'I Checked Apple's New Privacy Nutrition Labels. Many Were False.' (msn.com) 73
Long-time Slashdot reader Futurepower(R) shared this investigation from the Washington Post's technology writer:
When I spot-checked what a couple dozen apps claim about privacy in the App Store, I found more than a dozen that were either misleading or flat-out inaccurate...
Apple's big privacy product is built on a shaky foundation: the honor system. In tiny print on the detail page of each app label, Apple says, "This information has not been verified by Apple." The first time I read that, I did a double take. Apple, which says caring for our privacy is a "core responsibility," surely knows devil-may-care data harvesters can't be counted on to act honorably...
About 1 in 3 of the apps I checked that claimed they took no data appeared to be inaccurate... If a journalist and a talented geek could find so many problems just by kicking over a few stones, why isn't Apple? Even after I sent it a list of dubious apps, Apple wouldn't answer my specific questions, including: How many bad apps has it caught? If being inaccurate means you get the boot, why are some of the ones I flagged still available?
Putting aside the deception, there's another question: Are Apple's labels even helpful...? Nowhere on any of Apple's privacy labels, in fact, do we learn with whom apps are sharing our data. Imagine if nutrition facts labels left off the whole section about ingredients.
Irony alert, there's a tech giant that is more transparent: Facebook. With a setting called "off-Facebook activity" that it launched in 2020, you can actually see all the different apps and websites that are feeding your data to Facebook and ask the social network to stop using the data to target you with ads.
Finally, the article notes that apps from some major companies — including Google — "have yet to even post labels."
Apple's big privacy product is built on a shaky foundation: the honor system. In tiny print on the detail page of each app label, Apple says, "This information has not been verified by Apple." The first time I read that, I did a double take. Apple, which says caring for our privacy is a "core responsibility," surely knows devil-may-care data harvesters can't be counted on to act honorably...
About 1 in 3 of the apps I checked that claimed they took no data appeared to be inaccurate... If a journalist and a talented geek could find so many problems just by kicking over a few stones, why isn't Apple? Even after I sent it a list of dubious apps, Apple wouldn't answer my specific questions, including: How many bad apps has it caught? If being inaccurate means you get the boot, why are some of the ones I flagged still available?
Putting aside the deception, there's another question: Are Apple's labels even helpful...? Nowhere on any of Apple's privacy labels, in fact, do we learn with whom apps are sharing our data. Imagine if nutrition facts labels left off the whole section about ingredients.
Irony alert, there's a tech giant that is more transparent: Facebook. With a setting called "off-Facebook activity" that it launched in 2020, you can actually see all the different apps and websites that are feeding your data to Facebook and ask the social network to stop using the data to target you with ads.
Finally, the article notes that apps from some major companies — including Google — "have yet to even post labels."
Re: I checked HITLER's Nazi SWASTIKAS!!! (Score:1)
And you are surprised? (Score:1)
Apple is one of the most successful businesses in existence. They can't be bothered to validate a single privacy claim because it might cut into their massive profits. Their privacy claims are pure bullshit advertising that means absolute nothing. I would go so far as to say Apple is perpetuating fraud to increase their profits.
Re:And you are surprised? (Score:5, Insightful)
Can you imagine the cost of trying to verify all the privacy claims? There are millions of apps (~5 million). How long is it going to take them to verify each one?
The right solution is to have a bounty program (paid for by the app developers) for people who catch the labels in a lie. Independent researchers will be scrambling all over themselves to find an error in Facebook's app - esp. if the amount FB agreed to pay in the event of a lie scaled with the number of individual instances that would be assumed to have occurred (e.g. amount per user x users). But even a small app with 500 people will find someone looking for the $25 check from Apple and resume item "Received $X in bounties from Apple for finding security holes"
Re: (Score:2)
Unfortunately, based on TFA, even if someone spot checks apps and reports violations free of charge with no expectation of reward, Apple will still leave the Apps unchecked.
