Apple’s ad network gets ‘preferential access to users’ data’ vs Facebook, Google

Apple exempts all their iOS software from their own privacy scaremongering. iOS never pops up a scary dialog warning you that Camera has accessed your location twice in the last week, even though Camera accesses your location every time you start it. There is a completely separate iOS privacy regime for Apple's own apps.

I had a very brief stint working on mobile ads in 2011, so I have some vague familiarity with the sausage factory and its implications for user privacy on mobile devices, and this is par for the course for Apple. A big part of their marketing strategy is duping people into thinking they're pro-user, when they're one of the most aggressively anti-user companies I can think of. What's really impressive is how successful the reality distortion field has been in nominally technical fora (HN included, though it's gotten much better in the last few years).

This has been Apple’s iPhone playbook for a decade. Force other companies to use their frameworks, so they can make money out of it.

Privacy is just an amazing excuse to take it even further. And in Apple’s case privacy means available and controlled by Apple.

Apple may be certainly far from perfect when it comes to favoring their own software, but to say the company as a whole is aggressively "anti-user" is just hogwash.

Updates they have made to Safari, the App Store, and iOS generally have made millions of people more conscious of how applications they use every day consume and interact with their personal information. They've inspired other companies like Google to follow suit, and are having a huge impact on the targeted advertising industry.

Give credit where it is due.

The idea is that we trust Apple already by using their computers. If Apple was sending that data back to their servers each time then that would ruin their reputation, but there are no such guarantees for third-party applications. Yes, theoretically, Apple reviews third party code, but it is easy enough to slip something small by them.

Scaremongering isn't the right way to describe a real, well-documented ongoing concern. We have a long history of app developers trying to monetize their user's privacy, and that also explains why your comparison is inaccurate: if you buy an iOS device you are already trusting Apple. If you don't trust Camera to do nothing more than geotag your photos, you can't use iOS at all because every mechanism which would protect your privacy is built by the same company.

What the privacy measures are doing is giving the user the ability to review requests for access to your personal data by parties you aren't already trusting by virtue of owning the device.

Well, kind of. Some apps get entitlements to prevent showing TCC popups; some don’t, like Weather. And if you look in Settings, you will find that Camera shows that it was using your location, just like other apps on your system. (FWIW: I believe that dialog is specifically for apps that use your location in the background, so Camera won’t trigger it anyhow.)

Duh? What's up with all the recent assertions that there is any sort of trust equivalency for 3rd parties vs Apple within the iOS ecosystem? Apple is part of the core trust foundation for any iOS user. They are present in the entire freaking stack, from the SoC everything runs on up. As a technical matter, they can do absolutely anything they want. By definition if you run iOS you trust Apple's stuff, from the hardware to software. If you don't, you shouldn't be running iOS. There is absolutely a "completely separate privacy regime" for Apple on Apple platforms, and it's not "Apple's own apps" it's "Apple's own processor and microcode and firmware and other chips and cryptographic keys and operating system ...and apps".

For human facing privacy and security information overload is a genuinely huge issue. What value do you assert exists for a "scary dialog" for Camera, software from Apple? After all, for that to even mean anything you must by definition be trusting iOS, software from Apple. On the other hand it's perfectly reasonable to not have the same level of trust in 3rd parties. 3rd parties do not share the same financial relationship or incentives that Apple has with its customers. Nor the same culture, nor necessarily scrutiny or technical acumen or even controlling legal regime.

You certainly do not need to trust Apple at all in general, you can run Linux, the BSDs, Windows, ChromeOS, Android or (happily!) various improving Linux phones that are extremely open. But if you decide to run Apple specifically, then you must indeed trust them.

Edit: Also, "fearmongering" is a ridiculous bit of bait. I mean, 2020 on HN and you're suggesting random 3rd party apps accessing camera/location/whatever is not the slightest issue? Ok.

Don't you think it's at least a little hypocritical that they don't extend the same privacy configuration options to their apps that they mandate for 3rd party apps? Sure, I generally trust Apple more than a random 3rd party developer, but the fact that Apple doesn't trust me to set my own privacy configuration for the camera makes me trust them less.

> Other advertisers and ad networks on iOS, however, need to ask permission every single time.

Is this something new? I have been using iOS for years until recently, and I don’t remember any ad network ever asking me permission for anything.

…Ah, it says that the prompts are new in iOS 14. I see.

It is a new feature in iOS 14.

