Apple instituted new rules in its iPhone 4 SDK designed to protect user privacy, but the company may not yet be enforcing those rules as they appear to apply against competing ad networks such as Google's AdMob.
The new iOS 4 user privacy rules, known as section 3.3.9, specify that App Store developers "may not collect, use, or disclose to any third party, user or device data without prior user consent, and then only under the following conditions:
- "The collection, use or disclosure is necessary in order to provide a service or function that is directly relevant to the use of the Application. For example, without Appleâs prior written consent, You may not use third party analytics software in Your Application to collect and send device data to a third party for aggregation, processing, or analysis.
- "The collection, use or disclosure is for the purpose of serving advertising to Your Application; is provided to an independent advertising service provider whose primary business is serving mobile ads (for example, an advertising service provider owned by or affiliated with a developer or distributor of mobile devices, mobile operating systems or development environments other than Apple would not qualify as independent); and the disclosure is limited to UDID, user location data, and other data specifically designated by Apple as available for advertising purposes."
In addition to safeguarding users' data from adware and spyware threats, the new language appeared to be clearly aimed at preventing ad networks owned by competing "mobile operating systems or development environments," (wording that would include Google's AdMob) from collecting private user data, device data, and location data for any purpose, including targeted advertising.
Independent ad networks are allowed to collect a limited amount of data solely for the purpose of refining targeted advertising. No apps are allowed to collect general data from iOS users and send this to third parties for general analysis, even when the data is aggregated and not personally identifying.
The new rules were prompted in part by data collected by Flurry Analytics, which used third party apps embedded with its code to spy out new hardware Apple engineers were using. When that data was published, Apple executives got angry that apps on their own platform were collecting device identifiers and other private data without their knowledge.
New limits aimed at Google
Apple is also obviously not excited about Google's AdMob acquisition, which enables its most tenacious competitor in the smartphone arena to collect lots of information about iOS users and their buying habits and device use, and then use this data to enhance its own Android OS and Marketplace.
However, according to a report by the Wall Street Journal, Apple does not yet appear to be enforcing these rules.
"Software developers say their new and updated applications are getting approved by Apple," the Wall Street Journal said, "even though the apps are enabled to serve ads by third-party ad networks such as Google's Mobile Adsense and AdMob."
The Journal wrote that the fact that "apps with third-party ad services are still getting approval into the App Store could take the pressure off of Apple" related to Federal Trade Commission's scrutiny of Apple's App Store dealings.
SDK limits don't ban AdMob, just adware and spyware activities
At the same time, there's nothing in the SDK guidelines that prevents Google's AdMob from placing ads in developers apps; it's only spyware data collection for analytics or location-based advertising (and other targeted advertising based on users' private data) that Apple prohibits competitors like AdMob from harvesting from iOS users.
This does not prevent AdMob from acting as a middleman broker to simply place ads in developer's apps; it just defeats much of the analytical value of the data that Google otherwise collects from users, in most cases without their knowledge or opt-in consent. Google's banner ads do not ask permission before collecting the user's device ID or obtaining other private data directly from the app.
In contrast, Apple outlined its own privacy policy regarding its use of user location data and other unique information related to its own iAd program in the App Store. That notice, which users had to review before downloading additional apps, outlined how to turn Location Services off and how to opt out of any data collection used to personalize the ads iAd presents.
The Journal report did not address user data privacy issues or the industrial espionage Apple is seeking to prevent. It did however note that at least some developers were hesitant to test Apple's SDK rules on user privacy.
Scott Dunlap, the chief executive of NearbyNow Inc., which develops apps for media companies like Condé Nast Publications, told the Journal, "We stayed away from adding anything other than the iAd network," noting that Apple's iAd program was more lucrative than other ad networks.