Apple’s ad network gets ‘preferential access to users’ data’ vs Facebook, Google

Apple exempts all their iOS software from their own privacy scaremongering. iOS never pops up a scary dialog warning you that Camera has accessed your location twice in the last week, even though Camera accesses your location every time you start it. There is a completely separate iOS privacy regime for Apple's own apps.

The idea is that we trust Apple already by using their computers. If Apple was sending that data back to their servers each time then that would ruin their reputation, but there are no such guarantees for third-party applications. Yes, theoretically, Apple reviews third party code, but it is easy enough to slip something small by them.

Scaremongering isn't the right way to describe a real, well-documented ongoing concern. We have a long history of app developers trying to monetize their user's privacy, and that also explains why your comparison is inaccurate: if you buy an iOS device you are already trusting Apple. If you don't trust Camera to do nothing more than geotag your photos, you can't use iOS at all because every mechanism which would protect your privacy is built by the same company.

What the privacy measures are doing is giving the user the ability to review requests for access to your personal data by parties you aren't already trusting by virtue of owning the device.

Well, kind of. Some apps get entitlements to prevent showing TCC popups; some don’t, like Weather. And if you look in Settings, you will find that Camera shows that it was using your location, just like other apps on your system. (FWIW: I believe that dialog is specifically for apps that use your location in the background, so Camera won’t trigger it anyhow.)

Duh? What's up with all the recent assertions that there is any sort of trust equivalency for 3rd parties vs Apple within the iOS ecosystem? Apple is part of the core trust foundation for any iOS user. They are present in the entire freaking stack, from the SoC everything runs on up. As a technical matter, they can do absolutely anything they want. By definition if you run iOS you trust Apple's stuff, from the hardware to software. If you don't, you shouldn't be running iOS. There is absolutely a "completely separate privacy regime" for Apple on Apple platforms, and it's not "Apple's own apps" it's "Apple's own processor and microcode and firmware and other chips and cryptographic keys and operating system ...and apps".

For human facing privacy and security information overload is a genuinely huge issue. What value do you assert exists for a "scary dialog" for Camera, software from Apple? After all, for that to even mean anything you must by definition be trusting iOS, software from Apple. On the other hand it's perfectly reasonable to not have the same level of trust in 3rd parties. 3rd parties do not share the same financial relationship or incentives that Apple has with its customers. Nor the same culture, nor necessarily scrutiny or technical acumen or even controlling legal regime.

You certainly do not need to trust Apple at all in general, you can run Linux, the BSDs, Windows, ChromeOS, Android or (happily!) various improving Linux phones that are extremely open. But if you decide to run Apple specifically, then you must indeed trust them.

Edit: Also, "fearmongering" is a ridiculous bit of bait. I mean, 2020 on HN and you're suggesting random 3rd party apps accessing camera/location/whatever is not the slightest issue? Ok.

Don't you think it's at least a little hypocritical that they don't extend the same privacy configuration options to their apps that they mandate for 3rd party apps? Sure, I generally trust Apple more than a random 3rd party developer, but the fact that Apple doesn't trust me to set my own privacy configuration for the camera makes me trust them less.

Apple could offer a single consent dialog for a bucket of third parties, like they do for all their internal organizations.

To say otherwise is to say that just because Apple has vendor lock-in they deserve trust.

But I don't trust Apple to never make mistakes, so I want to be warned when the collect more data.

The framework for this is called “Transparency, Consent, and Control”, and providing these options for system apps would check the box for all three of these things. Of course, you have to trust Apple to do it right, but like you said you already did that when you bought the phone. This, this isn’t about trust, but the reasons I just mentioned.

We are not using "their computers". We are using our own computers. Apple made them.

I realize Apple likely doesn't feel the same way. I also think this is kind of an "of course Apple does that." A great many people pay money for this particular experience.

You have the same options to disable location data for the built-in Camera app that you have with any other app.

Yes, but iOS does not proactively beg you to disable location access for Apple Maps, the way it does for Google Maps even if you've been using Google Maps daily since 2007.

Again, how large is the population of people who don't trust Apple's apps not to exfiltrate their data but do trust Apple's OS to enforce restrictions on the apps built-in to the OS?

If, for example, you don't trust Camera with your location data you also need to be concerned about having cellular networking enabled and making sure that Apple's WiFi interface, crash report, software updates, Music/Books/TV, etc. don't share that same data or things like IP addresses which are often effectively the same.