Apple could offer a single consent dialog for a bucket of third parties, like they do for all their internal organizations.

To say otherwise is to say that just because Apple has vendor lock-in they deserve trust.

But I don't trust Apple to never make mistakes, so I want to be warned when the collect more data.

>It’s possible that this is a temporary situation. One source in the mobile marketing industry who requested anonymity said that Apple is using an “archaic” attribution engine they built years ago, and they are currently upgrading their code to comply with the new rules. The thinking is that Apple Advertising will eventually be compatible with SKAdNetwork, a framework Apple built for advertisers. SKAdNetwork enables completely privacy-safe advertising attribution, meaning that brands can know which ad campaigns worked, but they won’t have specific, granular data on which people viewed an ad, clicked an ad, or took action.

If they're going to use SKAdNetwork then they're tying their own hands as well.

The framework for this is called “Transparency, Consent, and Control”, and providing these options for system apps would check the box for all three of these things. Of course, you have to trust Apple to do it right, but like you said you already did that when you bought the phone. This, this isn’t about trust, but the reasons I just mentioned.

We are not using "their computers". We are using our own computers. Apple made them.

I realize Apple likely doesn't feel the same way. I also think this is kind of an "of course Apple does that." A great many people pay money for this particular experience.

Check into their ads data policy sometime - it's much, much, worse than the incumbents. but it's buried on the 3rd page of a PDF so they just got praise for releasing the PDF when it came out, only a few noticed

You have the same options to disable location data for the built-in Camera app that you have with any other app.

Yes, but iOS does not proactively beg you to disable location access for Apple Maps, the way it does for Google Maps even if you've been using Google Maps daily since 2007.

Again, how large is the population of people who don't trust Apple's apps not to exfiltrate their data but do trust Apple's OS to enforce restrictions on the apps built-in to the OS?

If, for example, you don't trust Camera with your location data you also need to be concerned about having cellular networking enabled and making sure that Apple's WiFi interface, crash report, software updates, Music/Books/TV, etc. don't share that same data or things like IP addresses which are often effectively the same.

Remember, this is only about code which ships in the OS. If you look at the apps which Apple ships through the app store, they do follow the same controls: my “Apple Store” app only allows location access while I'm using it, I can disable background app refresh, etc.

It makes sense if you consider why the feature was added in the first place: to catch malicious behavior by apps. eg. apps that tracks your location even after you've closed it, or surreptitiously record you. It doesn't really make sense to do so for first-party apps because apple controls the operating system, so from a security perspective it doesn't add any meaningful security. If apple wanted to be malicious they could disable those alerts from ios, or do their spying from ios itself so it bypasses the app sandbox entirely.

It's baffling to me that Apple doesn't get get more attention from regulators. They're very blatant in behavior which is explicitly illegal in current antitrust law. They 1) formed a cartel with book publishers to increase ebook prices, 2) formed a cartel with multiple other tech companies to suppress software engineer wages, and now they're 3) using a dominant position in one market to enter into another.

The other tech companies do things which one could argue should be illegal... Apple does things which already are illegal.

This piece is complete bullshit.

IOS14 is unreleased, and features continue to change.

We have no idea whether Apple’s ad network will require permissions or not by the time the software is released.

Usually these permissions are requested during set up, but the set up flow is not usually finalized until shortly before the release.

You do get asked if you will allow Apple’s apps to have access to Location data and other personal data. There is no reason to suppose the set up flow won’t ask you about this preference too.

The idea that 3rd parties have to ask ‘every single time’ is misleading. They mean on every single installation.

Yes, if they release software with this preferential treatment, by all means call it out.

But this piece is just dishonest innuendo.

And Apple is 100% sure of exactly what happens with that location data.

I'd be happy to get some limited exceptions to this, like "3rd party camera apps can get pre-granted location access, but only if the developer agrees that the location data will be used for nothing but EXIF tags, and if it is ever found to have left the device the developer gets delisted from the app store."

Apple's in control of the operating system. If you don't trust them, why would you think that disabling access to the camera app would do any good?

What are you talking about?

They were subjected to regulatory action over both of your first two concerns and forced to desist from the behavior.

As to #3, this applies just as much to Amazon, Google and Facebook and frankly Microsoft too...

...and it turns out that all except Microsoft in fact are under regulatory scrutiny and antitrust action.

