be the Internet for a large chunk of the world. So if they don't make arrangements to accommodate various countries' censorship regulations, then citizens of places like China, Iran or North Korea who are caught with their receivers will be in a great deal of trouble, and the company's executives will not be able to travel to those regions without fearing arrest.
It is also hypocritical for privacy advocates to purchase products from China.
Their purchases directly fund a regime opposed to their moral positions, either through taxes and duties or payments to the many thousands of firms (like COSCO) that are controlled wholly or in part by the Chinese government or military.
The hypocritical-ness doesn’t go away because corporations are larger than individuals, the transaction is in a different direction, or because the moral position is privately-held.
>It is also hypocritical for privacy advocates to purchase products from China.
If you take Apple out of the argument for a second, thats quite a complex case. I think you can have two positions "we don't compromise on privacy" and "were trying to improve the situation the best way we know how". Under #2, you could make the argument that buying a general purpose tool such as a computer made in china, and using it to promote privacy is a net benefit, than not having the tool to promote your cause.
> "Selling" a product is not a principle or a virtue that one is required to comply with. Protecting the privacy of users is.
A foreign country has passed laws disagreeing with your value judgement. In any case, Apple is a business. As a consumer, I care first and foremost about my privacy and the privacy of those in my country. That is not impinged upon by China forcing Apple's hand in their own country. Perfect is the enemy of good.
Any good act by a corporation can be explained away as a business strategy. Just as any good act by an individual can be explained away as a means to garner status, or because the individual derives personal satisfaction from either the act or the effects of good behavior.
Are you arguing that one must always impute manipulative motives to a corporation? (And should therefore not reward consequentially better behavior, because it must be based on invalid motives?)
Or is your point that Apple is uniquely hypocritical? If so, on what evidence about Apple in particular?
>Any good act by a corporation can be explained away as a business strategy. Just as any good act by an individual can be explained away as a means to garner status, or because the individual derives personal satisfaction from either the act or the effects of good behavior.
Sure, I would agree that if the outcome is good, then the intention is not relevant. Apple might have a positive effect in China despite compromising on privacy.
>Are you arguing that one must always impute manipulative motives to a corporation? (And should therefore not reward consequentially better behavior, because it must be based on invalid motives?)
I'm saying recognize the hypocrisy instead of constructing weird arguments to justify it.
>Or is your point that Apple is uniquely hypocritical? (And if so, on what evidence?
Certainly not. I said its a common business tactic.
> I'm saying recognize the hypocrisy instead of constructing weird arguments to justify it.
People with different priors on whether Apple's managers (or managers in general, or managers of large corporations in general) are likely to be hypocrites, will probably have opposite judgements about which explanation is a “weird argument”. So I don't think framing it in these terms will resolve any disagreement, unless there's some non-circular criterion (maybe you have one and I haven't seen it or am not understanding it) for judging an argument “weird”.
I use the same criterion that people use when they use it in their day-to-day conversations. Lets not get into the definition of words. In any case its not my goal to resolve disagreement or to convince someone of something. I don't view conversations in such narrow ways. I'm only interested in having interesting conversations with reasonable folks.
And what, US law just magically happens to be properly balanced, unlike the legal systems elsewhere?
Following your logic, every single company in the US is either ethically aligned with US law or horrible, awful hypocrites. Apparently there are no other possibilities.
It's not a location dependent core belief. The Chinese laws make it this way. Apple is not a sovereign government with the right to do as they please. They operate in the rules and under the same threat of force everyone else does in every nation they operate.
That we live in an area of the world where you can choose to make the decisions they do without serious repercussions should make you pause and think about how important the checks we have are, because in China there aren't many ways to get around the problem above besides ignoring the largest developing market in the world.
Apple's #1 principle is to make the best product in the market. That's what they've done: the alternatives to iPhones in China are much worse in terms of privacy. Apple would not be helping anyone by going to the mat on this.
What a bunch of crap. When I visited China, my iPhone was the thing that worked. I was able to use e.g. Apple Maps, iMessage without having to install spyware like WeChat.