Remember, this is only about code which ships in the OS. If you look at the apps which Apple ships through the app store, they do follow the same controls: my “Apple Store” app only allows location access while I'm using it, I can disable background app refresh, etc.

It makes sense if you consider why the feature was added in the first place: to catch malicious behavior by apps. eg. apps that tracks your location even after you've closed it, or surreptitiously record you. It doesn't really make sense to do so for first-party apps because apple controls the operating system, so from a security perspective it doesn't add any meaningful security. If apple wanted to be malicious they could disable those alerts from ios, or do their spying from ios itself so it bypasses the app sandbox entirely.

And Apple is 100% sure of exactly what happens with that location data.

I'd be happy to get some limited exceptions to this, like "3rd party camera apps can get pre-granted location access, but only if the developer agrees that the location data will be used for nothing but EXIF tags, and if it is ever found to have left the device the developer gets delisted from the app store."

Apple's in control of the operating system. If you don't trust them, why would you think that disabling access to the camera app would do any good?

There's a neutral way to do this. They could pop up a surprise dialog that says something like:

  These apps used your location.
  * "Popular near me"
  * Maps
  * Google Maps
  * Chrome

If I saw that dialog, I'd probably be tempted to disable the Popular Near Me feature, which I've never heard of and therefore I assume provides me no value and, at a minimum, might be cutting into my battery life. But Apple doesn't present me with that dialog because they don't want to impair their own advertising business.

Actually it does, and always has.

When you set up iOS there is a full screen permission request to allow location data for Apple’s apps.

System apps are right there with every single 3rd party app in terms of control though. They have an explanation just like Apple requires in general, and you can turn off location or whatever else usage. If I go to Settings > Privacy > Location Services, "Camera" is right there with the standard indicator for that it has been used, a "While Using the App" set, and "App explanation: 'Photos and videos will be tagged with the location where they are taken.'" The options for Never and Always are there.

The only complaint here seems to be that the bootstrapping for granting permission is part of the initial device setup screen and location services, but that seems perfectly reasonable in line with user expectations for default system services on fresh system. I strongly disagree that "fairness" somehow is a valid complaint here in the way GP suggested. On the contrary, insisting Apple is equivalent to 3rd parties is itself "unfair" as well as wrong.

>To say otherwise is to say that just because Apple has vendor lock-in they deserve trust.

Incorrect, the whole point is that Apple doesn't have vendor lock-in. As I said there are great non-Apple options for every aspect of our lives (vastly better in many cases). If you choose to buy into Apple's platform however, then it's not a matter of "deserve", you DO trust them by definition. You have made a conscious choice to buy from a massively vertically integrated corporation that exerts significant hardware backed cryptographic control over the software ecosystem. That's not a bug, that's a feature for a lot of people, but it's one that depends entirely on (a specific, limited context sort of) trust in Apple.

My complaint is not about the initial permission, it's about the thing that regularly appears in iOS to suggest that you might have changed your mind and would you like to disable location access for some app. This never pops up for Apple's apps.

There's also another way they exempt themselves, by allowing you to disable microphone for third-party apps but not offering to disable microphone access for Voice Memos, Camera, etc. On Android I can disable the microphone for any first-party app, even the Phone app which obviously needs it.

The prompt you’re thinking of only shows if the app uses location in the background. An app that has While Using the App authorization can’t get the background usage prompt. It’s not that Camera is exempted, it’s that Camera isn’t relevant.

All very true. But also 'rules for thee but not for me' really rubs people the wrong way. Eating their own dogfood would let them better understand their customers and vendors.

If you set Google Maps to While Using the App you will stop seeing the prompts you’re thinking of. Those “downgrade” prompts only apply to apps with Always. Apple Maps doesn’t support Always and so it cannot get a downgrade prompt.

This is only because Apple draws a boundary around their stuff that says "Maps" only uses location when it's running, but "Significant Locations" and "Routing & Traffic" and "Improve Maps" are system services.

Apple has put its servers in china for chinese users so that the chinese government can access the data. Now the data it collects legally they have to give to chinese government if asked. I am not saying they are giving data to chinese government that rather that they are collecting data which can get into the hands of government so they should let the user control what data they are comfortable with sharing.

Of course they do, why wouldn't they?

