Tag: Apple

Apple to delay iOS 14 Ad Tracking Changes

9. September 2020

In an update from Apple on Thursday, 3rd of September 2020, it was announced that some of the plans that were supposed to be launched in the new iOS 14 update are being delayed. The new feature of iOS developers having to request permission from app users before collecting their data for ad tracking is being pushed back to the beginning of 2021.

This and other features are seen as a big step towards users’ privacy, which you can read up on in our previous blogpost, but they have been criticised by app developers and big tech giants alike.

The permission feature was supposed to change the way users’ privacy is being accessed, from the current opt-out method to an opt-in one. “When enabled, a system prompt will give users the ability to allow or reject that tracking on an app-by-app basis,” stated Apple.

However, this will be delayed until early next year, due to the fact that the changes would affect a large amount of the platforms’ publishers, which rely strongly on ad tracking revenue. Facebook criticized the changes and announced that some of their tools may lose efficiency, and hence cause problems for smaller app developers. To combat this issue, Apple said: “We want to give developers the time they need to make the necessary changes, and as a result, the requirement to use this tracking permission will go into effect early next year.”

In recent years, Apple has taken its users’ privacy more seriously, launching new adjustments to ensure their right to privacy is being integrated in their devices.

„We believe technology should protect users’ fundamental right to privacy, and that means giving users tools to understand which apps and websites may be sharing their data with other companies for advertising or advertising measurement purposes, as well as the tools to revoke permission for this tracking,” Apple emphasized.

Category: EU · GDPR · General
Tags: , , ,

Apple’s new iOS Update will enhance Privacy Features

31. August 2020

At its Worldwide Developers Conference 2020 back in June, Apple announced new privacy features coming in a future iOS 14 update for its devices. These updates, coming in the fall, are supposed to include more control of sharing location data and indicators when an app is using the microphone or camera.

The updates mean that it will be further possible to limit how much location information is shared with apps, only allowing it to share approximate data rather than the devices precise location. Apple also introduced labels for app permissions to inform people how much data an app requests, before they even download them. The feature will show people those labels in two categories, on “Data Linked To You” and “Data Used to Track You“. However, this will have to be provided by the app developers themselves, leaving grey areas open.

“For food, you have nutrition labels,” said Erik Neuenschwander, Apple’s user privacy manager. “So we thought it would be great to have something similar for apps. We’re going to require each developer to self-report their practices.”

Further, the privacy updates also incorporate the Safari browser, allowing for a report on privacy while surfing the internet through the use of a “privacy report” button. It will allow the overview of all third-party trackers through one click, and allow the user to block them directly.

Apple also moved from the opt-out standard for apps using the user’s personal data to an opt-in scheme, requiring the active consent of the users in order to allow the use of their data.

While this is a positive development for all Apple users, Facebook states that it sees issues for small developers having to face these new privacy settings.

In a blog post, Facebook said it was making a change to its own apps, which in addition to its flagship app also include WhatsApp and Instagram, that would likely spare them from having to ask iPhone users for data-tracking permissions that many advertising industry insiders believe users will refuse. Facebook also stated it was making changes due to Apple’s new privacy rules that could hurt smaller developers that use a Facebook tool for serving apps in third-party apps.

Overall, Apple’s new privacy rules are a welcomed changes for its users, handing them further control over their own personal data.

Apple and Google join forces during Corona Pandemic

17. April 2020

Apple and Google two of the biggest internet giants announced that they will partner on the development of a COVD-19 contact tracing technology.

According to a statement, both of them published on their blogs, aim of the partnership is to develop an App respectively a technical tool which should support the protection of people and to help combat the virus. Furthermore, the tracing technology should help governments and health agencies reduce the spread of the virus.

Apple and Google want to develop a Bluetooth technology which can be used on iOS and Android devices as well as that it can be implemented in Apps of other providers via an API (Application Programming Interface) – which should be published in May.

