This is a big reason why I continue to use apple devices.
They seem to be one of the few large tech companies that aligns themselves with users rights to privacy.
Apple isn’t perfect. But they build very good privacy and security into their products. And they structure their UI and defaults in such a way that the average user benefits with no effort or specialized knowledge.
I definitely see some questionable privacy practices by Apple...
- While "10x less", iPhone still sends your private information (such as location) to Apple on a regular basis[1].
- Apple encrypts iCloud backups with a key they control, not end-to-end[2]. This means that Apple can decrypt and inspect your phone and computer backups.
- According to the article, iOS developers can use their "new privacy-focused ad framework" to "allow anonymously retrieving data without getting a hold of the user or specific information". I don't fully understand that sentence but it sounds a lot like Apple trying to compete directly with Goog + FB in the advertising industry.
In case you weren't aware, the accuracy of "The Big Hack" (3rd citation) has been widely called into question. There has been no corroboration of their claims, despite a lot of interest in locating one of these compromised servers. While it raises an important point about the plausibility of supply chain compromises (see NSA and Cisco), the case in the article has not been shown to be a matter of fact.
The story earned two sarcastic Pwnie Awards from the security industry last year, "Most Epic Fail" and "Most Overhyped Bug".
> - While "10x less", iPhone still sends your private information (such as location) to Apple on a regular basis[1].
Apple documents cases where private information is used, even if it is never sent off device. macOS and iOS users would be familiar with the interstitial privacy screens that show up the first time you use a feature.
iOS has always shown an icon in the status bar when the location information is accessed and provides a log of recent accesses. Recent versions have been more aggressive of reminding you when location data is being shared.
The most common reason location data is sent to Apple is for navigation purposes; if you opt into Location Services, Apple uses your device location for traffic aggregation. You can turn this off at any time.
> new privacy-focused ad framework
App developers incorporate ad frameworks to monetize their apps. An advertiser pays for an ad, and the ad framework displays it in the app. If the user taps on an ad, the framework communicates this back to its servers to make sure the app developer gets credit.
Most ad frameworks try to slurp up as much information as possible about the user in order to tailor more ads to them. Apple's new SKAdNetwork API does not send user information back to the network, only the app identifier that is needed for paying the app developer.
- Apple doesn't let you secure your OWN device. Apple does not give you permission to run a firewall or any other app to do your own security.
- Apple doesn't allow you to see what your phone is doing. You cannot see what apps are running, when they are running or what data is being sent where.
- Apple encumbers your data. It doesn't provide an alternative to icloud. Why not a personal icloud, self-hosted on macos. Why not even a time-machine backup of your phone? Apple could make it easy, but instead they try to upsell you on more icloud storage.
> Apple does not give you permission to run a firewall or any other app to do your own security.
Apple does allow security products on the Mac, and I have analyzed popular ones such as SecureMac's MacScan 2, and others that were on the Mac App Store's bestseller list, and there are tons of scams.
Users hear that it's good advice to install antivirus but don't know how to evaluate them. It is to Apple's discredit (and publishers like MacWorld that gave glowing reviews to MacScan) that these flourish on the Mac, but thankfully iOS users have not been duped to the same extent.
I don't know if it's really true that you're not allowed to run firewalls and such on iOS. They provide content blocking and VPN APIs. See the ability for Wireguard to introduce a completely new VPN protocol simply by installing an app. There is a lot of engineering effort that goes into supporting that.
> You cannot see what apps are running.
The model for when apps are executing is more complicated on iOS. I don't think it's as useful to think about an app's lifecycle as you do on a traditional desktop OS. Security that relies on you "catching" an app executing (if such monitoring is not always-on) is not good security.
> Why not even a time-machine backup of your phone?
You can easily back up an iPhone (encrypted, even) to a Mac or PC. This has existed longer than iCloud Backup. Apple does not release tools for inspecting an opaque backup blob, though there are some reverse engineered ones.
the flaw there is that it is opt-out not opt-in, and you can only block web activity, not apps.
> You cannot see what apps are running.
Yes, the model is more complicated, but it abstracts away important ways apps can run even if you don't realize it, such as notifcations, "voip".
> > Why not even a time-machine backup of your phone?
> You can easily back up an iPhone (encrypted, even) to a Mac or PC.
Kind of. You don't back up apps or app private data. In other words, restoring your phone is at the mercy of apple and the app folks. Will you get the same app? Will you get your audiobooks? no, you will have to download them again.
1) The article never clarifies why Apple is sending location data. It could just be for the Find my Phone feature in which case users should just switch that off.
2) Apple doesn't have computer backups. But agreed that it isn't great that backups are not encrypted with my key.
3) It means Apple will provide information to advertisers about users but not in way that identifies them. Look into Differential Privacy. And I don't think you understand advertising if you think Apple can ever compete with the micro-targeting capabilities of Facebook/Google's advertising platforms.
You've been able to back up iOS devices to a Mac or PC since the first iPhone came out, longer than iCloud has been around. Those backups are encrypted with your own key that Apple does not have access to.