If I were Chinese, I would get an iPhone and disable iCloud Backup. Yes it sucks that I'd have to do that, but it's way better than having spyware built into the firmware like domestic OEMs do (Huawei, etc.). It's good for privacy that Apple remains an option in China.
Providing your users with the maximum freedom, privacy and security possible under the law is a reasonable and ethical position to take, especially if you believe your products provide the best security and privacy on the market and withdrawing them would leave your customers with only worse options available.
If you honestly believed that to be true, how could you justify withdrawing from that market on ethical grounds?
Umm. No. I don’t wear the same clothes in a desert and a forest. To do so would be foolish. Imposing yourself on others when you have no power to do is not wise. I can keep my house clean but can’t expect everyone in my neighborhood to do so.
Hmm. Let's consider the forces involved here:
1. Apple makes their hardware in China.
2. Apple sells their hardware in China.
3. If Apple doesn't comply with China, 1 could be affected, not just 2.
4. Apple cannot move their hardware manufacturing to US (now), without losing their competitive edge, because everybody makes their hardware in China.
Do you think if Apple could be privacy oriented in China, it wouldn't? It simply doesn't have the power to do it in China. Don't equate it to Google, FB and numerous others who despite having a chance to be privacy oriented in US, won't.
This is like Cantor's infinities. Sure they are all infinities. But they aren't the same.
To unpack your #1 statement. Lets say that Apple makes their hardware and then ships it out of China. China makes money, gets some jobs out of it, some tech knowhow etc. China has no reason to stop that.
Now, apple's desire to sell devices in china that comply with chinese laws (which potentially compromise user privacy) is a separate issue altogether. Business wise, I don't think they can afford to avoid china altogether. So maybe they can simply say that "they're doing the best they can" and take the PR hit.
Apple could choose to honor principles and not sell in China. But market share is more important.
This is a similar argument we had a couple decades ago about companies doing business in South Africa, which at the time had official racial segregation policies (Apartheid). There was a popular push for divestment and it was fairly successful.
> Apple could choose to honor principles and not sell in China. But market share is more important.
They're a corporation, their sole ethic is "to make money," full stop, that is the only reason Apple exists. To ignore China as a market would cost them millions if not billions of dollars.
Tons of businesses with very ethical practices operate in and with China. China's current anti-privacy stances are unfortunate, but if we refuse to do business with them, all we're doing is giving a leg-up to Chinese corporations who don't even pretend to care about user privacy in the form of an insulated market.
I'm glad you are starting to acknowledge that Apple will sell its users for money. It is just for now it seems to have other venues to get that money. Except in China where it needs to sell its users to the government in order to be able to extract money from that market right now.
Like every business operating in China, Apple has to comply with local laws. And that's what they do. Everyone else who operates in China complies with them as well. Apple also complies with US laws and laws of EU.
With China, there's literally no option aside from having their products being barred from being sold or manufactured there.
The fact they're standing up for user rights when given a legal possibility is a good sign, compared to most major companies which are harvesting anything and everything even going beyond the scope of what's legally permissible.
Apple is just like any other western company - their shareholders and chiefs don't really give a fuck about privacy. They only care about their bottom line.
If China demanded that someone from your company sacrifice a new-born baby in order to do business there, I'm positive that we'd still have many, many western companies doing business in China.
I can’t be the only person tired of this canard, right? It’s said over and over that the benefit of Apple is an alignment of incentives in Western markets. That is to say, Apple is not faux-idealistic, they are capitalistic, and in most places that aligns with user goals. China is the exception, but for the same reasons.
Serious in the sense that they seriously wanted it? July 2010 was when they rolled out their silent tracking of all ios 4 users in an unencrypted database on the device for up to 10 months. In a happy coincidence, a bug ensured that the (presumably untested) feature of turning of location serviced didn't actually prevent the tracking.
And of course they never asked users for consent about this, except by putting something in the end of their 15000 word EULA.
