Apple is pulling apps that share location data with 3rd parties

[DrMacintosh]

Quote

Apple has reportedly started enforcing an App Store rule regarding location data more stringently. According 9to5mac, the tech giant has already removed a number of apps from the Store that share users' location to third parties without their explicit consent. In the letter it sent to the affected developers, Apple told them their applications didn't comply with Legal sections 5.1.1 and 5.1.2 of the App Store Review Guidelines. Those sections state that apps must not transmit "user location data to third parties without explicit consent from the user and for unapproved purposes."

These actions appear to be in preparation of the recent GDPR, it has not been officially stated that this is the reason Apple is doing this. The law does not require Apple to change anything in the US, but they are doing his for all users. Which is a good thing because it does really show their true colors regarding consumer privacy. 

 

These guidelines do however seem to be worded to allow users to "opt-in" for their data to be shared with other parties which seems fair. 

 

Quote

pple also told them they need to remove any code, framework or SDK used for location data collection and third-party sharing before their apps can be listed on the Store again. As 9to5mac noted, Cupertino has started cracking down on apps that violate its location data rules just before the EU's General Data Protection Regulation law takes effect on May 25th.

As far as I can tell, this is only a good thing. Apple is still allowing apps to be put back on the store, but only if they comply with the guidelines. 

 

The actions of Apple will hopefully encourage more companies to follow suit and expand these practices beyond where they are legally required to do so. 

 

source: https://www.engadget.com/2018/05/09/apple-pulls-apps-share-location-data/

[Unhelpful]

Good.

[captain_to_fire]

Or else Apple will pay 20 million euros or 4% of their annual turnover, whether which one is higher. But hey I'm glad they're doing it.

[DrMacintosh]

1 minute ago, captain_to_fire said:

Or else Apple will pay 20 million euros or 4% of their annual turnover, whether which one is higher. But hey I'm glad they're doing it.

What I find good is that Apple is doing it beyond just the EU. If they were just complying they would only require this in the EU, but they are expanding it to all markets from what I can tell. 

[captain_to_fire]

Just now, DrMacintosh said:

What I find good is that Apple is doing it beyond just the EU. If they were just complying they would only require this in the EU, but they are expanding it to all markets from what I can tell. 

Windows 10 already has the right to be forgotten option in the latest April 2018 update, I'm guessing the next update for macOS and iOS 11.4 will bring that too.

[williamcll]

I wonder will we reach a point where privacy concern is high enough that it's putting pressure on Big data.

[DrMacintosh]

4 minutes ago, captain_to_fire said:

Windows 10 already has the right to be forgotten option in the latest April 2018 update, I'm guessing the next update for macOS and iOS 11.4 will bring that too.

We will see. WWDC is right around the corner. 

[Silentprototipe]

Well thats nice  

[captain_to_fire]

2 minutes ago, DrMacintosh said:

We will see. WWDC is right around the corner. 

I think Apple shouldn't wait to comply until June because GDPR will be implemented across EU member nations on the 25th of May.

[Carclis]

This leaves me wondering if they're doing it simply to meet the requirements of the GDPR and implementing it worldwide because it's easier, or because they believe the US will follow suit with similar privacy laws or perhaps just to gather some good publicity in the hope that it will hide all the bad PR they garnered over "right to repair" and anti-consumer practices in general.

[DrMacintosh]

3 minutes ago, captain_to_fire said:

I think Apple shouldn't wait to comply until June because GDPR will be implemented across EU member nations on the 25th of May.

They could probably put it in a small security update. macOS doesn’t collect much as far as I know. Hell, maybe it doesn’t have anything to change lol 

[Zando_]

Just now, DrMacintosh said:

They could probably put it in a small security update. macOS doesn’t collect much as far as I know. Hell, maybe it doesn’t have anything to change lol 

Apple is pretty good at not collecting your data, since they make Operating Systems and services in order to sell products, whereas companies like Google and Facebook offer products or services for free, and thus need to pull your data in order to make money selling that to advertisers or improving their platform. 

[jj9987]

Apple already is doing pretty good job regarding handling/collecting users' data. They do not store much on their servers at all, most of it is encrypted on the device and processed locally as needed.

 

https://www.cnbc.com/2018/04/25/how-to-download-a-copy-of-apple-data-about-me.html

[Cheezdoodlez]

Good. But it doesn't protect people with said apps already installed. Unless they have some sort of pop up warning people that the app is transmitting data to third parties without consent?

 

But I digress. It's a good move. 

[TroubleKlef]

I wish they would kill Facebook too.

