US tech giant Apple recently debuted its ‘app privacy labels'. These labels tell iOS users about the information that is collected by apps when downloaded from the App Store. However, a recent report by The Washington Post has found that the privacy labels in the App Store are not as accurate as they should be.
The report notes that many apps that claim they don’t collect user data actually do, and often share that data with Google and Facebook.
Recently, Facebook had also published full-page advertisements in leading US dailies like The Washington Post, The New York Times and Wall Street Journal, criticising Apple’s iOS privacy labels.
Apple CEO Tim Cook shot back on 18 December 2020, asserting that, “Facebook can continue to track users across apps and websites as before. App Tracking Transparency in iOS 14 will just require that they ask for your permission first.”
Here’s Everything You Need to Know about Privacy Labels
What are privacy labels?
Whenever an iOS developer uploads an app to App Store, they have to include a privacy label, which tells the user about the information that the app will collect when downloaded on the iPhone. These privacy labels are also called ‘nutrition labels’, as they resemble a nutrition marker on food packages.
How to read Apple’s privacy labels?
To find the new labels, once you download an app from the App Store, under the app’s description, look for ‘App Privacy’. Under that a box appears with the name ‘privacy label’, which is divided into three categories:
- Data used to track you
- Data linked to you
- Data not linked to you
Are privacy labels inaccurate?
Well, it turns out that the app’s privacy labels are not solely based on Apple’s scanning of an app. They are self-reported, so even though many apps say they don’t collect user data, some of them do. Examples include some de-stressing apps such as, Satisfying Slime, Match 3D, PBS Kids Video, and more, according to The Post’s report.
Apple’s App Store review process is supposed to check the claims, but with millions of apps being updated at a time, it is an impossible task.
Analysis By Security Researcher Proves Otherwise
In order to prove this vulnerability, an analysis was conducted by Patrick Jackson, Chief Technology Officer, Privacy Pro. According to the analysis, several iOS apps were found to share information that could identify a user's iPhone with Facebook, Google and Game Analytics.
The research further elaborated that these apps were also sending Unity – a company that provides game makers with software data – the user's ID and details of the iPhone that is being used. Additionally, it also shares data related to the battery level of the phone, the remaining amount of free storage, the general location of the phone, and the volume level.
In a conversation with The Post, Apple Spokesperson clarified that the company conducts routine and ongoing audits of the information provided, and works with developers to correct any inaccuracies. "Apps that fail to disclose privacy information accurately may have future app updates rejected, or in some cases removed from the App Store entirely, if they don't come into compliance," the spokesperson said.