If Apple intended to collect locations, I would expect them to have recorded GPS (when otherwise enabled), and WiFi RSSI, instead of just cell tower RSSI.
I can imagine theories that include this omission as part of deniability for a cover-up, or from a combination of incompetence and malevolence, but such theories seem overly complicated compared to the assumption of a simple log leak like Twitter's recent password logging bug.
Whether these theories are too complicated depends on your priors about the evil intent of Apple's management and employees. If you already assume they're hypocrites about privacy, the location logging confirms it. I doubt it's convincing otherwise. (It's not convincing to me, unless there's a simpler story that ties it into ill intent, and that I'm just not coming up with.)
This was the dumbest privacy scandal ever. The database was on your phone. It wasn't sent anywhere. What good does that do Apple? What do they have to gain? It's obvious it was just a bug.
You can specify you want different precision in location. If you just want rough location, you'll get notified if you change location based on WiFi or cell tower switch. This uses next to no extra battery power and is sufficient for many background applications.
If you want exact location, then you'll be running the GPS, which indeed uses more battery. But even so, it's not that bad. I record detailed GPS for my runs quite often with a fitness app, and it only uses 5-7% battery an hour. (Key is to make sure it's not also hitting a data connection to download maps, and that the screen is off.)
Do you know if they need a solid business case even if it is optional? For example, any idea if an optional "locate your device" feature would get shot down?
Yes. I had a location tracking feature that would total your mileage automatically and submit it after your ride to your bookkeeper (this is mandatory for lease cars in some countries). I really had to explain that the app also might be backgrounded because people probably would be using Apple Maps to navigate while this thing was clocking away in the background
No idea if this is Apple's policy, but I would expect apps to follow UNIX philosophy. "Locate your device" should really be a separate app rather than a fringe feature of a fart app.
> Either somebody sells it and gives me a "free" OS or somebody sells me an OS and I don't "sell" my privacy
Linux desktops show a viable 3rd option, they are free, libre and protect your privacy (usually). The also provide the halfway point I want between the iOS model and the android model the provide a set of core well vetted apps from the store and allow me to install whatever else I want.
Librem or whoever makes a mobile equivalent the linux desktop can't come soon enough.
well in addition to privacy concerns, location tracking is a huge drain on the battery. And a good battery life is one of their selling points so I wouldn’t be surprised if during part of the review process some reviewers might hold the opinion that there better be a good reason why your app is using so much juice in the background.
This is another article that talks about how they actually do what the parent comment talks about.
> When someone checks in to a place on Swarm, Foursquare's newer app, the company records the user's coordinates, helping it determine all the different coordinates associated with a single business or other place.
> Foursquare says it can't disclose who its partners are, or how many different smartphone users' data it has acquired. But Rosenblatt says the company could, for example, create a list of "millions" of smartphone owners who frequently visit fast food restaurants by taking a pool of location data collected by its partners and comparing that to its database of fast food restaurant coordinates.
> Advertisers could then use that data to show those users ads for fast food chains, or perhaps healthier alternatives or gym memberships—all without those people ever having to install a Foursquare app.
Isn't that called geofencing? It's been around for years. I always felt that the main reason e.g. Facebook wants you to use their app is to be able to supply data for conversions of geofencing ad campaigns, e.g. someone saw an ad for a promotion at some burger place and then actually came to close proximity of their wlan.
I wish third-party analytics would be next. A lot of apps are using analytics from companies who’s business model is inherently incompatible with privacy (Facebook & Google) and that concerns me.
The speculation is this is GDPR motivates, hopefully it will cause a crackdown on that stuff too.
The fact Apple added a framework to help with analytics (IIRC) may be the first step towards REQUIRING people to only use that framework instead of 3rd party stuff so they can be sure it’s compliant with laws/Apple’s policies as well.
GDPR doesn't regulate anonymous data. Unless you put PII in your analytics (not the default, and you really shouldn't) you won't have a problem.