There's a neutral way to do this. They could pop up a surprise dialog that says something like:

  These apps used your location.
  * "Popular near me"
  * Maps
  * Google Maps
  * Chrome

If I saw that dialog, I'd probably be tempted to disable the Popular Near Me feature, which I've never heard of and therefore I assume provides me no value and, at a minimum, might be cutting into my battery life. But Apple doesn't present me with that dialog because they don't want to impair their own advertising business.

Actually it does, and always has.

When you set up iOS there is a full screen permission request to allow location data for Apple’s apps.

System apps are right there with every single 3rd party app in terms of control though. They have an explanation just like Apple requires in general, and you can turn off location or whatever else usage. If I go to Settings > Privacy > Location Services, "Camera" is right there with the standard indicator for that it has been used, a "While Using the App" set, and "App explanation: 'Photos and videos will be tagged with the location where they are taken.'" The options for Never and Always are there.

The only complaint here seems to be that the bootstrapping for granting permission is part of the initial device setup screen and location services, but that seems perfectly reasonable in line with user expectations for default system services on fresh system. I strongly disagree that "fairness" somehow is a valid complaint here in the way GP suggested. On the contrary, insisting Apple is equivalent to 3rd parties is itself "unfair" as well as wrong.

I wish anyone, anyone else would make competing operating systems & accompanying software suites that performed as well and required as little unproductive horseshit to keep working properly, and in fact worked as hard to make my life easier through useful integrations (little things, like auto-fill auth code from a text message—god, so nice).

I don't like them but any time I use something else I feel like I've made a big mistake, saving a little money at the cost of a ton of time. I didn't realize how much time I burned screwing with bad operating systems until I became a Mac, and later iOS, user. Please, someone compete with them. Anyone. Please. I don't want to be stuck with only one option for non-shit computing.

[EDIT] example: my dad gets a Chromebook. Great, these things are mostly aimed at non-tech folks, kids, and old people. And it's a relatively "small" OS in terms of what it does. Surely when I go to set it up for him I'll find it has accessibility features a least close to the quality of Mac and iOS. LOL nope, they suck. Seriously, I'm begging anyone out there who wants to try to compete with Apple, do it. Please. No-one is.

>To say otherwise is to say that just because Apple has vendor lock-in they deserve trust.

Incorrect, the whole point is that Apple doesn't have vendor lock-in. As I said there are great non-Apple options for every aspect of our lives (vastly better in many cases). If you choose to buy into Apple's platform however, then it's not a matter of "deserve", you DO trust them by definition. You have made a conscious choice to buy from a massively vertically integrated corporation that exerts significant hardware backed cryptographic control over the software ecosystem. That's not a bug, that's a feature for a lot of people, but it's one that depends entirely on (a specific, limited context sort of) trust in Apple.

This is evidence of the reality distortion field.

It's like when they made the argument why Netflix/Spotify should pay them 30% of the proceeds of all sales because it's good for consumers and people actually bought it.

My complaint is not about the initial permission, it's about the thing that regularly appears in iOS to suggest that you might have changed your mind and would you like to disable location access for some app. This never pops up for Apple's apps.

There's also another way they exempt themselves, by allowing you to disable microphone for third-party apps but not offering to disable microphone access for Voice Memos, Camera, etc. On Android I can disable the microphone for any first-party app, even the Phone app which obviously needs it.

The prompt you’re thinking of only shows if the app uses location in the background. An app that has While Using the App authorization can’t get the background usage prompt. It’s not that Camera is exempted, it’s that Camera isn’t relevant.

All very true. But also 'rules for thee but not for me' really rubs people the wrong way. Eating their own dogfood would let them better understand their customers and vendors.

If you set Google Maps to While Using the App you will stop seeing the prompts you’re thinking of. Those “downgrade” prompts only apply to apps with Always. Apple Maps doesn’t support Always and so it cannot get a downgrade prompt.

This is only because Apple draws a boundary around their stuff that says "Maps" only uses location when it's running, but "Significant Locations" and "Routing & Traffic" and "Improve Maps" are system services.

Apple has put its servers in china for chinese users so that the chinese government can access the data. Now the data it collects legally they have to give to chinese government if asked. I am not saying they are giving data to chinese government that rather that they are collecting data which can get into the hands of government so they should let the user control what data they are comfortable with sharing.

Of course they do, why wouldn't they?

You bought Apple hardware; it can be safely assumed you trust Apple the company, right? (insert knowing head-tilt here ;) )

> Essentially, Apple is forcing advertisers to use a per-app permission pop-up with scary language, telling users the app wants permission to track them across other apps and websites.

