William Gallagher
An investigation into the accuracy of privacy disclosures in Apple's App Store "nutrition labels" has found that a significant number are simply false.
Apple made its privacy notices, also known as "nutrition labels," mandatory for any new or updated iOS 14 app in the App Store from December 8, 2020. As reported by AppleInsider at the time, however, Apple appeared to be entirely dependent on app developers both complying, and telling the truth.
Now according to the Washington Post, a survey of app privacy notices has shown that, "many" are false.
The Washington Post does not say how many apps were checked, but claims that "about 1 in 3" of those tried were falsely reporting that they collect no data. These include the game Match 3D, social network Rumble, and PBS Kids Video.
All three have reportedly now made some changes, but during the Washington Post "spot check," each was allegedly falsely claiming to track no data. So was a de-stressing app named Satisfying Slime Simulator, which was reportedly sending information to Facebook, Google and others.
"Apple conducts routine and ongoing audits of the information provided and we work with developers to correct any inaccuracies," an Apple spokesperson told the Washington Post. "Apps that fail to disclose privacy information accurately may have future app updates rejected, or in some cases, be removed from the App Store entirely if they don't come into compliance."
The apps were reportedly tested in part in conjunction with a former National Security Agency researcher. The Satisfying Slime Simulator was sending Facebook, Google and GameAnalytics details of the user's iPhone IDFA, battery level, free storage space, volume setting, and general location.
Apple's forthcoming update to iOS 14 which will introduce a new App Tracking Transparency. Apps still using IDFA will require a user's specific permission to carry on.
Advertisers believe that most users, on being prompted to allow tracking, will choose to say no. Apple will offer advertisers an alternative framework, however, which it claims gives advertisers useful information, without compromising the user's privacy.
Google plans to adopt this new, more privacy-minded SKAdNetwork framework. Facebook continues to protest against the change, and may even take Apple to court over it.
As previously reported by AppleInsider, a number of major app developers have yet to comply with Apple's requirement for privacy or nutrition labels. Until they do so, Apple will not allow any new apps, nor updates to existing ones.
At present, it remains true that Apple is dependent on developers' honesty, but the system is also new. Over time, however, any developer who wants to have an updated app on the App Store will have to provide privacy information. As the App Store policy becomes the norm, and especially when IDFA is made opt in, the accuracy of the nutrition labels will only increase.
Christine McKee
AppleInsider Staff
Chip Loder
Malcolm Owen
20 Comments
I'm thinking that Apple should add some automated testing around this which helps validate the labels
But Apple's App Store is supposed to be safe! That was the reason they gave for why we are not allowed to install a third party App Store.
Folks, it is all just smoke and mirrors. There is no real security on the App Store. As long as an app has access to your information and the internet, it is not secure. From what I can tell as a developer, all of Apple's security features are really about protecting Apple, not their customers. It is also all about marketing. If you feel like you are being protected, you will buy more Apple products. Even so, Apple is at least making a show of being secure which is something no other company (Google, Facebook, Microsoft) is even attempting to do.
So for the nitwits responding here all smoke and mirrors and automated testing. This will take time to get perfect. Developers not playing by the book can simply disable time based code so that it passes the review. Once in the store the feature can becomes active. But fear not Apple will catch that eventually and they will get a warning and the boot when they do not comply ...
By the logic of some here you should not lock your house, because hey one can enter if they really want. I applaud Apple for taking these steps and as always it will take time to perfect, but in this day and age instant everything is the motto, but hey arm chair comments are so easy and seem so valuable, though the once that make them never seem to think this completely through. Privacy and security take time and is an never ending cat and mouse race ...