As a matter of fact, I'm pretty sure part of Google Analytics response to GDPR is "Don't put PII in there if you want to be GDPR compliant" (they are providing tools for compliance though).
The problem is anonymous data is an ambiguous term, as enough randomness in the “anonymous” data can still uniquely identify that individual.
Let’s take YouTube for example - I never had an account with them, yet they recommend me videos based on what I watched previously - fair enough. The creepy part is, on a totally different machine, from a different IP and country, watching just a few very specific videos (not popular at all, each maybe 2k views) suddenly brings all those suggestions over.
You could argue videos watched is anonymous data, but clearly a certain, unique “series” of videos is apparently enough to identify me.
There’s also no doubt Google associates that with all the other “anonymous” data they have on me (search, maps & which browsers/IPs I used) and has an extremely detailed profile of me; sure, they don’t have my name nor exact address (yet), but they can definitely tell me apart from everyone else just based on a few searches and that’s quite creepy IMO.
You’re jumping to unwarranted conclusions. A more reasonable explanation is simply that the unpopular videos you watched triggered recommendations similar to them, and based only on them - and that being what you typically watch no your other computer, the result was familiar to you.
I’ve thought about it but no, some of the recommended videos have zero link to the other ones, the only link is my “shadow profile” or whatever Google calls it. Tell me how a video about wasp pest control (had a wasp nest issue about a year ago, that was a fun experience) has anything to do with what I usually watch which is electronics (mainly EEVBlog), car repair, etc?
The “other computer” doesn’t actually exist, it was a test in an AWS VM that was only used once to prove/disprove my theory, so no way for them to have associated that computer or IP to me in advance.
If third-party analytics is nixed, the same companies will just switch to a consulting model that lets them set up analytics for app authors in-house, making it first-party.
Location seems like an awful lot: think about what analysis would show about the places you visit and who is there at the same time. Sure, going to the supermarket probably isn’t that interesting but what about a political rally, gay bar, family planning clinic, law firm which specializes in divorce or labor lawsuits, etc.?
They need to be much more aggressive towards apps that request access to the SSID of the current network. This is supposed to be limited, but in my experience, apps you would not expect to be doing that are doing it, and it's basically the same thing as location data.
Around iOS 9, Apple deprecated some of the Captive Portal APIs, then re-instated them, a lot of changes that went back and forth, but my conclusion is that today, years later, way too many apps seem to read my SSID. Doesn't really matter how they do it, but I wish there was a prompt for it and no way for an app to directly fetch it.
From the documentation, it's not clear to me if apps have permission to see either other nearby SSIDs or the names of other networks that the device has previously connected to.
If the app has access to either one of those, it's equivalent to being given location data.
Furthermore, last I checked, both iOS and Android broadcast the list of previously-connected SSIDs to nearby routers when connecting. That enables companies which track people's physical location over time without them having to download an app (yes, these companies exist[0]).
As the sibling commenter said, you typically can access connected BSSID's which are essentially unique.
However, to answer your question, on iOS there is no API for accessing nearby not-connected wifi, and on Android it exists but I believe it requires location permission.
> Whoa.. why do random routers need my SSID location history? Is that list removable by “forgetting” all the previous networks?
It's how the standard currently works and what enables fast reconnection. IIRC, the device sends out all available SSIDs, at the router responds with the one(s) it's able to use to connect.
I agree that this is backwards, and I'd rather have slightly slower WiFi reconnection in exchange for better privacy. I don't know what the OS-level behavior is if you delete all previous networks. I assume it works, but I haven't tested it.
Oh, and for what it's worth, this isn't just for mobile devices. Your laptop probably does it too. In fact, OS X has an annoying habit of connecting to WiFi networks in the background even when the laptop is closed and asleep, which means it's doing this broadcasting behavior as long as the WiFi setting is turned on.
The BSSID can be read too, so I don't think it's worth trying to figure out ways to add some obscurity to the SSID (no matter what downsides would come with that).
