ICYMI is posted every Monday recapping privacy news over the last week from around the web.
Over the past decade, a large and opaque industry has been amassing increasing amounts of personal data.1,2 A complex ecosystem of websites, apps, social media companies, data brokers, and ad tech firms track users online and offline, harvesting their personal data. This data is pieced together, shared, aggregated, and monetized, fueling a $227 billion-a-year industry.1 This occurs every day, as people go about their daily lives, often without their knowledge or permission.3,4 Let’s take a look at what this industry is able to learn about a father and daughter during a pleasant day spent at the park.
An excellent, easy to understand and follow depiction of how data is abused on a day to day basis for the average Jane and Joe. Vanderbilt University did something like this in their 2018 paper about Google data collection (page 7).
A whopping 74% of users would rather have apps track their online activities than pay for content or features that are currently free; only a mere 26% said otherwise.
More than half (52%) think frequent tracking prompts would negatively impact the user experience.
59% agreed they would opt-in to being tracked if that’s how the app delivers relevant content, while 41% disagreed.
There's a lot of interesting information but here's a few eye opening bullet points. That first point about being tracked over paying anything is the largest hurdle to overcome. Just because something is monetarily free doesn't mean it's entirely free.
I downloaded a de-stressing app called the Satisfying Slime Simulator that gets the App Store’s highest-level label for privacy. It turned out to be the wrong kind of slimy, covertly sending information — including a way to track my iPhone — to Facebook, Google and other companies. Behind the scenes, apps can be data vampires, probing our phones to help target ads or sell information about us to data firms and even governments.
As I write this column, Apple still has an inaccurate label for Satisfying Slime. And it’s not the only deception. When I spot-checked what a couple dozen apps claim about privacy in the App Store, I found more than a dozen that were either misleading or flat-out inaccurate. They included the popular game Match 3D, social network Rumble and even the PBS Kids Video app. (Say it ain’t so, Elmo!) Match and Rumble have now both changed their labels, and PBS changed some of how its app communicates with Google.
Apple’s big privacy product is built on a shaky foundation: the honor system. In tiny print on the detail page of each app label, Apple says, “This information has not been verified by Apple.”
I mean, it makes sense that Apple (or any company) don't have the ability to proactively audit millions of apps but it feels ineffective if you have to rely on the companies stealing our data to tell us how exactly they're stealing it.
Apple will soon require iPhone, iPad, and Apple TV app developers to request permission from users to collect their random advertising identifier (known as the "Identifier for Advertisers" or "IDFA"), which advertisers use to deliver personalized ads and track how effective their ad campaigns were. Specifically, users will be presented with a prompt to allow or deny tracking as necessary when opening apps on iOS 14, iPadOS 14, and tvOS 14, as part of Apple's App Tracking Transparency ("ATT") policy.
In response to this upcoming change, Google today announced that it will stop collecting IDFAs for the "handful" of its iOS apps that currently use it for advertising purposes once Apple's new policy goes into effect. As a result, Google said it will not need to show Apple's tracking permission prompt in its iOS apps.
Not that Google has given us any reason to doubt them before.
Want to join the discussion? Check out this post, and others, over at the CupWire subreddit and leave a comment.