> But notice the significantly scarier language: “’Pal About’ would like permission to track you across apps and websites owned by other companies.”

> This is language that is likely designed to minimize opt-in.

Love how honest language is framed as "scary" language. This is an admission that what they do is fundamentally creepy and if they were honest with their users, much fewer would be ok with it.

I wish advertisers were forced to ask permission using similar language on all platforms.

This is the absolutist security perspective, where one assumes an "evil demon" threat model (i.e. every exploit will be exploited to the maximum). It's a useful theoretical model for hardening systems against known and unknown intrusion, but it doesn't realistically model the expected outcome in a world with laws and social constraints.

In practice, it's quite reasonable for a consumer to assume that the company providing them services isn't actively out to get them. In fact, we encode that assumption in law in a couple key places (to wit: if Apple is turning the camera on randomly against explicit user desire, they could be sued for invasion of privacy in the same vein as https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School...)

You know, given this forum’s recent experience with misinformation about Apple, I shouldn’t be surprised to read a completely false comment (and another accusing Apple of illegal behavior downthread, also known as actionable libel). And yet here I am, surprised.

Your interpretation of events is a fundamental misunderstanding of how the permissions framework functions on iOS. That you then pivoted that misunderstanding into malevolent intentions from Apple speaks to your biases. Of course, given that you’re a member of this forum, I’d expect you’d find this behavior abhorrent when it comes to things like vaccination or COVID, so I’d only challenge you to think about whether you have all the facts, just as you would with any other contentious topic. The only difference here is that you don’t realize it’s contentious for you.

iOS programs shipped by Apple do not interact with the operating system in a different way with respect to privacy. Full stop. Your entire thesis, conclusion, and argument are not even remotely defensible in their falseness. There are no exemptions carved out in the operating system. First party apps with very few, SVP-documented exceptions (and usually for technical reasons) are held to the exact same standards that third parties adhere to during app submission.

I know this because at one time in my career it was my job to know. Don’t believe me? Reverse the apps.

With due respect, you're giving the OP a deliberately ungenerous reading to score a point. If I tell you "I like using Dell's servers because [reasons]" you wouldn't say, "They're YOUR servers, Dell just made them" because I said "Dell's servers" rather than "Dell servers".

Exactly. The creepiness is in the stalking done by advertisers, not in the accurate descriptions made about it.

You've left out a critical part, which explains the "minimize opt-in" comment:

> In contrast, Apple’s own advertising service looks to enable personalization by default, giving it a platform-level advantage over competitors.

And the language in Apple's settings is quite different as well, they claim that their "advertising platform is designed to protect your privacy". That doesn't sound invasive, quite the opposite, that sounds like they shield you from harm.

Can you explain, then, why "Routing and Traffic" is a system service with background access to location services, but iOS never suggests that I might want to turn it off?

> Don't you think it's at least a little hypocritical that they don't extend the same privacy configuration options to their apps that they mandate for 3rd party apps?

Yes. I think Apple is playing an unfair game AND I am concerned about user privacy and how people are being tracked around the web. I'm not sure why other users are acting like both can't be true.

Because more apps than Apple Maps consume that information. Your “never ask to turn it off” returns to the complete misunderstanding of how permissions work. You are not prompted because you already granted it access during provisioning, and it’s not asking for background data.

Your allegation that Google Maps is targeted with engineering and architectural decisions is not supported by public evidence and wholly refuted by internal evidence.

I helped build Apple Maps. Please consider yourself uninformed and ask more questions rather than draw conclusions that affirm your biases, particularly if you then come here to spread them.

Google Maps also provides cooked geographic data to other Google applications (such as "Google" FKA "Google Now") but this fact does not exempt it from iOS scaremongering.

No, I don’t, because they do. The entire thesis of the upstream argument is false. You’re arguing a falsehood. There are no special libraries to defeat privacy available to first party apps. They use the same exact methods externals do. The first party app documentation is literally the public site with very few exceptions.

Again, what do you believe that a checkbox on the camera app would accomplish? If you’re concerned about protecting Chinese users against their government, think long and hard about whether this would provide anything more than a false sense of security. I even gave you a partial list of other ways the same data can leak.

I think you're being a little obtuse. How do you address the fact that I can disable microphone for any 3rd-party voice memo application but I cannot disable it for Apple's "Voice Memos". This is a clear double-standard regardless of how fondly you feel about your own contributions to Apple Maps.