The tracing technology, using the Bluetooth function and encryption, is designed to detect the distance between two devices in order to identify potentially vulnerable people who have been in close contact with a person tested positive for corona. Therefore, the devices should exchange temporarily ID numbers. In case, one person is tested positive he or she should change the status in the used app in order to inform all persons to which the data subject had contact in the past two weeks.

Both, Apple and Google, ensure that they take data protection requirements seriously. According to the provided information the data should firstly be stored on the respective devices and deleted automatically after two weeks. The data should only be uploaded to a server after change of status to tested positive and obtaining consent of the data subject. The exchanged ID numbers are planned to be uploaded to a list anonymously. In order to increase trust, it is planned to publish the software source codes. This would allow everyone to understand how the data is handled. In addition, this is to ensure that no data will be used for advertising purposes.

Apple wants to evaluate “Siri”-recordings again

14. October 2019

Apple wants to evaluate Siri-recordings again in the future. After it became public that Apple automatically saved the audio recordings of Siri entries and had some of them evaluated by employees of external companies, the company stopped this procedure. Although Apple stated that only less than 0.2 % of the queries were actually evaluated, the system received around 10 billion queries per month (as of 2018).

In the future, audio recordings from the Siri language assistant will be stored and evaluated again. This time, however, only after the user has consented. This procedure will be tested with the latest beta versions of the Apple IOS software for iPhone and iPad.

Apple itself hopes that many users will agree and thus contribute to the improvement of Siri. A later opt-out is possible at any time, but for each device individually. In addition, only apple’s own employees, who are – according to Apple -subject to strict confidentiality obligations ,will evaluate the recordings. Recordings that have been generated by an unintentional activation of Siri will be completely deleted.

In addition, a delete function for Siri-recordings is to be introduced. Users can then choose in their settings to delete all data recorded by Siri. If this deletion is requested within 24 hours of a Siri request, the respective recordings and transcripts will not be released for evaluation.

However, even if the user does not opt-in to the evaluation of his Siri recordings, a computer-generated transcript will continue to be created and kept by Apple for a certain period of time. Although these transcripts are to be anonymized and linked to a random ID, they still could be evaluated according to Apple.

Category: General
Tags: ,

Google strives to reconcile advertising and privacy

27. August 2019

While other browser developers are critical of tracking, Google wants to introduce new standards to continue enabling personalized advertising. With the implementation of the “Privacy Sandbox” and the introduction of a new identity management system, the developer of the Chrome browser wants to bring browsers to an uniform level in processing of user data and protect the privacy of users more effectively.

The suggestions are the first steps of the privacy initiative announced by Google in May. Google has published five ideas. For example, browsers are to manage a “Privacy Budget” that gives websites limited access to user data so that users can be sorted into an advertising target group without being personally identified. Google also plans to set up central identity service providers that offer limited access to user data via an application programming interface (API) and inform users about the information they have passed on.

Measures like Apple’s, which have introduced Intelligent Tracking Protection, are not in Google’s interest, as Google generates much of its revenue from personalized advertising. In a blog post, Google also said that blocking cookies promotes non-transparent techniques such as fingerprinting. Moreover, without the ability to display personalized advertising, the future of publishers would be jeopardized. Their costs are covered by advertising. Recent studies have shown, that the financing of publishers decreases by an average of 52% if advertising loses relevance due to the removal of cookies.

Based on these ideas, the discussion among developers about the future of web browsers and how to deal with users’ privacy should now begin. Google’s long-term goal is a standardization process to which all major browser developers should adhere. So far, Google has had only limited success with similar initiatives.

Apple advises app developer to reveal or remove code for screen recording

12. February 2019

After TechCrunch initiated investigations that revealed that numerous apps were recording screen usage, Apple called on app developers to remove or at least disclose the screen recording code.

TechCrunch’s investigation revealed that many large companies commission Glassbox, a customer experience analytics firm, to be able to view their users’ screens and thus follow and track keyboard entries and understand in which way the user uses the app. It turned out that during the replay of the session some fields that should have been masked were not masked, so that certain sensitive data, like passport numbers and credit card numbers, could be seen. Furthermore, none of the apps examined informed their users that the screen was being recorded while using the app. Therefore, no specific consent was obtained nor was any reference made to screen recording in the apps’ privacy policy.