Re: (Score:2)
A bounty program would require Apple to actually spend money to keep their promises. Are you insane?
Re: (Score:2)
Apple wouldn't have to spend any money, they could include a clause in the very long set of conditions developers need to follow in order to be on the app store that says that if the developer is caught (by Apple or otherwise) lying in their privacy labels then that app developer has to pay up.
Re: (Score:2)
I never implied Apple would have to spend money. I specifically said that FB (or the other app developers) would agree to pay as part of the TC of selling on the Apple store. Apple could delay the bounty payout until it collected from the developer (eliminating risk). hell, Apple could even charge a 30% fee on that payment as well and make even more money.
Re: (Score:2, Insightful)
Can you imagine the cost of trying to verify all the privacy claims? There are millions of apps (~5 million). How long is it going to take them to verify each one?
False argument. I as a customer don't care whether Apple needs to hire 100K people to fulfill their promises, or whether they develop a suite of automated algorithms, or a bounty program, or whatever they need to do to make it happen.
I'm a customer, and I'm paying premium price for their hardware, walled garden ecosystem and services. It's their responsibility to ensure it's clean.
"We don't do it because it costs too much" is not a valid argument because everything can have the same argument plastered to it
I also want a free new phone (Score:2)
And I as a customer don't care about whether Apple needs to pay for materials and labor to produce their phones. I want a new phone delivered in a Lambo, which I also get to keep. However, I'm aware my wants aren't that relevant to Apple's business.
You may claim it doesn't matter, but 100k people able to detect truly privacy violations (so, six-figures) is running $10+ billion a year. (100k x 100+k). That's not realistic.
Re: (Score:2)
You're just derping on yourself.
If it is too expensive to verify that it is true, then they shouldn't advertise it.
Duh. It is on them to check the cost, and choose to do it, or not do it. If they tell the customer it is true, then they have a responsibility to check.
Re: (Score:2)
You may claim it doesn't matter, but 100k people able to detect truly privacy violations (so, six-figures) is running $10+ billion a year. (100k x 100+k). That's not realistic.
Then Apple shouldn't fucking pretend it's happening and instill a false sense of security unless you read the very fine print at the bottom.
Re: (Score:2)
You missed the point completely. As a matter of fact, you're validating mine, come to think of it.
All you've mentioned are things a product maker must comply with, spending more money to make sure their products are compliant.
So yes, that is EXACTLY why Apple should do what I said.
Too expensive to do it? Okay, then don't implement it as "done" with a fine print saying "welp, not really done, but it looks nice and we bet most of you sheep won't realize it, bwahaha".
Re: (Score:3, Insightful)
Can you imagine the cost of trying to verify all the privacy claims? There are millions of apps (~5 million). How long is it going to take them to verify each one?
Do you honestly think we should really give a shit about the cost, talking about a trillion-dollar company? Apple wants to build a walled garden and claim privacy and security? Fine. Do your damn job. Besides, I offer an alternative solution to this that would likely trim down app store bloat. Advertising millions of apps is like bragging about millions of hits returned in an online search. No one gives a shit, because no one is using 99.9% of it. (Not trying to be cruel here, but how many apps have o
Re:And you are surprised? (Score:4, Funny)
Re: (Score:2)
Hey, they also have to identify green lights or bicycles.
Re:And you are surprised? (Score:4, Insightful)
Apple is one of the most successful businesses in existence. They can't be bothered to validate a single privacy claim because it might cut into their massive profits. Their privacy claims are pure bullshit advertising that means absolute nothing. I would go so far as to say Apple is perpetuating fraud to increase their profits.
Then someone should sue them into oblivion for it. Global class action to the tune of trillions. They'll be "bothered" enough then.
Of course, this is the problem with mega-corps, and why they should be broken into 1,000 pieces. They generally have more lawyers than you do. Pushing legal threats away from the courtroom by threat of legal muscle is not a proper defense. It's a corrupt one.