[asus killer]

there is something i don't get it, how does Apple know if a developer that uses location shares it or not with the 3rd party? i would say that's impossible for them to know or am i missing something? even if they go trough every single line of code on every single app, can't dishonest developers share it anyway after collecting it?

 

once you get access to the data how can you control it's use? isn't this more a PR stunt than anything else?

[captain_to_fire]

6 hours ago, asus killer said:

there is something i don't get it, how does Apple know if a developer that uses location shares it or not with the 3rd party? i would say that's impossible for them to know or am i missing something? even if they go trough every single line of code on every single app, can't dishonest developers share it anyway after collecting it?

 

once you get access to the data how can you control it's use? isn't this more a PR stunt than anything else?

they use anonymized telemetry 

[maartendc]

On 5/9/2018 at 10:20 AM, DrMacintosh said:

What I find good is that Apple is doing it beyond just the EU. If they were just complying they would only require this in the EU, but they are expanding it to all markets from what I can tell. 

Usually for companies it is just easier to roll out rules like that worldwide. It ends up costing them more time/ effort to differentiate between regions. I have seen numerous companies roll out new privacy rules over the past week worldwide to comply with the new EU data privacy regulations.

 

Not exactly the same thing obviously, but car manufacturers also manufacture cars according to the rules of the most stringent market they are sold in (which in the US is California). It doesn't make sense to manufacture different models for different markets. Apparently the same goes for how data is handled company-wide.

[maartendc]

On 5/9/2018 at 10:22 AM, williamcll said:

I wonder will we reach a point where privacy concern is high enough that it's putting pressure on Big data.

There is too much (potential) money in big data. They will just always comply with the law to the extent they have to, while going on with business as usual.

 

I mean, I am not a legal expert or anything, but it is kind of like Facebook: the users agree to hand their data over, and in return they get to use the service for free. Same with Google services. As long as you get people to hand over their data willingly to you, its all legal as far as I know. The recent scandals have been more about the data then being sold or mined by 3rd parties without the users' consent.

[DrMacintosh]

8 hours ago, asus killer said:

there is something i don't get it, how does Apple know if a developer that uses location shares it or not with the 3rd party? i would say that's impossible for them to know or am i missing something? even if they go trough every single line of code on every single app, can't dishonest developers share it anyway after collecting it?

 

once you get access to the data how can you control it's use? isn't this more a PR stunt than anything else?

Developers who want to send telemetry anywhere have to use an Apple built SDK, it’s easy for Apple to tell if the app uses that SDK and will pull the app if it does not comply with the App Stores standards. 

 

[mr moose]

6 hours ago, DrMacintosh said:

Developers who want to send telemetry anywhere have to use an Apple built SDK, it’s easy for Apple to tell if the app uses that SDK and will pull the app if it does not comply with the App Stores standards. 

 

So what if the app sends the data back to the app makers servers? once that occurs it is no longer inside the apple ecosystem and can't be tracked by apple.  The app is O.K because it sends the data where it claims, but after that they could send it anywhere and who would know?

[DrMacintosh]

4 minutes ago, mr moose said:

So what if the app sends the data back to the app makers servers? once that occurs it is no longer inside the apple ecosystem and can't be tracked by apple.  The app is O.K because it sends the data where it claims, but after that they could send it anywhere and who would know?

I’m pretty sure Apple can see if the App uses the SDK when it’s being reviewed for posting on the App Store, if it does, they require it comply with the App Store standards or else it will be removed. 

 

These guidelines include what kind of data can be sent. 

[mr moose]

Just now, DrMacintosh said:

I’m pretty sure Apple can see if the App uses the SDK when it’s being reviewed for posting on the App Store, if it does, they require it comply with the App Store standards or else it will be removed. 

 

These guidelines include what kind of data can be sent. 

Yes, but after that data has been sent apple can't do anything about it.  I write an app that sends location data back to me, it passes review because that is o.k under apples terms.  I can then sell that data to third parties and apple wouldn't know becasue once I have it it is no longer inside the app or anywhere near apple services. 

 

[DrMacintosh]

1 minute ago, mr moose said:

I write an app that sends location data back to me, it passes review because that is o.k under apples terms.  I can then sell that data to third parties and apple wouldn't know becasue once I have it it is no longer inside the app or anywhere near apple services. 

Now all that data says is that someone went somewhere and some time. That data is not associated with you. 

[mr moose]

9 minutes ago, DrMacintosh said:

Now all that data says is that someone went somewhere and some time. That data is not associated with you. 

Not too sure that's how it works.  If I write an app that collects location data, not being a 3rd party I can collect that data and associate it with whatever I want.  Once I have it, I can do as I please with it.