- Apple has a big — and misleading — ad on display in Las Vegas during this year’s CES convention.
- The ad states, “What happens on your iPhone, stays on your iPhone.”
- The ad is literally untrue; much of what users do on their iPhones and the data they generate doesn’t stay on their devices.
- IPhones leak data to wireless carriers, websites, app developers — and to Apple’s own servers and services.
- Apple benefits directly and indirectly from the information that can be gleaned off of users’ iPhones.
Give me a break, Apple.
That’s a cute ad you have in Las Vegas for the CES tech convention. “What happens on your iPhone, stays on your iPhone” is both a good dig at your rivals and a clever restating of Sin City’s popular catch phrase.
But it’s literally a lie. What happens on customers’ iPhones doesn’t stay on them — and you know it.
All kinds of data leaks off of iPhones, much of it with user permission to the numerous software developers who offer the apps that make your devices so useful. But plenty of it also goes to your own servers and services. That’s something you both encourage and make money off of — in some cases in ways that aren’t all that different from the companies your ad is implicitly deriding.
Paul Manafort knows what’s on iPhones doesn’t stay there
To cite one prominent example of how data on iPhones doesn’t actually stay on them, take the case of Paul Manafort, President Trump’s former campaign manager who was recently convicted of multiple federal crimes. Part of what got him in trouble were some WhatsApp messages he sent from his iPhone.
Drew Angerer/Getty ImagesThat may seem strange at first. WhatsApp is renowned for offering a secure messaging service with end-to-end encryption, which blocks anyone but the sending and receiving parties from reading messages. iPhones are also renowned for their own security — and everything stays on an iPhone, right?
Wrong. Manafort backed up his WhatsApp messages to your iCloud service, a common practice. What he apparently didn’t realize is those backups aren’t secure, that you have the keys to them and can access them when federal prosecutors ask you to.
Other companies do the same thing, of course. Businesses are legally obliged to hand over customer information when they receive a subpoena from law enforcement (unless they choose to legally challenge the subpoena, as Apple and others do from time to time).
Manafort’s case may also be the one of the more extreme, and justified, examples of how the things people do on their iPhones don’t actually stay on them. But it’s certainly not an isolated one.
iPhones regularly leak all kinds of information
Even at a very basic level, iPhones leak information. It’s not a bad thing, it’s just the nature of phones and networked computers. When users make a call or access the internet, they are providing information via the cell towers or wireless routers they are connecting through to carriers or website operators about where they are and, in many cases, who they are connecting with. That kind of metadata absolutely doesn’t stay on users’ iPhones.
Hollis JohnsonBut you as a company also get all kinds of data off iPhones. Your Maps app and its real-time traffic conditions service relies on data you glean from iPhone users. Many iPhones are customized to automatically send you diagnostic and other data, so you can identify bugs in your operating system. When iPhone users asks questions of Siri, their devices submit those queries to your servers, and you use that information to get a better idea of the kind of information users are looking for.
You’ve made a big deal about how the iPhone has built-in encryption and advanced authentication technology, such as your Face ID facial recognition system, to protect the data stored on users’ devices. And for the most part, the iPhone’s built in security technology is pretty robust.
But as the Manafort case illustrates, the locks you’ve put on people’s devices are irrelevant when you’ve left open a huge back door in the form of your iCloud service.
iCloud is a big back door to users’ iPhones
It used to be that most customers backed up their phones to their home computers via your iTunes software, assuming they backed them up at all. Now, the default is to back up to iCloud — something you’ve been pushing customers to do. It’s true that the iCloud backup service is a lot easier and user friendly than iTunes. But you make money off it; you charge customers who want more than the pittance of storage you offer.
Paramount VantageAll that data — including sensitive things like chat and email messages — is copied to your computers through iCloud. While your policy may be to not access user data, it’s factually incorrect to claim that the data “stays” on a customer’s iPhone.
It’s a particularly dangerous illusion to perpetuate for people who may not be technically savvy enough to know any better and who are foolish enough to take you at your word.
Just look at what happened to Jennifer Lawrence.
Like many people, Lawrence used your iClould Photos service, which stores on your servers the pictures users take on their iPhones. The service is great; I use it to backup all my digital photos and to access them on my numerous Apple devices.
The downside of iCloud Photos, though, is that photos are no longer just on users’ devices, and they too can leak out. That’s something that Lawrence and several other celebrities found out to their dismay several years ago when malicious actors were able to figure out their iCloud passwords, gain access to their photo libraries, and post on the public web some of the risque pictures they found there.
Apple benefits from Google searches and Facebook’s app
In recent years, as your iPhone sales have started to stagnate and even fall, you’ve been touting your services business. According to analysts, one of the biggest and most profitable money makers in that business is your deal with Google. That deal ensures that Google is the default search engine in the iPhone’s Safari web browser, a position which ends up sending likely billions of search requests to the company every year.
Visual China GroupThat’s a significant data leak in and of itself; Google uses those searches to glean lots of information about iPhone users and to precisely target them with ads. That’s the core of Google’s business — a business you implicitly are deriding in your ad — and you help enable it for a huge chunk of change. How exactly are you better than Google, again?
Besides Google, the other big target of your pro-privacy campaign has been Facebook. But users must have a device of some kind to access Facebook. Most of them these days get to the service using their phones, and in the United States and many other countries, a large portion of those mobile users are getting to Facebook via their iPhones. Another way of saying that is that what users do on Facebook on their iPhone isn’t staying on their iPhones.
Sure, you’re not collecting the data. But you benefit from Facebook’s app being available for the iPhone and, indirectly, from the data it collects. After all, Facebook’s app has long been one of the most popular apps in the iPhone App Store. It’s quite possible that if it weren’t available for the iPhone at all or only offered a fraction of the features as the Android version — features, after all, that are often enabled or powered by the data Facebook collects — a significant portion of your user base would buy an Android phone instead.
But it’s not just Facebook’s app that leaks data off of users’ iPhones. A huge portion of apps in your store do that. And you know that, because you designed iOS, the operating system underlying the iPhone, to do just that. You built in hooks that allow developers to access and use all kinds of information off users’ phones, including their location, their photos, their contacts in their address books, even their health and fitness information.
Yes, there are good reasons to allow that access. And you do offer some relatively good settings in iOS to give users some measure of control over who has access to that information and how it’s used. But it’s absolutely false to suggest to users that such information stays on their device.
iPhone apps are finely tracking users’ locations
What’s more, even with the tools you offer, users still sometimes have little control or even knowledge of how data collected from their iPhones is being used. In a report last month, the New York Times found dozens of companies that collect consumers’ location data via their mobile phones, including iPhones. Although the data was collected anonymously, the companies’ databases often contained enough information about the comings and goings of particular phones to identify individuals and their patterns of behavior.
What’s more, the report found that at least some affected consumers were unaware that their location information was being used for purposes other than the explicit features of the apps that gleaned it. Some were also unaware that, in many cases, their location information — such as what stores they visited — was being sold or passed along to other companies, including hedge funds.
Look, Apple, I appreciate your commitment to privacy. As a consumer, one of the things I like about being a customer of yours is that your business isn’t dependent on tracking my every move so that you can sell ads. I understand and appreciate that you make efforts to anonymize the data I and other users send to you. I also like the fact that in many cases you have given me choices about what data I share and with whom.
But iPhones aren’t closed boxes. Much that happens on them — sometimes all of it — definitely doesn’t stay on them. And to suggest that it does is dishonest and a disservice to your customers.