Apple’s ad network gets ‘preferential access to users’ data’ vs Facebook, Google

Scaremongering isn't the right way to describe a real, well-documented ongoing concern. We have a long history of app developers trying to monetize their user's privacy, and that also explains why your comparison is inaccurate: if you buy an iOS device you are already trusting Apple. If you don't trust Camera to do nothing more than geotag your photos, you can't use iOS at all because every mechanism which would protect your privacy is built by the same company.

What the privacy measures are doing is giving the user the ability to review requests for access to your personal data by parties you aren't already trusting by virtue of owning the device.

Don't you think it's at least a little hypocritical that they don't extend the same privacy configuration options to their apps that they mandate for 3rd party apps? Sure, I generally trust Apple more than a random 3rd party developer, but the fact that Apple doesn't trust me to set my own privacy configuration for the camera makes me trust them less.

You have the same options to disable location data for the built-in Camera app that you have with any other app.

Yes, but iOS does not proactively beg you to disable location access for Apple Maps, the way it does for Google Maps even if you've been using Google Maps daily since 2007.

Again, how large is the population of people who don't trust Apple's apps not to exfiltrate their data but do trust Apple's OS to enforce restrictions on the apps built-in to the OS?

If, for example, you don't trust Camera with your location data you also need to be concerned about having cellular networking enabled and making sure that Apple's WiFi interface, crash report, software updates, Music/Books/TV, etc. don't share that same data or things like IP addresses which are often effectively the same.

Remember, this is only about code which ships in the OS. If you look at the apps which Apple ships through the app store, they do follow the same controls: my “Apple Store” app only allows location access while I'm using it, I can disable background app refresh, etc.

Apple's in control of the operating system. If you don't trust them, why would you think that disabling access to the camera app would do any good?

Actually it does, and always has.

When you set up iOS there is a full screen permission request to allow location data for Apple’s apps.

If you set Google Maps to While Using the App you will stop seeing the prompts you’re thinking of. Those “downgrade” prompts only apply to apps with Always. Apple Maps doesn’t support Always and so it cannot get a downgrade prompt.

This is only because Apple draws a boundary around their stuff that says "Maps" only uses location when it's running, but "Significant Locations" and "Routing & Traffic" and "Improve Maps" are system services.

Apple has put its servers in china for chinese users so that the chinese government can access the data. Now the data it collects legally they have to give to chinese government if asked. I am not saying they are giving data to chinese government that rather that they are collecting data which can get into the hands of government so they should let the user control what data they are comfortable with sharing.

This is the absolutist security perspective, where one assumes an "evil demon" threat model (i.e. every exploit will be exploited to the maximum). It's a useful theoretical model for hardening systems against known and unknown intrusion, but it doesn't realistically model the expected outcome in a world with laws and social constraints.

In practice, it's quite reasonable for a consumer to assume that the company providing them services isn't actively out to get them. In fact, we encode that assumption in law in a couple key places (to wit: if Apple is turning the camera on randomly against explicit user desire, they could be sued for invasion of privacy in the same vein as https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School...)

> Don't you think it's at least a little hypocritical that they don't extend the same privacy configuration options to their apps that they mandate for 3rd party apps?

Yes. I think Apple is playing an unfair game AND I am concerned about user privacy and how people are being tracked around the web. I'm not sure why other users are acting like both can't be true.

No, I don’t, because they do. The entire thesis of the upstream argument is false. You’re arguing a falsehood. There are no special libraries to defeat privacy available to first party apps. They use the same exact methods externals do. The first party app documentation is literally the public site with very few exceptions.

Again, what do you believe that a checkbox on the camera app would accomplish? If you’re concerned about protecting Chinese users against their government, think long and hard about whether this would provide anything more than a false sense of security. I even gave you a partial list of other ways the same data can leak.

I think you're being a little obtuse. How do you address the fact that I can disable microphone for any 3rd-party voice memo application but I cannot disable it for Apple's "Voice Memos". This is a clear double-standard regardless of how fondly you feel about your own contributions to Apple Maps.

Apple allows you to turn off location services for system apps as well. So even if you don’t trust Apple, you have legal recourse if those terms are violated.

I imagine Apple is making the assumption that the only reason to run Voice Memos is to use the microphone, but that’s clearly not the case. I agree with the sibling comment, file a bug.

I'd need a valid example of Apple not asking for permissions. What usually happens is that Apple built-in apps are able to ask for permissions and consent _differently_ than third party apps, such as greater control over the messaging.

For the most part, apps _do_ ask for permissions, for instance Maps and Safari do ask for access to your location. However, Safari has quite a few UX customizations outside what is generally available so that it asks for permissions on behalf of a website, rather than on behalf of itself.

When possible, Apple will try to create a higher level system so that third parties get access to a better UX (say, a pop-over browser or map control or photo picker) but they are usually slower at doing so.

When possible, Apple will try to create a higher level system to allow third parties to have a better UX here. For example, there is an anonymous advertising API which Apple uses and which they are exposing to apps in iOS 14. This does not result in the 'tracking' privacy prompt.

The largest exception last year was likely Find My, in the face of the crackdown on background location tracking. Since the activation lock/location tracking is part of the system, the UX was drastically different than say Tile's app. Apple launched a third party program for Find My this year as they start to try and make up the differences. They still have a way to go there.

You make the choice when you buy the app.

When you buy an iPhone, you are buying all of the Apps Apple supplies with it.

You even have a return period to take it back if you don’t like the behavior.

Right by why doesn’t it say, for Apple services, “do you allow your data to be stored in China, in which the government has legal access to”?

That’s the honest truth, but they don’t put it there because it would bother people.

It’s oddly convenient to say it’s true for one case, but for the other case it’s okay because it’s Apple.

One day we will learn that ultimately we cannot trust a corporation - as that is a moving target - but instead trust reasonable operating principles for data security and privacy.

And for what it is worth.. I’d rather override all of my data that Apple collects to be stored on servers in the US. It’s nothing against China... but everything against their government.

It’s worth noting I have similar concerns with the US government too, but it is a small step in a better direction.