This may be a surprise to you but... (Score:4, Interesting)
Perhaps you didn't know, but - no one validates nutrition labels either. They are pretty much based on an honor system too. They do follow FDA recommendations and, in theory, consumers can probably complain and/or sue for incorrect information (if they can prove this information caused some specific damage - note that *allergen* information is always separate). In any case, as a nutrition geek I can tell you that a large number of nutrition labels are purposely misleading, and a good portion are completely wrong too. This goes both for the nutrition label itself and the ingredients.
So, if the food industry, where this actually directly matters to human health, can't get it right - I'd cut Apple, who just added these what, yesterday, a bit of slack.
Re: (Score:3)
Why aren't they being caught? Too few inspections, or weak punishments? Time to start jailing CEO's. Why is pirating a Pokemon cartoon a felony but doctoring food labels not? Our priorities are fucked up by deep pockets.
Re: This may be a surprise to you but... (Score:2)
Too few inspections, or weak punishments? Both. And they are paid by the government to monitor and themselves. And they game government health initiatives like health star ratings and ingredient number codes. And worse stuff you wouldn't believe. Big Food treats us like cattle.
Re: This may be a surprise to you but... (Score:2)
Re: (Score:3)
They absolutely don't treat us like cattle. Mis-labeling cattle feed could get them sued big time, they would never risk that.
If only they would treat us as well as they treat cattle.
Re: This may be a surprise to you but... (Score:2)
Re: This may be a surprise to you but... (Score:1)
you are what you eat
Cows, pigs, and chickens are primarily fed grains and grasses, by your logic that means they're not meat.
Re: (Score:3)
For example, take a look at the nutrition label for a can of cooking spray... which is, literally, oil. Yet front of the can will probably claim that the product is "FAT FREE!!!*" (*with small print about it actually having a trivial amount of fat). they can claim the oil has 0 grams fat and something like 10 calories per serving because
Re:This may be a surprise to you but... (Score:5, Funny)
Why don't you swallow some Sinai and tell us how toxic it is?
The mountain or the peninsula? Either way, managing to swallow it will almost certainly kill you, if not from the immediate act of swallowing it, then from the fact that Egypt doesn’t take kindly to such acts.
Legal consequences (Score:2)
There are few consequences but they do exist; not that it's big enough and the FDA is grossly underfunded with one whole party dedicated to drowning it in the bathtub.
Apple will have to be their own police, judge, and jury - at their own expense, which can't be more than the marketing benefits from doing so (much of which can just be advertised without doing anything at all; since perception management works extremely well even in the face of overt facts.)
Re: (Score:2)
Apple could easily do a lot more. For example in TFA they mention a relaxation app that phones home. That app does not need internet access at all, but there is no way to disable that. No permission, no firewall.
Android isn't much better, although you can get firewall apps for it but none of them are all that great.
A per-app firewall would solve most of these issues.
Re: (Score:2)
Main food items are usually okay, but there are two big issues:
* "Natural Flavor": Basically they can put anything that "came from nature" and don't tell you about it. Starbucks used to include crushed bugs for the red color in strawberry smoothies: https://www.npr.org/sections/t... [npr.org].
* Staleness factor: The vitamins might have been 2mg when the product was packaged, but they have most likely lost potency after 6 months in the warehouse. What you see is not what you get
And never make assumptions about food if
Re: (Score:1)
If it's not accurate, that's why we have both the free market and the 4th estate
As someone else points out, no one else seems to be doing this
Apple making this a "thing" is at least a step in the right direction to actual accountability
Re: (Score:1)
Re: (Score:2)
Why would anybody in africa give a shit about trump ? Simple answer is they dont.
Repeat for China, South America, most pacific islands, Australia, NZ, and Asia but hey...
Applee is an apperances company. (Score:3, Insightful)
I am not surprised.
Apple has always been a company selling appearances.
Their products are vanity jewelry first, and tools second.
It does not matter if the CPU is adequately cooled, the keybord lasts, or the app cares about privacy.
It only matters what is *says* it is, so that the clueless and blindly believing owner can feel superior.
