December 16, 2020
Apple launched mandatory labels that provide easy-to-grasp information of the privacy policies for apps in the Mac and iOS App stores. The mandatory policy applies only to new apps or updates of existing ones. Although countries such as Finland, Singapore and the UK have adopted such labels, Apple appears to be the first global Big Tech company to “embrace and promote” the idea. The labels list three items: Data Used to Track You, Data Linked to You and Data Not Linked to You, with details under each.
Wired reports that many apps have already gone live with their labels, but it will take time for all of them to display the information.
At Carnegie Mellon’s CyLab Usable Privacy and Security Laboratory, director Lorrie Cranor noted that, “it’s unclear how much user testing went into it.” She added that, “as it rolls out with real apps and real users it will be interesting to see what works and what doesn’t — whether developers understand how to accurately complete the information, whether they actually tell the truth, and whether consumers understand what this means are all open questions.”
Wired adds that, although “it’s difficult to find mainstream software that doesn’t do at least some linking and tracking … [the labels’] pervasiveness might also make it hard to find something actionable in the information.” Apple also tasks developers with “keeping your responses accurate and up to date,” and plans to “vet the information as part of its app review process.” But, notes Wired, “malicious apps … slip past these audit and review processes … [and] given the ongoing nature of the challenge, it seems likely that misleading privacy details will also sneak by sometimes, at least until researchers or concerned users catch and flag discrepancies.”
University of Washington privacy researcher Pardis Emami-Naeini notes that, for those developing security labels, problems can also include a lack of understanding about what’s being asked or how their apps actually “collect and manage data.”
Emami-Naeini also pointed out that some data collecting is “optional to disclose,” which is “not a great idea,” potentially opening the door to “loopholes and workarounds.” She said she is “worried about how Apple will monitor the veracity of the information in the labels.” Cranor dubs herself “cautiously optimistic that these labels will actually turn out to be pretty useful.” Both she and Emami-Naeini stressed that, “real effectiveness will take real enforcement — not just from Apple, but from government regulators as well.”
The Verge reports that Apple had previously set a deadline for developers of December 8 to provide the labels or “risk losing the ability to update their apps.” The company now officially launched it for “all iOS device owners running the latest version of iOS 14.” The labels are required for apps on iOS, iPadOS, macOS, watchOS and tvOS. After being called out by WhatsApp, Apple also stated it would “provide labels for all its own software” and its own “first-party apps will all have the same disclosures on their App Store product pages.”
Apple’s App ‘Privacy Labels’ Are Here — and They’re a Big Step Forward, Wired, 12/14/20