What exactly is Apple doing to protect users' privacy?

Tightening of privacy options set to cause corporate unease

Apple CEO Tim Cook previews the company’s new privacy protections. Photograph:  Brooks Kraft/Apple Inc/AFP via Getty Images
Apple CEO Tim Cook previews the company’s new privacy protections. Photograph: Brooks Kraft/Apple Inc/AFP via Getty Images

If there was one thing Apple wanted you to take away from its 2021 developer conference, it was that privacy is key. The company, which previewed the latest version of its mobile software at WWDC21 along with the new MacOS, updated iPad software and new features for its TV and Watch operating systems, made privacy a core part of its event.

From its digital assistant Siri to the internet traffic leaving your device, Apple announced a raft of new measures it says are designed to protect users and their data, securing it from those who would seek to exploit it.

"This approach is about transparency and control for users. In practice, our north star is around the customer and what we think they value and making sure that at the very least we're giving them visibility and choice," Apple's senior vice-president for software engineering, Craig Federighi told PA.

“It’s all absolutely in the service of transparency and shining this light on privacy protections. “We think it leads to the cleaning up of those practices and ultimately a better experience for our customers.”

READ MORE

"Apple's tightening of privacy options for users was the defining theme for this year's WWDC and will cause further consternation among those companies dependent on user data for tracking, advertising and monetisation," said Ben Woods, chief analyst with CCS Insight.

But this isn’t something that Apple has decided to tackle in 2021. The company has been talking about privacy for some time. It first introduced anti-tracking features in 2017. But it was only in 2020 that things seemed to shake the industry.

Last year’s mobile software, iOS14, forced app developers to be more transparent about what data they were tracking on their users, and what they were doing with it; an update subsequently forced them to ask the permission of users to track their activity across other websites and gave users the option to refuse.

That attracted the ire of those in the advertising industry who have become dependent on data to target their ads. And it culminated in Facebook taking out newspaper ads to castigate Apple, positioning itself as a champion of the small business.

Ultimately, it made no difference; apps still have to be transparent about their data use.

More complicated

Things are about to get more complicated. The new version of Apple’s software will see apps forced to disclose how often they are using the permissions they have been granted, from accessing contacts and photographs, to the camera and microphone, all packaged up in the App Privacy report.

And Apple’s executives aren’t convinced that things will be as bad as people believe for the advertising industry.

“We’ve seen cases in the past where we’ve introduced protection and initially, the reaction was ‘oh my gosh, this is the end of everything, the advertising industry is doomed’ and so forth,” Federighi said. “And, in fact, quite the opposite [is true].

“The industry managed to come up with tools to continue to be effective, while protecting customer privacy. And so our point of view that making the right choices, grounded in what makes sense for the users, is going to lead to a world where we can continue to have innovation in all parts of the app economy – where advertising can still be an effective way to support those efforts, but where at the same time privacy is protected.”

Another feature of iOS15 would see Apple prevent marketers from tracking data such as whether a recipient opens a marketing email, or accessing their IP address through the use of hidden graphics that your email client loads, allowing senders to gather data on your activity. The default Mail app will no longer allow these tracking pixels, as they are known, when iOS 15 launched.

Tracking pixels are hidden graphics that you might not see in an email, but your email client loads them, allowing senders to gather data.

“Hiding information such as IP addresses, location and whether users have opened or read emails could severely limit the way many companies track and monetise users but will be welcomed by consumers who are becoming increasingly aware of how much data is being captured,” said CCS Insight’s Woods. “It will further Apple’s position as being a consumer champion when it comes to privacy.”

There is a good reason why Apple needs the trust of its users even more than ever. The company is striving to make the iPhone the only thing you need to carry.

Already, the device has taken over from travel cards and payment methods; the updates for iOS 15 would see it expanded to car keys, work credentials, home entry, hotel keys and in some parts of the US, state IDs. To get people to embrace that level of involvement in your daily life, you have to show you are serious about privacy.

We have become more wary of big tech companies as a whole in recent years, and it’s not without good reason. Scandal after scandal has eroded trust, leaving consumers distrustful of the motives of companies. Data breaches, manipulation of users and a cavalier (at times) attitude to data privacy have damaged the tech industry.

And so Apple has, in essence, been pitching itself as the antidote of sorts. The company has been keen to point out the differences between its products and services and those of its rivals. Apple, for instance, doesn’t rely on ad revenue as a source of income, charging its users for services instead. It doesn’t need to monetise your data, because it earns millions every quarter from services that its users pay for.

Key point

One of those services is also a key point of its privacy pitch. Paying subscribers to its iCloud service will be able to avail of iCloud+ for no extra cost. That includes Private Relay, which encrypts data traffic so it can’t be seen by third parties – including Apple. From a consumer point of view, it’s a welcome move; from an ad industry viewpoint, it is yet another obstacle.

There could be other unintended consequences too, with Woods raising the possibility of a negative effect for network operators, among others, that may need to understand traffic for the purpose of data plans – for instance, to identify discounted or zero-rated traffic.

Some of the more compelling features have also been built with privacy in mind. Live Text uses on-device processing. The new feature allows users to snap a photo of a note, a menu or anything with visible text and pull text from that photo to share or save as an email or note.

On-device processing means nothing is being sent to the cloud, which in turn eliminates the risk of data leaks on the way and gives consumers greater control over their data.

“Privacy has become a staple of Apple’s offering, as fundamental as the iPhone or Mac. WWDC saw it widen the tools available to its customers to protect their privacy and deepen their impact on businesses seeking to access data or track users online. Although this will not come as a surprise, the impacts are far-reaching,” said Woods.

“CCS Insight believes the move poses a much bigger challenge to web players than any action to come from regulators concerned at their growing influence and access to user data.

“In this context, Apple’s move is clever and likely to galvanise support from its users, many of whom had perhaps not applied much thought to data privacy before the company made it a feature. It is a message that will also resonate well with regulators at a time when Apple itself is in the spotlight.”

But – and there is always a but – some of the new privacy features that Apple is extending to its customers won't be available everywhere. Most notably, the iCloud+ Private Relay will not be available in a number of countries, including Belarus, the Philippines, South Africa and China.

It is the last of those that has drawn most attention. Apple has been forced to make a number of compromises on its stance on privacy to do business in China, a market that currently accounts for almost 15 per cent of its revenue.

In 2018, Apple moved the digital keys used to lock Chinese users’ iCloud data, allowing authorities to work through domestic courts to gain access to the information.

For regulatory reasons – China’s internet access is heavily controlled – Apple will not be offering Private Relay to its Chinese customers, meaning that they will not have the same protections as iCloud+ users in other markets.

“China has once again presented a dilemma to Apple. The market’s importance both in terms of sales and Apple’s manufacturing makes it necessary for Apple to comply with local laws on data capture and transparency,” said Wood. “This is a rare deviation from Apple’s almost draconian approach to consumer data privacy.”

The iCloud+ decision is unlikely to quiet that criticism.