When Apple Says The iPhone, iPad And Mac Are Built For Privacy, They Are Not Kidding
At a time when a lot of tech companies are playing fast and loose with our data on their platforms, as users we really are at a loss to find what can possibly be classified as a mirage. Which is why when Apple says that it makes the software and the hardware products with user data privacy in mind, they are actually not kidding. Across the board, the company has made a lot of improvements and additions to the whole privacy aspect, be it iOS 13, macOS Catalina, the Safari web browser as well as a bunch of its own apps including Photos, Find My and the Health data that the iPhone and the Apple Watch may generate. At the same time, Apple has also updated its privacy website.
Apple is betting heavily on what it calls Private Federated Learning. The simple idea behind this is to not only obscure and scramble a user’s personal and private information from the depths of the world wide web-based apps and services, but to also localize the customization of the experience by learning and analyzing the user data, but locally and on the device. The way Apple deploys this is that all of the processing happens on your iPhone itself, for instance, with no data ever being uploaded to a server or shared with Apple or any other app developer. The Hey Siri personalization and the artificial intelligence-based features in the Photos app are two examples of that. “The Apple Neural Engine in the A13 chip performs over 100 billion operations per photo to recognize faces and places without ever leaving your device,” says Apple.
At a time when popular instant messaging apps such as the Facebook-owned WhatsApp are under tremendous scrutiny for not completely securing user messages and also being vulnerable to spyware injections, iMessage could just be able to make a strong case for itself. Apple says that every single message that you send using iMessage to another iMessage user, is encrypted. This includes text messages, photos, videos, emojis, GIFs, you name it. And whatever contextual suggestions that iMessage offers during your conversations, those are generated on the device itself.
Then there is the whole debate about how you are tracked across web browsers and apps, to be served contextual advertisements based on your web usage history, what you have been searching for and even any products that you may have been looking up on shopping websites. The Safari web browser, for instance, has something known as Intelligent Tracking Protection. “It works by separating the third-party content used to track you from other browsing data, so what you look at on the web remains your business — not an advertiser’s,” says Apple. The AI and machine learning work is done on the device itself (which means no data is shared with any third-party services) and this feature is on by default on all Safari browsers. I can say with certainty that with Safari as my default browser on the iPhone and on the Mac (those are the two devices only that I did web browsing on to test how well this works), apps such as Facebook and Instagram have been completely thrown off my scent. I browse for some product on the web or search something on a shopping website, and unlike before when using Google Chrome or Mozilla Firefox browser, no similar adverts pop up for me on Instagram and Facebook, for example. Even the adverts that other websites serve up aren’t an ode to my actual web searches. Imagine, poor old Instagram is stuck in an endless loop serving me adverts for a Charcoal toothpaste I searched for 2 months ago, because it doesn’t know anything after that!
But you can’t always do everything on the device itself. Let us take the example of the location data, for instance. Location tracking on our phones, as we know, if a pretty common thing now. Google will track your location and create a ‘history’, Facebook will track your location and do something with it and so on. Not every app tracks your location with malicious intent, but this piece of data does give a detailed insight into your habits and easier to create a character sketch about you—where you work, where you shop, which restaurants you visit regularly and when and more. In this day and age, when Apple confirms that they have anything like location history of where you have been, you would surely sit up and take notice. “Personalized features, like locating your parked car, are created right on your device. Data used to improve navigation, such as routes and search terms, is not associated with your identity. Instead, that information is based on random identifiers that are constantly changing,” says Apple’s new privacy document.
Speaking of location, Apple did make a significant change in iOS 13 with regards to how apps get access to your location data. As a user, you now have the power to choose between Anytime, only when the app is in use or never options for every single app that you may have installed on your iPhone. If you do not want an app to access your location data when you aren’t using it, you can select the “only when app is in use” option. The moment you close the app, iOS blocks the stream of your location data to the app. If an app still persistently asks for your location in the background, iOS 13 after a period of time will notify you with the details of exactly when the app requested for the location data and whether you want to give it access or not.
Recently, we had written about how iOS 13 now reveals which apps are accessing your phone’s Bluetooth and Wi-Fi data to also track location, and users now have the option of blocking that as well. “Apple has made it mandatory for apps to get user consent for access to the device’s Bluetooth connectivity and data. By the time I got around to setting up my most used apps on the iPhone 11 Pro Max running iOS 13, it was a tad astonishing to see how many apps actually request for access to Bluetooth. What does ESPN, Amazon Shopping, Google Home, Amazon Alexa, YouTube Music and My Vodafone apps need access to Bluetooth on my iPhone for?,” I had written at the time (You can read more here)
The need for this security measure which puts a lot of things in perspective came about after apps have pretty much misused our goodness by using the Bluetooth data on our phones to track our general location. Data, as they say, is the new gold. And any data, about which mall you visit and at what time, which shops you may have visited, which restaurants you frequent and so on. Incidentally, this setting and the data collected from the Bluetooth feed was totally separate from the Location Data access that you may or may not have allowed. Often blatant misuse of these settings is why Apple has brought this out in the open with iOS 13.
You would have often encountered the ‘Sign in with Google’ and ‘Sign in with Facebook’ options on various apps and websites. It is just very convenient. But what most of us don’t realise is that it is also very unsafe, at least for our data linked to whatever account we are using to sign-up and sign-in. It is perhaps a direct shot at Google and Facebook, but Apple has taken the concept of social logins and tried to instil some amount of privacy there. Apple has something called Sign in with Apple. An app or website developer has to enable this option as one of the methods to sign-up for and sign-in to access certain content on their platform. Apple’s solution gives next to no data to the app or website developers and can mask your credentials if you wish. When you sign in with the Facebook or Google single sign on (SSO), a significant amount of your account information is shared with the app or website you are logging in to. You don't have control over it. Your name, email address, date of birth, social media profile and perhaps more information is shared with the app or the website you are signing in to—it is a single consent that is taken as your wish to share all data. With the Apple SSO, things work a bit differently. Apple will not share your email address or any other data with the developer. At the most, app developers can request for your email address. If you wish to share or not share, is your call. If you decide not to, Apple will create a random email address and share that with the developer. This randomly generated email address will be linked with your original iCloud ID, but the app or website developer will not know that.
Little things sometimes back the biggest difference. In this case, almost every app that you use on an iPhone or Mac or iPad is taking advantage of a bunch of useful improvements that have become the underlying theme of Apple's recent software and also hardware upgrades.