So that’s a no on listening rather than continuing down the falsehood path, then? Roger that.

'Love how honest language is framed as "scary" language'

Isn't the problem here that Apple isn't using honest language for their own advertising?

So far you haven't given us anything but vitriol to consider.

Apple allows you to turn off location services for system apps as well. So even if you don’t trust Apple, you have legal recourse if those terms are violated.

That's definitely the big issue, but the majority of the article focuses on this "scary" language, and the hoops others must jump through, as if to say that these warnings are a bad thing.

That's odd, because my operating system, available software repositories, and desktop environment are all pretty great.

I imagine Apple is making the assumption that the only reason to run Voice Memos is to use the microphone, but that’s clearly not the case. I agree with the sibling comment, file a bug.

There isn't a box inside of Apple HQ marked 'location data, do not eat', so Apple isn't actually 100% sure where the location data is. There are numerous safeguards, both in their device and the online platform to try and make sure it never leaks, but no one other than their marketing team would say 100%.

The trouble is with the language though, especially when thinking about who is permitted to do what with the device.

I wasn't trying to score cheap points, I was attempting to demonstrate two concepts that had been collapsed into the pronoun "their" really must be considered separately when thinking about authorization.

I apologize if the message was muddled in "gotcha" language. I aim to do better than that.

I'd need a valid example of Apple not asking for permissions. What usually happens is that Apple built-in apps are able to ask for permissions and consent _differently_ than third party apps, such as greater control over the messaging.

For the most part, apps _do_ ask for permissions, for instance Maps and Safari do ask for access to your location. However, Safari has quite a few UX customizations outside what is generally available so that it asks for permissions on behalf of a website, rather than on behalf of itself.

When possible, Apple will try to create a higher level system so that third parties get access to a better UX (say, a pop-over browser or map control or photo picker) but they are usually slower at doing so.

When possible, Apple will try to create a higher level system to allow third parties to have a better UX here. For example, there is an anonymous advertising API which Apple uses and which they are exposing to apps in iOS 14. This does not result in the 'tracking' privacy prompt.

The largest exception last year was likely Find My, in the face of the crackdown on background location tracking. Since the activation lock/location tracking is part of the system, the UX was drastically different than say Tile's app. Apple launched a third party program for Find My this year as they start to try and make up the differences. They still have a way to go there.

Mine are too, if I devote a lot of time to futzing with them and tolerate a lot of nice-to-have features being absent or a pain to get working. Stripped-down Linux in something like dwm or i3 is really nice but you have to baby it to get it to a good place—that is, building up from a minimal distro is much easier to get to a pleasantly-working and predictable system than stripping down a big one—and then hope you don't need it to do something you didn't anticipate on short notice. KDE is OK as long as you don't do much with it (luckily, "not doing much with it" describes web dev pretty well, so far as what I need that's not server-features which are indeed more convenient and usable on Linux than macOS).

Desktop's a collection of locally-not-exactly-optimum-but-tolerable-but-actually-bad-if-you-zoom-out tech like systemd, pulseaudio, and Wayland (and xorg, for that matter) all of which could be good but kinda aren't.

Basically Linux is sort-of fine if I can carefully control the environment I use it in and don't care about nice to have features or its rough edges, mostly relating to display and audio stuff. Win10 is surprisingly OKish but is spyware and its built-in or related suite of productivity programs are worse than what macOS offers, for my purposes (I don't need interop with Office).

A lot of what I like about macOS I didn't realize I was missing my first 17ish years of using Windows and 10ish years of using Linux. Now other operating systems may have some very nice things (tiling wms! and... I struggle to think of another thing, actually) but fall down hard on a11y, not-unpleasant settings interfaces, associated software suite quality (god, Preview is good), and a bunch of little things that I didn't realize I was missing before.

Again: for the love of god, someone with capital please compete with macOS. You don't have to clone them, but care about battery life, performance, and holistic UX half as much as they do, and undercut them on price and/or freedom, and I'm there.

For the record my work machine right now is KDE on Debian in a VM on Windows because Linux (well, xorg and Wayland) hates my hardware and crashes ~hourly if I don't put it in a safe widdle VM away from all that mean ol' real hardware. My favorite distros are Gentoo and my new love, Void. I did the Linux-on-a-Thinkpad (gentoo, even!) thing in the early 00s. Windows user since 3.1. I honest-to-god think I was blind to how much time I was losing to my OS before I had to use a Mac for iOS dev. It's... a lot. That stuff feels like work, but man, it's not.

