In the last week, beneath all the Trump and Kim Jong Un reporting, were several stories that state that Apple has in effect declared war on data collectors. Make no mistake, what Apple is doing is making it significantly harder for companies big and small to collect your personal data. The significance of this cannot be overstated in that many companies like Google and Facebook’s revenue is based on selling targeted advertising and if gathering this data becomes significantly more difficult, it could affect their bottom lines.
The First Volley: No More Comments and Share Buttons
Last week, I was listening to the keynotes at the WWDC, and overall was pretty unimpressed as exec after exec droned on about new animojis or some other feature that I really didn’t care about, and then, Craig Federighi launched the first volley: Safari is going to block FaceBook and other social media like and share buttons as well as shared comment sections. Facebook, Twitter and other sites use these buttons to track your activity when you are visiting other sites. While it isn’t that big of a deal that this is happening on MacOS, it is VERY significant that Apple is instituting this change on iOS as well. When I heard this, I was pretty shocked, but that was only the first volley, there were more to come.
The Second Shot: No More User Agent Tracking
When you visit a website, there is a lot that happens behind the scenes to deliver the content to you. One of the first steps, is that your computer will send an HTTP request to the server. This request contains a User Agent String which is bit of text that describes the equipment that you are using. The intended purpose of the User Agent String is to enable the server to send the appropriate version of the site. For instance if you are using a mobile device, the server will send you the mobile version of the site. However, since User Agent Strings can be used to uniquely identify a computer on a network, they have been used as a means of uniquely identifying individual computers and tracking a user’s activity. The way entities are able to use these to track you is that often these UA strings include things that are installed on your system such as browser plugins, fonts etc. The end result is an identifier that more or less can identify a user.
Apple’s second volley is ending this. In future versions of Safari, the browser will dramatically reduce the amount of information in the user agent string which effectively makes your iPhone look like every other iPhone out there, and rendering the tracking MUCH more difficult.
The Third Shot: Revised Privacy Rules on the App Store:
If that wasn’t enough, Apple also announced revisions to its privacy rules on the App Store that explicitly prohibit apps from collecting and harvesting contact and geo information about the user. I recently wrote about a category of malware which I called stalkerware in which a legitimate application sends geo-locational information via a third party API and in doing so, allows the third party to track you. This threat is particularly insidious in that you as a user have almost no way of knowing that it is happening. Well, Apple has banned that. Done. I sincerely hope this will severely impact companies that engage in this kind of sketchy data gathering. Additionally, Apple has banned the practice of collecting and sharing contacts data. Getting access to a persons’ social information is one of the golden nuggets of data, and from now on, Apple had prohibited apps from doing that. You can read the full details in this article on AppleInsider. In another article, 9to5Mac speculates that this action will allow Apple to remove a sketchy VPN application called Onavo which allegedly is used by Facebook to, “gather information about user devices, their location, what other apps are installed, how people use other apps, websites users visit, and the amount of data used”, according to 9to5Mac.
The Final Shots: Removing Social Media from MacOS
Finally, Apple removed all the social media integrations in MacOS. So no more Twitter, Facebook, LinkedIn and Vimeo. Oh, and Apple also changed the security settings so that law enforcement can’t access a locked iPhone via the USB port.
What Does All This Mean?
Apple seems to be the first major technology company to really take a stand in favor of user privacy. For me personally, it makes me want to go out and buy more Apple devices. These actions are likely to significantly affect companies that rely on clandestine collection of user data as a part of their business model. Mozilla has recently implemented dramatically more severe privacy restrictions in their browser. If other major players, like Microsoft follow Apple’s lead, and implements similar controls on Windows, it could be truly devastating to the clandestine data gathering industry. Since Google depends on data gathering for their business, I wouldn’t count on similar moves from them on Android.
These moves could also greatly heighten public awareness of how data is gathered clandestinely and serve as a key differentiator for Apple. In other words, Apple will use their heightened security measures as a selling point for their products. We shall see.