Is Apple Actually The Champion of Digital Privacy?

Apple uses many powerful encryption methods to protect the contents of its users’ devices. Following recent headlines regarding Facebook and Google’s privacy issues, Apple has been outspoken about the importance of privacy and how Apple makes your privacy a priority. Marketing messages from Apple have been heavy on privacy as the company looks to distance itself from the privacy failures of the other major tech companies.

Having a company as big as Apple advocating for better data privacy is awesome BUT…Apple is not perfect.

Apple Runs on Big Data Just Like Other Tech Companies

Apple portrays itself as not relying on collecting and monetizing users’ data. Since Apple doesn’t rely on user data to operate an advertising platform like Facebook or Google, this makes sense. However, Apple collects and stores tons of user data. Apple’s iCloud storage manages and stores contacts, calendars and correspondence between iOS devices. They store this data in data centers which are vulnerable to attacks. Because Apple’s software and operating system is proprietary and closed-source, its hard for anyone to know what data Apple is storing about you.
The relationship that consumers have with Apple works in the same way that consumers relate to Google or Facebook. So much of the relationship is based on trust. Tech companies don’t users enough insight into where their data goes and how it’s used. Apple can claim that it has the best privacy protection in the world but without a clear look into the actual functionality of it’s services, it’s hard to know for sure.

In a recent article in TechCrunch, Arman Tabatabai said this:
“If the past year has shown anything it is that two rules are fundamental: (1) everything that can be connected to the Internet will be connected; and (2) everything that can be collected, will be collected, analyzed, used and monetized. It is inexorable.”

Apple Needs To Be More Transparent

Apple’s public statements on privacy are great, and if they’re true it’s exciting that a company as large as Apple is so committed to making their devices align with their users’ interest in privacy.
One problem with the tech industry as a whole, and most especially with Apple is a lack of transparency. Companies like Google and Facebook release very little information about the algorithms that drive their products. Apple is very secretive about its product releases and development, but what’s more concerning is that everyone is left in the dark when it comes to their data security policies as well.

Read More: Why Apple CEO Time Cook Can Be So Outspoken about Privacy, but Mark Zuckerberg Can’t

Apple is a Hardware Company, But…

Apple’s main competitor in the mobile space is Google’s Android. The reason Apple can appear to be “the good guy” is because they are a hardware company. Apple makes devices, while Google is a search engine and an advertising platform. Google’s business model relies on user data for making its search results relevant and for targeting ads. Apple shouldn’t need user data at all, but it still collects tons of data.
Consider the data that an iPhone gathers about one person. The GPS tracks your location, questions you ask Siri are sent to Apple and behavioral use data is collected and analyzed. Apple claims that it doesn’t share information with outside companies, but once again how do we really know.
It’s so easy for Apple to be “better” than Google at providing users with a sense of privacy and security. The perfect stance for Apple would be that they don’t collect any data about users and how they use Apple’s devicesApple is a hardware company, but relies on data in much of the same way that Google, Facebook and other tech companies do. Data is so readily available and is so valuable to the companies that use it, that Apple can’t afford to miss out on the power of data-driven decision making.

One message that Apple emphasizes is that they keep as much computing directly on your device as possible. Android devices on the other hand are happy to send requests to their servers and track how you use your device.

Apple’s Stance on Privacy Is Not a Coincidence

It’s not a coincidence that Apple decided to double down on it privacy stance following the media’s coverage of Facebook and Google’s privacy issuesApple uses end-to-end encryption on your iMessages and Facetime. It tries to keep as much computing as possible on your device, rather than doing cloud-based, web-based computing.

Apple speaking out against the biggest privacy violators is the obvious stance to take. Its biggest competitor, Google was wrapped up in the recent scandals involving tech companies and their poor data privacy standards and Apple speaking out against them positioned Apple as the “good guy”.

Apple has similar goals to Google and Facebook, drive customer engagement. And so far, Apple has been extremely successful. All of these tech companies want to keep customers on their platforms to collect more data to “optimize” their products to fit their goals. While Google and Facebook wants to make their products appealing to maximize ad revenue, Apple wants to make user experiences with their products satisfying enough to convince someone to buy exclusively Apple devices. This drive in the tech world to keep users “engaged” is also the driving force behind the surveillance level data collection we’re seeing on the internet.

Apple Controls Your Devices and What You Install

One criticism that Apple receives is that they lock down your devices and which apps you can install. While Windows PCs and Android devices can be changed to fit each user’s unique needs, iOS devices have to run iOS and can only install apps listed in the iOS App Store.
“With these products, Apple only invests more in its battle against computer user freedom and, by extension, “free speech, free commerce, free association, privacy, and technological innovation,” said FSF executive director John Sullivan in a statement in September.
If Apple is fully committed to privacy, shouldn’t they allow users to work with whatever operating system they choose to fit their needs? Making users run only iOS is trapping people in Apple’s ecosystem and keeping the control of users (and their data) in Apple’s hands. If you are concerned with sharing your data with Apple, you should be allowed to run another operating system that aligns better with your privacy wants and needs. Apple advocating for privacy and still locking people in their operating system and app store goes against their privacy-friendly messaging.

