During this year’s Data Privacy Day (January 27th, 2021), Apple shared its initiative “A Day in the Life of Your Data”.
The document presented detailed information of how data is being collected from users, and how data brokers generally operate. To make Apple’s data collection practice as transparent as possible, the company also provided details about its inner workings in terms of its users’ data.
“Apple believes that privacy is a fundamental human right. We design our products and services guided by our four key privacy principles,” the company stated.
So, what are these pilar principles, and does Apple truly operate by its own rules?
Apple’s Key Privacy Principles
Data minimization, on-device processing, user transparency and control, and security have been the cornerstones of the company’s privacy politics. And indeed, unlike most of its competitors, Apple’s business model has allowed it to flourish without excessive customer data collection. The company’s primary business goal is selling products and services rather than advertising, which couldn’t make it without data collection.
Some Mac experts believe that Apple can do a lot more. “From operating-system features to new services, the company should double down on privacy—and widen the lead it has over its competitors,” says Macworld’s Jason Snell.
Privacy in Safari
Last year, Apple introduced Intelligent Tracking Prevention (ITP). ITP is a tool in Safari that utilizes on-device machine learning to block cross-site tracking, with websites still being able to function normally.
The feature is on by default, and it prevents companies from tracking users’ online activity to create profiles used for serving ads. ITP is also available in third-party browsers running on Mac and iOS devices.
In January, 2021, Cupertino’s tech giant confirmed its intention to start forcing developers to ask permission prior to using their unique Identifier for Advertisers (IDFA) for third-party ad tracking. In layman’s terms, the forceful change means users should opt-in to ad tracking instead of opting out in Settings.“
Previous Issues Related to Safari Safe Browsing
Let’s rewind the tape to October 2019, when it became public knowledge that the company was sending some browsing history of iOS 13 Safari users to Tencent Holdings Limited, a Chinese multinational conglomerate. Tencent specializes in various Internet-related services and products, entertainment, artificial intelligence and technology both in China and globally.
Apple confirmed it used safe browsing technology developed by Tencent. We should mention that he Tencent conglomerate, one of the biggest technology companies in the world today, likely has ties to the Chinese government. The news stirred criticism from privacy experts. The shared data was associated with the Safari Safe Browsing technology.
iOS 14 Privacy Improvements
“Under Settings, users will be able to see which apps have requested permission to track, and make changes as they see fit. This requirement will roll out broadly in early spring with an upcoming release of iOS 14, iPadOS 14, and tvOS 14, and has already garnered support from privacy advocates around the world.”
In fact, the iOS 14 update is one of the biggest the mobile operating system has seen so far. A Privacy Report feature is also added to the browser in iOS 14 and macOS Big Sur, expanding the ITP functionality. The Privacy Report section in Safari can be reached by tapping on the two As icon and selecting the “Privacy Report” option. You must have cross-site tracking prevention enabled so that Privacy Report can function. The feature will prompt you to enable it if it isn’t already enabled.
Apple has been working for years to implement cross-site tracking, so these OS updates are a huge stepping stone in the company’s history of privacy improvements.
macOS Big Sur Privacy and Security Loophole
In January this year, macOS went through a significant enhancement in terms of both privacy and security. macOS Big Sur 11.2 beta 2 eliminated a feature that allowed Apple apps bypass third-party firewalls, security tools, and VPN apps.
Called ContentFilterExclusionList, the exclusion list feature was included in macOS 11. It contained some of Apple’s major apps, such as the App Store, Maps, and iCloud, and was physically located on disk.
Several security researchers such as Patrick Wardle and app developers discovered the controversial feature last October, when they found out their tools couldn’t filter or inspect traffic for several Apple apps. The experts highlighted the potential risk that such a feature carried, arguing that malware could sneak into legitimate Apple apps and bypass firewalls and security software.
Privacy experts were also quite concerned about the exclusion list, since macOS users were threatened by exposing their real IP address and location while using the specific Apple apps, as VPN apps couldn’t hide their whereabouts.
When contacted for comment, the Cupertino-based company said this was temporary without revealing further details. An Apple software engineer, however, said that the list was a result of several bugs in Apple apps. The issue was resolved with the release of Big Sur 11.2.
Privacy Issues in Apple Mail
Last month, technology blogger John Gruber pointed out that despite the tech giant’s numerous privacy-related features, it has failed to provide built-in defenses for email tracking. If you’re an Apple user, perhaps you know that email messages can have embedded trackers in the form of invisible images. Apple Mail loads them by default. Even though automatic image loading can be disabled, it will affect most email messages, making them look broken:
A slew of readers wrote to argue that Apple Mail does offer such a feature: the option not to load any remote resources at all. It’s a setting for Mail on both Mac and iOS, and I know about it — I’ve had it enabled for years. But this is a throwing-the-baby-out-with-bath-water approach. What Hey offers — by default — is the ability to load regular images automatically, so your messages look “right”, but block all known images from tracking sources (which are generally 1×1 px invisible GIFs), Gruber wrote.
“Apple should offer defenses against email tracking just as robust as Safari’s defenses against web tracking,” the blogger suggested.
The Abundance of Fake iOS Apps
Another issue Cupertino’s tech giant has to consider resolving in full is fraudulent applications. Developers have been struggling with such apps for years. Furthermore, sustaining the security and safety of a store as big as Apple App Store is definitely challenging.
We have reported several cases of malicious apps discovered in Apple App Store. In October 2019, 17 infected apps discovered in the store contained a Trojan clicker that communicated with a known command-and-control server to simulate user interactions. Clicker malware is usually deployed for ad fraud, and so was in that particular case.
The apps covered a random set of app categories, including platform utilities, productivity, and travel. All of them communicated with the C&C server via a strong encryption which hadn’t been cracked at the time of the report.
“Apple should put together an App Store bunco squad. A small team that polices the store for scammy apps and nips them in the bud,” Gruber suggested in another article.
It is noteworthy that a few years ago, Apple banned cryptocurrency miners from its app store.
In addition to the Apple App Store shenanigans, macOS users have been flooded with various online scams and unwanted software, including fake tech-support pop-ups, phony adware apps, bogus search engines, and persistent browser redirects. We write about such issues daily, underlying the importance of keeping your Mac secure via alternative methods. macOS is prone to malicious software, and there are enough examples to illustrate that the threat is real.
The year is yet to unfold, and we’re sure that Apple is going to bring more enhancements to the privacy table. For one, the company should be congratulated for the audacity to stand against Google and Facebook. Perhaps we ought to mention what the newly introduced changes in iOS 14 mean for Facebook and Google: impaired advertising efficiency, costing both tech giants billions of dollars in loss.