Indeed. While we're at it, let's not forget the PRISM [1] program, or the fact that "privacy from advert companies" does not imply "privacy from all surveillance".
Isn’t point 2 a consequence of the law that they have to follow? Don’t know about rest of the world but I think in EU they are forced to disclose your personal information to the government if asked to do so. This is also in their privacy policy.
But they build very good privacy and security into their products. And they structure their UI and defaults in such a way that the average user benefits with no effort or specialized knowledge.
Sometimes they do, and I agree that they're much better than a lot of big tech companies.
Still, their insistence on tying almost everything to iCloud and then not encrypting iCloud properly is a major black mark against them, which severely reduces the usefulness of their devices and associated services if you value privacy and security.
On the other hand, tying everything to iCloud and then losing all your data because you replaced your sole device and forgot your password would be disastrous. This is the scenario that requires Apple to retain the keys to your iCloud, and as long as they have those keys, they can be compelled to decrypt it under lawful government order.
The thing is, once data is in iCloud, there are other ways you can retrieve it and back it up yourself as long as you do have working authentication, and I can see no good argument for not offering E2E encryption across the board that is tied to such identification.
Worst case, you generate a suitably robust key that is used for authentication and encryption, and you provide a means to export it and back it up however you want without sending it to any third party. You can still use all the snazzy secure enclaves and facial recognition and so on to protect a copy of that key that is held on each of your personal devices to enable easy but reasonably secure access, but the underlying technology is tried and tested, it does not have the lock-in problem, and it does not require data in iCloud to be accessible to anyone but the keyholder.
Also note that this needn't necessarily be mandatory. If users are OK with trusting Apple, they could still use the current approach. But if you're going to claim to be a strong supporter of privacy and security, you should really have at least the option for proper encryption of everything for those people and businesses that want it.
These days I have enough other apple devices tied in (family settings etc) that i could lose one device and still be authenticated via another
I think the secure enclave is the winning technology - whilst not everyone has to have a smartphone in the brave new digital world,everyone will have to have at least one secure enclave (HSM probably tied to biometrics)
This is frustrating, but it doesn't bother me too much on the iPhone -- I can just not use iCloud and periodically back up my phone locally. I don't really need to sync anything but photos because I don't create or edit documents on my phone.
On the other hand, the iPad is a very capable device for content creation, but I couldn't find a reliable way to sync files that doesn't leave them readable to Apple or another party. That'd probably be OK if I could use an iPad as my only computer, but I can't (or won't) today.
I don't really need to sync anything but photos because I don't create or edit documents on my phone.
This is one of the key points. You can plug an iPhone into almost any modern PC, Apple or otherwise, and download the photos and videos. But you can't do the same for other types of data without using one or more of an Apple computer, specialist software or iCloud. The middle option, which is the only one not entirely controlled by Apple itself, has a long history of attempts that proved not to work entirely reliably or last for long. And as you say, for an iPad, where perhaps more users want to do substantial creative work, the same issues apply.
I understand that Apple's current business model is heavily tied to locking customers into its ecosystem, but that does become a significant problem for people who just want a nice phone but also respect for their privacy, and I do think Apple should be called out for this just as I think it's fair to praise them for being much better on broader privacy issues than most of their competitors.
Almost anything else. iOS devices use the same protocols as things like DSLR cameras to allow plug-and-play access to download photos and videos (unless, ironically, you have iTunes software installed and it gets in the way). However, there is no equivalent to let you browse and locally download messages, notes, creative work, or any other type of data you might have on your phone with using one of the channels I mentioned before.
> a reliable way to sync files that doesn't leave them readable to Apple or another party
It's worth noting that nothing in iOS or iCloud prevents apps from encrypting data using a separate user key and then storing in iCloud. (Essentially, using iCloud only as a reliable substrate for syncing files it cannot read.)
That popular apps do not do this is likely due to lack of demand as much as anything. I am sure there are some content creation apps that do provide this functionality, if one is willing to search hard enough.
Most app backups in icloud are end to end encrypted. If you choose to backup your entire device in icloud (rather than automatically on your local mac) that backup is not end to end encrypted.
I agree it should be but that doesn’t seem like a huge deal especially considering the alternative platform (android) doesn’t even have a comprehensive backup solution (only individual apps via gdrive etc).
I agree it should be but that doesn’t seem like a huge deal
I respectfully disagree. Encouraging people to upload data that will probably be very personal in some cases, such as photos, videos or messages they store on their phone, without proper safeguards is at best negligent and/or abusive depending on your point of view. The fact that the other major mobile platform is even worse doesn't make the former situation any better.
Most importantly, their interests directly align with users actually buying their products, not viewing ads on their products. Thus, they have a sort of vested interest in ensuring privacy (which is a product feature). The same cannot be said of Google's Android.
That’s the understatement of the year! Today I just found out that iOS will not show you the size of the videos for example. And there is no easy way to get it.
They seem to be one of the few large tech companies that aligns themselves with users rights to privacy.
Apple isn’t perfect. But they build very good privacy and security into their products. And they structure their UI and defaults in such a way that the average user benefits with no effort or specialized knowledge.