You bought Apple hardware; it can be safely assumed you trust Apple the company, right? (insert knowing head-tilt here ;) )

This is the absolutist security perspective, where one assumes an "evil demon" threat model (i.e. every exploit will be exploited to the maximum). It's a useful theoretical model for hardening systems against known and unknown intrusion, but it doesn't realistically model the expected outcome in a world with laws and social constraints.

In practice, it's quite reasonable for a consumer to assume that the company providing them services isn't actively out to get them. In fact, we encode that assumption in law in a couple key places (to wit: if Apple is turning the camera on randomly against explicit user desire, they could be sued for invasion of privacy in the same vein as https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School...)

You know, given this forum’s recent experience with misinformation about Apple, I shouldn’t be surprised to read a completely false comment (and another accusing Apple of illegal behavior downthread, also known as actionable libel). And yet here I am, surprised.

Your interpretation of events is a fundamental misunderstanding of how the permissions framework functions on iOS. That you then pivoted that misunderstanding into malevolent intentions from Apple speaks to your biases. Of course, given that you’re a member of this forum, I’d expect you’d find this behavior abhorrent when it comes to things like vaccination or COVID, so I’d only challenge you to think about whether you have all the facts, just as you would with any other contentious topic. The only difference here is that you don’t realize it’s contentious for you.

iOS programs shipped by Apple do not interact with the operating system in a different way with respect to privacy. Full stop. Your entire thesis, conclusion, and argument are not even remotely defensible in their falseness. There are no exemptions carved out in the operating system. First party apps with very few, SVP-documented exceptions (and usually for technical reasons) are held to the exact same standards that third parties adhere to during app submission.

I know this because at one time in my career it was my job to know. Don’t believe me? Reverse the apps.

With due respect, you're giving the OP a deliberately ungenerous reading to score a point. If I tell you "I like using Dell's servers because [reasons]" you wouldn't say, "They're YOUR servers, Dell just made them" because I said "Dell's servers" rather than "Dell servers".

Can you explain, then, why "Routing and Traffic" is a system service with background access to location services, but iOS never suggests that I might want to turn it off?

> Don't you think it's at least a little hypocritical that they don't extend the same privacy configuration options to their apps that they mandate for 3rd party apps?

Yes. I think Apple is playing an unfair game AND I am concerned about user privacy and how people are being tracked around the web. I'm not sure why other users are acting like both can't be true.

Because more apps than Apple Maps consume that information. Your “never ask to turn it off” returns to the complete misunderstanding of how permissions work. You are not prompted because you already granted it access during provisioning, and it’s not asking for background data.

Your allegation that Google Maps is targeted with engineering and architectural decisions is not supported by public evidence and wholly refuted by internal evidence.

I helped build Apple Maps. Please consider yourself uninformed and ask more questions rather than draw conclusions that affirm your biases, particularly if you then come here to spread them.

Google Maps also provides cooked geographic data to other Google applications (such as "Google" FKA "Google Now") but this fact does not exempt it from iOS scaremongering.

No, I don’t, because they do. The entire thesis of the upstream argument is false. You’re arguing a falsehood. There are no special libraries to defeat privacy available to first party apps. They use the same exact methods externals do. The first party app documentation is literally the public site with very few exceptions.

Again, what do you believe that a checkbox on the camera app would accomplish? If you’re concerned about protecting Chinese users against their government, think long and hard about whether this would provide anything more than a false sense of security. I even gave you a partial list of other ways the same data can leak.

I think you're being a little obtuse. How do you address the fact that I can disable microphone for any 3rd-party voice memo application but I cannot disable it for Apple's "Voice Memos". This is a clear double-standard regardless of how fondly you feel about your own contributions to Apple Maps.

So that’s a no on listening rather than continuing down the falsehood path, then? Roger that.

So far you haven't given us anything but vitriol to consider.

Apple allows you to turn off location services for system apps as well. So even if you don’t trust Apple, you have legal recourse if those terms are violated.

I imagine Apple is making the assumption that the only reason to run Voice Memos is to use the microphone, but that’s clearly not the case. I agree with the sibling comment, file a bug.

There isn't a box inside of Apple HQ marked 'location data, do not eat', so Apple isn't actually 100% sure where the location data is. There are numerous safeguards, both in their device and the online platform to try and make sure it never leaks, but no one other than their marketing team would say 100%.

The trouble is with the language though, especially when thinking about who is permitted to do what with the device.