Based on these findings, Apple immediately asked the app developers to remove or properly disclose the analytics code that enables them to record screen usage. Apples App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity. In addition, Apple expressly prohibits the covert recording without the consent of the app users.

According to TechCrunch, Apple has already pointed out to some app developers that they have broken Apple’s rules. One was even explicitly asked to remove the code from the app, pointing to the Apple Store Guidelines. The developer was given less than a day to do so. Otherwise, Apple would remove the app from the App Store.

 

Teenager hacked Apple’s internal network

22. August 2018

A 16-year-old boy from Melbourne, Australia broke into Apple‘s internal computer systems and downloaded 90GB of data, as reported by Australian newspaper The Age. The teenager acquired possession of “authorised keys“ and had access to Apple’s network for approximately a year.

Last year Apple reported the incident to the FBI who then pointed it out to the Australian Federal Police (AFP). They found the sensitive documents in a computer folder named “hacky hack hack“. Apple succeeded to keep this incident out of media until the court proceedings last week.

The 16-year-old boy has pleaded guilty. According to his lawyer, the teenager broke into the network because he is a huge apple fan who wants to work for the company in the future. A verdict is expected at the end of September.

Apple is now trying to reassure its customers. According to a spokesman of the company, no personal data was compromised.

Apple bows to Chinese government

5. March 2018

Apple backs down: The Chinese government has demanded that Apple no longer outsource control of Chinese users data to US-based servers, but hand them over to a Chinese company.

This is likely to give Chinese authorities access to the personal data of Chinese users.

Apple informed the users in the passed weeks. Users of Apples service iCloud were informed, that their data is not longer stored on servers in the USA. Since February 28th, is Guizhou-Cloud Big Data (GCBD) the server provider for the data of Chinese users. GCBD is a state-controlled internet company based in Guizhou Province in southern China.

Affected are iCloud users with a Chinese Apple-ID.

The measure is based on new Chinese cybersecurity law, that is in place since last year. According to the new law, personal data of Chinese users fall under Chinese law and not, like before, under the law, the provider falls under.

For the diffraction under the Chinese law, Apple is heavily criticized.

 

 

Apple offers hackers up to $200,000

29. September 2016

Forbes just released an article saying that Apple invited some of the best hackers to its headquarter in Cupertino.

Among them:

  • the 19-year-old teenage prodigy who was the first to jailbreak an iPhone 7, and therefore now being a world-renowned iOS hacker as well as an
  • ex-NSA employee who has repeatedly found security lacks concerning Mac OS X  Luca Todesco.

The meeting should have been secret and kept confidential, but unfortunately some details leaked. So for example that Apple plans to brief them on the launch of its bug bounty program. The hackers will be rewarded with up to $200,000 in case they can provide Apple with information on vulnerabilities about its laptops and phones. Furthermore, the mentioned program is expected to be put into effect before the end of the month due to the fact that this has been promised at the Black Hat security conference in Las Vegas last months. Nevertheless, Apple pursues an invite-only list-strategy in order to get quality over quantity.

U.S. House of Representatives passes Email Privacy Bill

29. April 2016

The U.S. House of Representatives voted unanimously on Wednesday about the Email Privacy Bill. The bill aims at updating the current Electronic Communications Privacy Act (ECPA) from 1986. Under the ECPA, U.S. Authorities can access email communications directly from service providers with just a subpoena, if data is more than 180 old. However, under the new Email Privacy Act, they will need furthermore a warrant to access emails or other electronic communications no matter how old they are.

Currently, access to electronic communications from U.S. authorities is being subject to debate at an international level. Specially, after some weeks ago the FBI requested Apple to develop a software that allows to extract data from an iPhone device that belonged to the San Bernardino terrorist.

The Email Privacy Bill will have to be voted by the Senate, but the position of the upper chamber towards the bill is still not clear.

Category: USA
Tags: ,