Tucked inside Apple's first-ever transparency report, published yesterday, was a not-so-subtle dig at the tech giant's competitors. "Our business does not depend on collecting personal data," Apple wrote. "We have no interest in amassing personal information about our customers."
It's no secret that for social web companies like Google or Facebook, collecting, storing, and analyzing data about every aspect of your life translates into cold, hard cash—the more sensitive and personal, the better. But in the emerging post-NSA new world order, the unwritten privacy-for-cool services agreement that drives the internet ecosystem is making netizens increasingly uneasy.
So in its report on the number requests for information it gets from government agencies, Apple took the opportunity to go on the offensive and remind its customers that it doesn't know as much about you as some others do. To a certain extent that's true. But it doesn't mean Apple doesn't collect personal data on its users. It sure does—a lot.
I went looking for the devil in the details to parse just how much Apple knows about you, and to what extent the company really does protect user privacy.
I'll start with the good news. Shortly after the details of the NSA's Prism program were leaked, Apple published a privacy statement explaining the user information it can't retrieve for the authorities, either because they're encrypted or not stored on the company's servers. It reminded users of this again in yesterday's report: "We protect personal conversations by providing end-to-end encryption over iMessage and FaceTime. We do not store location data, Maps searches, or Siri requests in any identifiable form."
Apple gathers up about as much personal information on users as any other big tech company. The main difference is, it says it doesn't connect the dots.
Things get more interesting with the second category: "non-personal" information, which is any user data that isn't associated with a specific individual. We're talking about details like customers' jobs, real-time location, habits, and the like. That data, the company says, is collected anonymously. Apple has free reign to share, sell, or store it however it damn pleases.
Apple also, like all internet companies, relies on cookies to track user activity. It knows your shopping habits in the Apple Store and where you go when surfing the web in the Safari browser, and uses that insight for advertising and marketing.
Then there's Siri. The company stated that it doesn't store Siri communications in an "identifiable form." But what's happening behind the scenes when you use the voice recognition feature comes awfully close to being a tell-all about your private life. Per the company's user agreement:
When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text and, for Siri, to also process your requests. Your device will also send Apple other information, such as your first name and nickname; the names, nicknames, and relationship with you (e.g., “my dad”) of your address book contacts; and song names in your collection (collectively, your “User Data”). All of this data is used to help Siri and Dictation understand you better and recognize what you say. It is not linked to other data that Apple may have from your use of other Apple services.
To sum it up, Apple gathers up about as much personal information on users as any other big tech company. The main difference is, it says it doesn't connect the dots. It may know everything about you, but it doesn't know you're you.
It might, however, know where you are. The most controversial part of Apple's data collection practices is real-time location tracking. There was a big to-do made about iPhone location tracking a couple years ago, when it was revealed that Apple collects and stores as much as 12 years worth of user geodata on its devices, unencrypted. That can, and was, hacked into and accessed and used to create this very creepy map of exactly where your iPhone is in real-time.
Via the iPhone Tracker project
Smartphones are regularly transmitting user locations back to Apple, which is amassing a database of anonymous location data. Google's Android does this too. Apple addressed privacy concerns by assuring users the data is encrypted when it's sent to the company, so Apple doesn't actually know where you, specifically, are at all points in time.
But concerns about location tracking haven't entirely gone away, and now it seems the company is doubling down on real-time GPS information with a mind to future product features. Yesterday, the company was awarded a patent for a technology that "can adaptively track a user's location and use the data to intelligently control secondary devices at another locale, such as home appliances," Apple Insider reported.
Apple—like other tech firms—wants to build a home automation system to connect the growing plethora of smart objects lying around the house. According to the patent, its idea is to take the user out of the process and have it all center around a "first device" that sends back specific details about your real-time location and habits to automatically control the other devices.
In other words, if the iPhone in your pocket knows you're almost home, it could trigger the garage door to open. Apple knows your current location and guesses your future actions based on that.
Tech companies are fond of saying they work hard to balance user privacy with the ability to provide innovative services and products. Taken at face value, Apple's statements and policies suggest the company's balancing on a tiny tightrope. Even if it does anonymize non-personal information, separate the sensitive life details you reveal to Siri or Safari from the company's user profile of you, and not associate your always-tracked device with your real identity, there's no question that personal user data big part of any technology company's business model these days. Even Apple.