By Jonny Evans,
Appleholic, (noun), æp·əl-hɑl·ɪk: An imaginative person who thinks about what Apple is doing, why and where it is going. Delivering popular Apple-related news, advice and entertainment since 1999.
Apple is introducing iOS 14.3, and among a host of improvements the upgrade introduces Privacy Nutrition Labels for apps sold at the App Store. This should be good for developers, enterprises and users.
Apple announced Privacy Nutrition Labels at WWDC 2020.
Under the scheme, developers selling apps on the App Store must explain the privacy practices of each app they sell.
That means quite detailed information concerning what data they collect, why and what they do with it must be provided to users considering downloading an app at the store in the form of what looks like a food nutrition label.
The idea is that users – including you and your employees – can engage in deep review of the privacy practises of apps you may permit use of on enterprise devices.
The scheme is only now being rolled out. Apple has asked developers to provide this information with their app since December 8, apps already available in store don’t need to have it, but as developers update existing apps they’ll be expected to include this information. The information they must share includes what and where data is being used, what for, and in what category (including financial and personal data).
It’s not just third-party developers who must include such information. Apple is offering this information on pages for its own downloadable apps and also provides detailed privacy information on all its applications at its website.
Most developers gather little or no data. What information they do collect usually relates to app functionality and is often quite limited in scope.
Most of the time.
There are developers who collect vast amounts of data concerning their users, and sometimes this information extends far beyond app functionality.
Almost without exception you’ll find those developers complaining about Apple’s privacy focus are the same ones who harvest these vast quantities of data about you and your employees.
What has made things a little unequal is that smaller developers offering functionality not at the expense of privacy have been limited in how they can explain this to users – particularly if what their app does is replicated by a less privacy focused developer with a bigger marketing budget.
Apple’s Privacy Nutrition labels gives developers who do respect user privacy a clear and visible way to express that commitment – there’s even a logo that shows when an app gathers no user data at all.
With a little luck, it’s possible those developers who have not considered user privacy until now may now become more motivated to do so as users migrate to more privacy conscious alternatives, changing how their apps work in order to regain space in the circle of trust.
Apple has tried to make it easier to surface this kind of information by, for example, making it possible to review specific permissions granted to apps to make use of the camera and microphone on your device(s).
However, even this insight doesn’t provide a sufficiently complete picture to enable users to make smart choices around privacy protection.
App Privacy labels change this.
Now a user can see at a glance what the privacy practises of any app might be. This gives them a chance to reject those apps that ask too much, and a credible way to identify which apps that do respect user privacy are available for the task they need to get done.
This puts users in control of their own digital destiny.
Assuming your business isn’t concerned with making money through the exploitation of user information gathered by apps, data harvesters and data brokers, then the move to Privacy Nutrition Labels should be good for you, too.
When it comes to reviewing apps for use on your private enterprise networks or using hardware that relates to your business, IT now has a credible source of trusted information to help sign off on an app’s privacy practises.
Privacy Labels will make it much easier for your business to white list applications your users can install on enterprise-related machines, which in itself may help protect your business against increasingly sophisticated hacks and cyberattacks.
While we don’t know how closely Apple will police this feature, it’s reasonable to assume that apps that fail to accurately disclose privacy practises may be thrown off the store.
And, the fact they have expressly failed to provide full information may leave such developers exposed to litigation on behalf of app users who may have suffered injury as a result of being wilfully misled by a less than true claim regarding app privacy shared via the store. (I’m not a lawyer, but it sounds like a credible argument to me.)
This is just the latest in a rich salvo of fantastic privacy-focused improvements Apple continues to introduce in its devices in line with its philosophical belief that privacy is a human right and that the best way to preserve that right is to figure out how to provide all the convenience of technology without needing to gather people’s private information in the first place.
That’s why Safari became the first browser to block third party cookies by default back in 2005 and why the company prevented Mac fingerprinting in 2018.
Apple VP Software, Craig Federighi, recently said:
“Never before has the right to privacy—the right to keep personal data under your own control— been under assault like it is today. As external threats to privacy continue to evolve, our work to counter them must, too.”
This is turning into a philosophical war against those with other business plans, but the truth must surely be that the more complex our devices become and the more essential to everyday life they become, the more data they will feasibly contain.
After all, that information isn’t just about personal data, but also extends – quite literally – to software, passwords and system data for connected manufacturing, agriculture and beyond – all of which also need to be protected.
As for the false difference between the right to protection of consumer and enterprise information, the recent SolarWinds attack shows that even the world’s most secure organizations can be hacked, which means the very best way to protect personal, enterprise and, indeed, national security data is not to collect it in the first place.
After all, you can’t steal what doesn’t exist, which is what Apple’s approach to ‘data minimization’ is all about: Convenience, without insecurity.
Jonny is a freelance writer who has been writing (mainly about Apple and technology) since 1999.
Copyright © 2020 IDG Communications, Inc.
Copyright © 2020 IDG Communications, Inc.