Apple's New App-Privacy Rules Expose Past Loopholes
June 13 2018 - 3:40PM
Dow Jones News
By Tripp Mickle
Apple Inc. is trying to enforce new privacy policies across its
vast network of iPhone and iPad apps -- and in the process is
exposing longstanding gaps that left users' data vulnerable to
abuse.
The company has issued new rules for app developers designed to
limit future data collection and ad targeting. The rules thrust
Apple into the role of regulator and enforcer in the wake of
controversy over the misuse of personal data from Facebook Inc. --
a scandal that has triggered calls for new federal regulations of
digital information.
But Apple's new rules also raise concerns that the company's
previous policies contained loopholes allowing apps to collect and
resell users' information, including contacts lists and photo
locations, privacy advocates say.
Apple didn't respond to requests for comment.
Apple's new guidelines out last week state that apps receiving
users' permission to access contact lists and photos can't build
databases with that information or sell it to third parties. The
company also added rules saying apps need consent when "recording,
logging or making a record of a user's activity" and said
advertisements inside apps must allow users to see all the
information used to target them.
The rules are the most sweeping and restrictive Apple has ever
imposed on developers. Previously, the company didn't have detailed
rules limiting what developers could do with users' contacts lists.
So apps in theory could have taken not only phone numbers and
emails of friends and family but also those contacts' birthdays and
profile information and build databases or sell it to third
parties, said Raj Aggarwal, the co-founder of Localytics, a
mobile-app analytics company that supports 37,000 apps across 2.7
billion devices.
"It's pretty bad what Apple was inherently allowing," Mr.
Aggarwal said.
It isn't clear if any iPhone or iPad apps compromised users'
personal data as a result of the loopholes, and there is no
evidence of Apple currently pulling apps off the App Store for
failure to comply with the new rules.
In a new code of conduct section in the guidelines, Apple said:
"Customer trust is the cornerstone of the App Store's success. Apps
should never prey on users or attempt to rip-off customers, trick
them into making unwanted purchases, force them to share
unnecessary data...or engage in any other manipulative
practices."
Apple's new guidelines were earlier reported by Bloomberg.
Apple's effort to crack down on developers comes amid new
European privacy rules and continued scrutiny of Facebook's
data-collection practices. The social networking giant has come
under fire over the past year for failing to fully protect user
data and allowing personal information, including contacts, to be
collected and relayed to third parties such as political consulting
company Cambridge Analytica.
Talking about the Facebook scandal in March, Apple Chief
Executive Tim Cook told MSNBC that he doesn't support regulation
but said it was time "for a set of people to think deeply about
what could be done here." The company has since not only updated
its own regulation of apps but also announced new software features
aimed at limiting the way Facebook and advertising-based companies
track and collect data across Apple devices.
The more stringent guidelines could protect Apple and customers
as they increasingly store more sensitive information on iPhones,
such as medical records. Had an app collected and sold a customers'
health data, Apple would have faced profound reputational risk and
therefore needed to "clamp down," said Pam Dixon, executive
director of the World Privacy Forum, a nonprofit digital-privacy
research group.
Still, the rules won't matter unless Apple enforces them,
privacy experts said. They expect Apple to use artificial
intelligence to analyze apps that collect data and have staff audit
apps that are suspected of violations. "It needs to be a clear,
robust and active process for this policy to have any teeth," Ms.
Dixon said.
Should those efforts fall short, Apple could later block app
developers from uploading iPhone address books to servers, said
Domingo Guerra, president of Appthority, a mobile security company.
Instead, he said Apple could require apps to use the contact list
locally on the device, eliminating any data risk.
Apple will have to balance its new regulations with its need to
attract developers. The App Store is the primary sales engine
behind the company's growing services business, which generated
more than $29 billion in sales last year and has a goal of hitting
about $50 billion in sales by 2020.
Developers have generated about $100 billion in sales since the
App Store's inception a decade ago. Though Apple's operating system
has only 15% of global smartphone market share, the App Store
collects 66% of app-related spending world-wide, about double
Alphabet Inc.'s Google Play store, according to market researcher
App Annie.
"Apple controls that gateway," Mr. Guerra said, "and these app
developers have to play by their rules."
Write to Tripp Mickle at Tripp.Mickle@wsj.com
(END) Dow Jones Newswires
June 13, 2018 15:25 ET (19:25 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Apple (NASDAQ:AAPL)
Historical Stock Chart
From Apr 2024 to May 2024
Apple (NASDAQ:AAPL)
Historical Stock Chart
From May 2023 to May 2024