Apple’s Differential Privacy

Apple says it uses “differential privacy” to gather as much information as possible about a group of people, without learning anything about one specific person.

How Does Differential Privacy Work?

Source: iOS Security Guide

According to Apple’s overview of Differential Privacy, “the system is designed to provide transparency to the user.” 

Not only does Apple strip the metadata and your “identity” from the differentially private data it collects, it also uses a so-called “privacy budget”. This budget limits the data points Apple collects from a single user so that if someone were to access the data they wouldn’t be able to infer a single user’s identityWhile Apple’s differential privacy is seemingly much better than other forms of data storage that don’t obfuscate the data at all the company hasn’t addressed other security issues.

There is an idea that Apple and it’s operating systems, macOS and iOS, are immune to the computer viruses and malware that plague Windows computers. This leads people to believe that their devices and data is protected completely, without any extra effort.

Experts agree that there are less hacks and virus infections on Apple devices, but this doesn’t mean that people can ignore privacy or security threats entirely. The perception that there is no threat actually means there is more of a risk for Apple users to fall victim to social engineering.

Differential Privacy Doesn’t Protect Apple From Hacks

Apple has been far from perfect on privacy. One of the most notable breaches into Apple and it’s data stores happened in 2014. Hackers discovered a vulnerability into iCloud through the Find My iPhone service. It allowed them use a brute force attack to access users’ Apple ID and iCloud data. It lead to a leak of many private and nude photos of celebrities that were stored in iCloud storage. Apple later denied that iCloud was to blame for the leak and instead it called the breach a “very targeted” brute-force attack.

Most recently, there was a bug in Apple’s FaceTime that allowed users to discreetly listen in to other iPhone users without their knowledge. Differential privacy does very little to protect users from hacks and breaches like this.

Apple Collaboration with NSA Surveillance

In June 2013 The Guardian and The Washington Post reported on leaked documents from the National Security Agency listing American companies that cooperate with PRISM which gives government organizations authorization to secretly access data of non-American citizens hosted by American companies without a warrant. Apple denies having any knowledge of the program, but there are multiple reports that loop Apple in with the other companies that supposedly are involved in the PRISM program.
AppleInsider reported that “Edward Snowden refuses to use Apple’s iPhone over spying concerns”. In an interview with Sputnik, Snowden’s lawyer explained, “the iPhone has special software that can activate itself without the owner having to press a button and gather information about him.” Despite Apple denying claims that they are actively participating in any NSA surveillance, it’s concerning that one of the biggest names in the privacy and cybersecurity world doesn’t buy into the company’s privacy messages.

How To Manage Your Privacy on Apple Devices

To secure your iCloud data and other personal information, you first have to secure the devices that hold your information. Here are a few quick steps that will pay dividends later on by keeping your private data protected.

How to Secure Your iPhone & Other iOS Devices

  • Use a (Complex) Passcode: Hopefully you’re already using a passcode to keep your iPhone and its contents secured. This is most important for protecting your phone’s contents in the event that you lose your phone or it gets stolen. Without a passcode, someone could access your text conversations, your emails and any sensitive information you have stored on your iPhone. If you’re using a numeric code, we recommend using a 6-digit combination as opposed to 4-digit for added security. The best passcodes are alpha-numeric because they are harder to crack with brute force attacks.
  • Enable Touch ID and Face ID (Carefully): Touch ID and Face ID are both great for keeping unwanted people from using your device. However, we advise you to take care if you’re trying to secure especially private or sensitive information. The legality of law enforcement making you unlock your device is still unclear, so you may be more secure using a passcode.
  • Use Two-Factor Authentication: You can use two factor authentication to further protect the contents of your iCloud account. It will require you to enter a passcode sent to your other iOS device AND your password to get in to your account.
  • Beware of Phishing or Social Engineering: Even if iOS has the best security and privacy protection on the market, it can’t protect you from social engineering or phishing attacks. These come in the form of seemingly harmless emails or messages, but they may contain a link or a file that contains malicious scripts or covert data collection. It’s easy to fall victim to a phishing attack because a message may appear to come from someone you know.
  • Manage Your Location Settings & App Permissions: You should regularly review your location settings on your iPhone as well as the permissions you’ve granted your apps. Many apps default to always collect your location data, but many of these don’t need that information to work properly. Switch these apps to only collect location data when you’re using them.
  • Keep Your Devices Updated: App updates, and especially iOS updates, are a simple and very effective way to keep your device’s security current. Updates often include patches for known security vulnerabilities. Download these updates as soon as possible to avoid leaving gaps in your security.
  • Activate Find My iPhone: Find My iPhone, aside from helping you find your phone can help you protect your data if your phone is stolen or lost. There is a feature in Find My iPhone that lets you wipe all your information off your device so that whoever has your phone will be unable to crack your passcode and access your data.