I wasn't trying to score cheap points, I was attempting to demonstrate two concepts that had been collapsed into the pronoun "their" really must be considered separately when thinking about authorization.

I apologize if the message was muddled in "gotcha" language. I aim to do better than that.

I'd need a valid example of Apple not asking for permissions. What usually happens is that Apple built-in apps are able to ask for permissions and consent _differently_ than third party apps, such as greater control over the messaging.

For the most part, apps _do_ ask for permissions, for instance Maps and Safari do ask for access to your location. However, Safari has quite a few UX customizations outside what is generally available so that it asks for permissions on behalf of a website, rather than on behalf of itself.

When possible, Apple will try to create a higher level system so that third parties get access to a better UX (say, a pop-over browser or map control or photo picker) but they are usually slower at doing so.

When possible, Apple will try to create a higher level system to allow third parties to have a better UX here. For example, there is an anonymous advertising API which Apple uses and which they are exposing to apps in iOS 14. This does not result in the 'tracking' privacy prompt.

The largest exception last year was likely Find My, in the face of the crackdown on background location tracking. Since the activation lock/location tracking is part of the system, the UX was drastically different than say Tile's app. Apple launched a third party program for Find My this year as they start to try and make up the differences. They still have a way to go there.

I live in my landlord's apartment. Technically, they have a key to enter. I absolutely have to trust them to ensure they don't come inside if I am not here. However, they still have to ask permission to enter (unless it is some clear and obvious emergency), as we don't consider it to be my landlord's apartment: we consider it to be my apartment; the language is trying to shift the discussion into some weird natural stance that somehow, just because Apple made something and I can't know for sure they aren't lying to me about whether they honor the restrictions I tell them, it somehow means they don't have to ask... that's bullshit :/.

Yeah: I get this prompt over and over again for the Tile application, and it is ridiculously annoying; if/when Apple launches their own Tile competitor, obviously their app will not be subject to the same handicap, and people might very well choose Apple's version simply because they won't get nagged constantly "are you sure you like Tile?!". That's clear anti-competitive behavior, in the same space as "tying" and "bundling": when Apple builds products that can be built using their platform, they need to be forced to not take advantage of the fact that they are the developer of the platform to give themself preferential treatment vs. the products, as if you allow that then you essentially always annoint the platform providers as the winners in any battle they are want to enter... the result of which being that you always end up with an oligopoly of giant companies owning every important market (and if you want to compete you have to take them on as network effect platforms) instead of separate oligopolies (let's face it: economy of scale effects pretty much always cause oligopolies in free markets :/ the only time that doesn't happen is if you hold a market space no one considers important) for every major market built on that platform (and then as a cross-cutting concern of said platforms; like, the market for bluetooth location dongles and voice assistants and browsers shouldn't be exactly the same game as the market for mobile phones and computers).

This is hyperbolic and wrong. On my iPhone XS running iOS 13.6, there is an option inside Settings>Privacy>Location Services to turn off location access for the Camera app. You can turn off Location for other core Apple apps too, including HomeKit, Health, etc.

You make the choice when you buy the app.

When you buy an iPhone, you are buying all of the Apps Apple supplies with it.

You even have a return period to take it back if you don’t like the behavior.

Being unfamiliar with how Tile really works, what is it using your location in the background for?

Right by why doesn’t it say, for Apple services, “do you allow your data to be stored in China, in which the government has legal access to”?

That’s the honest truth, but they don’t put it there because it would bother people.

It’s oddly convenient to say it’s true for one case, but for the other case it’s okay because it’s Apple.

One day we will learn that ultimately we cannot trust a corporation - as that is a moving target - but instead trust reasonable operating principles for data security and privacy.

And for what it is worth.. I’d rather override all of my data that Apple collects to be stored on servers in the US. It’s nothing against China... but everything against their government.

It’s worth noting I have similar concerns with the US government too, but it is a small step in a better direction.

That's true, I shouldn't say 100%. But the location data is in my iCloud Photos box, which I think Apple will at least internally take a hard look at anything that wants to access it.

If the iPhone calculator app team said "We're going to turn this into a social calculator and it's going to use your photo library to automatically identify receipts to calculate tips and splits, and we're going to do the image processing on the server and make a database of where we identified your receipts to help with identifying restaurant payment locations," somebody higher up would tell them "No, we need to do receipt recognition all on-device." That makes it a lot easier to avoid accidental data leakage.