Would be nice if there was a more granular option for access to photos which allowed "image only" with no metadata... I assume most people don't realize when they grant photo library access to a cheap filter app that the app can grab the datetime and GPS location for all photos as well, which is a lot of data if they have a phone full with a ton of photos.
Hey, are there any other developers experiencing this besides the one in the article?
We noticed a few weeks ago that Apple has changed their static analysis tool and has been more aggressive with rejections. Has anyone else actually seen their app retroactively pulled from the App Store?
I haven't had the exact issue discussed in the article, but I have noticed that they have been really aggressive with rejections lately. Just this last week an app I'm trying to get into the store has been rejected 4 times, with the same exact automated message. I respond with an assertion of my apps compliance, but get the same automated response. These are the first rejections I've received in 7 years of submitting apps.
Do you have an idea what rules you could be violating? Even with a good history, there's no guarantee an update is still good so they have to stay vigilant. Chrome store is a good example of this where popular extensions are sometimes bought and an update is pushed out with malware or spyware.
Telecom companies are also another risk, and much larger one in that, because there is no opt out of location sharing with them. Same with analytics on your telco network traffic.
I'm curious as to how this behaviour is actually detected. I mean are they checking for outgoing network requests that contain something that looks like co-ordinates because presumably that would be trivial to obfuscate.
Or is this really just a case of rejecting apps that are asking for location even though the app has no real use for it?
Apps are required to have an entry in the Info plist for location (both “while in use” and “always”). This is enforced by the kernel. So they are most likely looking there.
None of those articles made pole position. Only articles with ‘Hackers’ in the subject line, that’s plural, make pole position when amplifying that people’s personal data is under attack.
It costs a few $$, but sets up a VPN profile that is generally always on. It just blocks all of the ads / "web bugs" / analytics stuff and gives you a UI to show how much. Apple cracking down is a good thing, but so is defense in depth. It estimates that it has blocked 8Mb of crap being downloaded on my phone just today.
While the concept is good, I'd be extremely concerned of using any third party VPN service, free or paid. You are basically trusting your entire internet usage to a single entity, and I think this is way too risky.
One alternative is setting up a raspberry-pi at home running pi-hole and OpenVPN. While it is still not risk-free, it is still better than one centralized entity taking everyone's traffic. On the other hand, setting that up is still not absolutely straightforward, but it is getting better.
It is not actually a vpn. It is a glorified /etc/hosts 127.0.0.1 null route app. It doesn't send any traffic over any real VPN, so your worry isn't a thing.
This is better than what I expected. However, unless the code is public and the user can audit that the app store version is the same as the one in the public source, there's no way to be sure the entity is not capturing user data through some shady way.
And let me be the first to recognize the app store model makes auditing the app extremely difficult.
Again, it uses a VPN to route all traffic on the phone through the app, which sends no traffic anywhere outside of your phone (confirmed via my home firewall showing no traffic going out). It uses a VPN to simply route traffic through the app to null route bad destinations. Make sense?
Disconnect was co-founded by an ex-Google DoubleClick (ad) engineer, and hired an ex-NSA (dragnet surveillance) engineer. There are tracker-blocking adblockers for every platform that aren't made by people with anti-privacy backgrounds.
And SELinux was designed by the NSA due to the 10 years or so of the Flask Security Architecture and made it into Linux. Under your tinfoil hat, does this mean that Linux is totally compromised?
I didn’t mean to imply that Disconnect is compromised. But I think the background of the team would prompt a fully open source product on every platform in order to establish trust. Until that happens, why not use a blocker whose team does not have an anti-privacy background? (The Disconnect website has said “Code available soon” for the apps since at least March 2015 [1])
All three implement MAC (mandatory access control) similar to SELinux, but the context bits in SELinux are pretty much standalone for information assurance (DoD Rainbow book series has more info). Note my username comes from my SELinux experience :)
As a consumer I'm happy they take those steps though. My privacy is worth money. Either somebody sells it and gives me a "free" OS or somebody sells me an OS and I don't "sell" my privacy.