[EDIT] yes I know claiming two high-touch (though Void isn't, actually) distros as my favorites may seem hypocritical and a probable source of my issues but aside from a brief golden age in the first 2-3 years of Ubuntu when they were basically Debian with a nicer installer and less-obtuse defaults (like making any browser other than Firefox the default on a Linux desktop in '08) I've not experienced the heavier, batteries-included distros being less work than the lighter ones, unless you get incredibly lucky and the reports that your hardware works turn out to be actually true and not technically true, and the stars align, and you never plug anything new in. Plus they usually perform really poorly.

[EDIT EDIT] oh I thought of a second nice thing other operating systems have: ZFS.

I live in my landlord's apartment. Technically, they have a key to enter. I absolutely have to trust them to ensure they don't come inside if I am not here. However, they still have to ask permission to enter (unless it is some clear and obvious emergency), as we don't consider it to be my landlord's apartment: we consider it to be my apartment; the language is trying to shift the discussion into some weird natural stance that somehow, just because Apple made something and I can't know for sure they aren't lying to me about whether they honor the restrictions I tell them, it somehow means they don't have to ask... that's bullshit :/.

Yeah: I get this prompt over and over again for the Tile application, and it is ridiculously annoying; if/when Apple launches their own Tile competitor, obviously their app will not be subject to the same handicap, and people might very well choose Apple's version simply because they won't get nagged constantly "are you sure you like Tile?!". That's clear anti-competitive behavior, in the same space as "tying" and "bundling": when Apple builds products that can be built using their platform, they need to be forced to not take advantage of the fact that they are the developer of the platform to give themself preferential treatment vs. the products, as if you allow that then you essentially always annoint the platform providers as the winners in any battle they are want to enter... the result of which being that you always end up with an oligopoly of giant companies owning every important market (and if you want to compete you have to take them on as network effect platforms) instead of separate oligopolies (let's face it: economy of scale effects pretty much always cause oligopolies in free markets :/ the only time that doesn't happen is if you hold a market space no one considers important) for every major market built on that platform (and then as a cross-cutting concern of said platforms; like, the market for bluetooth location dongles and voice assistants and browsers shouldn't be exactly the same game as the market for mobile phones and computers).

This is hyperbolic and wrong. On my iPhone XS running iOS 13.6, there is an option inside Settings>Privacy>Location Services to turn off location access for the Camera app. You can turn off Location for other core Apple apps too, including HomeKit, Health, etc.

You make the choice when you buy the app.

When you buy an iPhone, you are buying all of the Apps Apple supplies with it.

You even have a return period to take it back if you don’t like the behavior.

Except that isn't how it works. Both Netflix and Spotify had app versions which support in-app purchase and only the sign-ups in-app resulted in Apple getting a cut.

The problem both of these companies had was that the option to sign up in-app and have Apple manage the subscription was more popular than they hoped.

It is not honest, as an app advertiser you do not use the IDFA to track people outside your app, you just want to know from what advertising campaign it came. Websites do not even have access to it.

Figures that advertisers are scared of brutally honest language. The popular lie "We value your privacy" just sounds so much better! "Our internal tests have found that lying to our users and making it confusing for them to do what they really want via dark patterns increases our revenue!"

Being unfamiliar with how Tile really works, what is it using your location in the background for?

Right by why doesn’t it say, for Apple services, “do you allow your data to be stored in China, in which the government has legal access to”?

That’s the honest truth, but they don’t put it there because it would bother people.

It’s oddly convenient to say it’s true for one case, but for the other case it’s okay because it’s Apple.

One day we will learn that ultimately we cannot trust a corporation - as that is a moving target - but instead trust reasonable operating principles for data security and privacy.

And for what it is worth.. I’d rather override all of my data that Apple collects to be stored on servers in the US. It’s nothing against China... but everything against their government.

It’s worth noting I have similar concerns with the US government too, but it is a small step in a better direction.

That's true, I shouldn't say 100%. But the location data is in my iCloud Photos box, which I think Apple will at least internally take a hard look at anything that wants to access it.

If the iPhone calculator app team said "We're going to turn this into a social calculator and it's going to use your photo library to automatically identify receipts to calculate tips and splits, and we're going to do the image processing on the server and make a database of where we identified your receipts to help with identifying restaurant payment locations," somebody higher up would tell them "No, we need to do receipt recognition all on-device." That makes it a lot easier to avoid accidental data leakage.