Apple is often lauded as the king of privacy among the tech giants, and to a certain extent, it is. After all, unlike Facebook and Google, Apple’s business model is built around selling hardware and services — not advertising to you. But the company’s new “App Privacy” label feature, which was added to the App Store last month, may be better in theory than it is in practice — at least for now.
According to a new report from The Washington Post, the privacy labels in the App Store may not be as accurate as they should be. The report notes that many apps that say they don’t collect user data actually do, and often send that data straight to the likes of Google and Facebook.
So how could this happen? Well, it turns out that the app privacy labels aren’t actually constructed based on Apple’s scanning of an app itself. They’re self-reported, so many apps could say that they don’t collect user data, but then turn around and do it anyway. Examples include destressing app Satisfying Slime, Match 3D, PBS Kids Video, and more, according to The Post’s report. Apple’s App Store review process is supposed to check the claims, but with millions of apps being updated at any time, it’s an impossible task.
Apps self-report their collection policies … which led to the exact results you’d expect.
This is a major issue — if not for users’ privacy, then at least for trust in Apple’s systems. For example, iPhone users can only download apps straight from the App Store. Apple’s reasoning for this is that it ensures that users steer clear of malware, privacy issues, and other problems that could arise from downloading apps from sketchy sources. But if Apple doesn’t actually keep you safe, that narrative kind of falls apart.
There are a few arguments in Apple’s defense here. For starters, it’s not necessarily the company’s fault that developers are lying to customers, even though it is Apple’s fault that it makes it dead simple for apps to lie and get Apple’s seal of approval. Thankfully, an upcoming iOS feature will block all apps from tracking a phone’s unique ad identifier, unless given express consent from the user. This will radically change how companies like Facebook and Google track users on their mobile devices, no matter what their App Store disclosures may say.
As a fix for this issue, Apple should either verify developers’ claims before publishing them as true, remove the labels as a whole, or at the very least, make it abundantly clear that these labels are self-reported and may not be completely accurate.