That is why the higher the price, the more popular it is.
Some people just need that in their lives. E.g. to compensate an inferiority complex. And Apple very gladly feeds that need.
So of course all that matters here, is that there are good-looking labels, so you can feel good.
If you had a clue, you wouldn't have bought Apple, (nor Samsung or Huawei or Google) in the first place.
Re: (Score:1)
What would I have bought if I had a clue?
Re: (Score:1)
A Dell. Who are currently making some actual, useful computers for real work.
Boosting my fragile self-esteem is real work.
Think Conformity.
Perception sells, facts are often lost (Score:3)
The vast majority of people will never know this, nor will they care to read the nutrition label and care even less about reading the small print disclaimer that Apple does not verify anything. All they see is that "Apple cares about my privacy" marketing message, and if it drives more sales, it worked.
Don't believe what the app says (Score:2)
Except for the big labels, I don't believe anything other apps say. That is unfair to small guys but that is the reality. If an app is capable getting data, it is getting it and using it. That is my default assumption even if the app says otherwise. Only top companies with deep pockets can ever be sued and that also for a small amount in class action lawsuits. Laws are clear. By installeing app you are giving them key to your device. Now if they steal things from your device, it is a civil action and you ca
Re: (Score:2)
Whoa, whoa, whoa. Let's all remember the highly-limited, specialized context here: iOS (and Android and MS Windows, etc). You don't really think your statement happens to be the case in the context of Debian (and Ubuntu, Mint, Pop_OS, etc), do you?
$ dpkg -l | wc -l
3228
3228 apps spying on me right now? I think not. The web browser does some pretty creepy, dangerous things, but for the most part I bet any info leaks are bugs, not actual attack
Rules are not enough (Score:2)
If you're unable to punish people, you're unimportant. If you're not verifying the work (random samples), you're not getting honest answers.
It's a useful maxim and it describes how corporations view many US federal regulations: Rules are not enough.
In the past I subscribed to a state government departmental newsletter. It summarized court cases it had undertaken and their rulings. The message was clear: Don't do this or you'll be in the shit too.
The checks will come (Score:2)
I imagine app developers will initially get penalised based on users reporting those apps to Apple. I would also imagine if the number of reports proves too high there may be some incentive for Apple to develop an automated detection system of done sort?
Re: (Score:2)
"Any observed statistical regularity will tend to collapse once pressure is placed upon it for control purposes." -- Charles Goodhart
Otherwise known as, "When a measure becomes a target, it ceases to be a good measure."
Stats, like reports to Apple for ToS infringements, are mere proxies of the underlying conditions they want to control. As we've seen over & over again, it's very profitable to manipulate stats without actually changing the underlying conditions to someone's favour. Malicious actors will
Of course we can trust Apple & their clients (Score:2)
Of course they are fake... (Score:2)
So this Slashdot-owned site named Sourceforge (Score:1)
The Slashdot-owned and operated site Sourceforge offers a monumental amount of binaries, claimed to reflect source code.
There's no requirement for privacy statements.
There's no obligatory verification that the binaries respect any privacy statement made.
There's no obligatory verification that the binaries behave legally.
There's no obligatory verification that the binaries reflect the source code.
There's no obligatory independent verification of source code as representing legal behavior.
Clearly unacceptable
Because its never really been about privacy... (Score:2)
...rather its about control.
Come on guys, this shouldn't require a mastermind to figure out the plans of this villain.
Backdraft imminent (Score:2)
IF the most successful, most profitable company in all of human history hasn’t the moral impetus to respect and protect humanity; it is fated - to undo.
F-Droid does this best (Score:2)
They need to take a look at F-Droid because they have nailed this.
Sounds just like Apple's MFi program (Score:2)
Sounds just like Apple MFi. Manufacturers can put the "MFi" logo but Apple doesn't actually certify the vast majority of MFi products on the market.
We're Being Played (Score:2)
Here we have an article in the WaPo that suggests that companies are flouting Apple's new privacy rules. OK.
But hang on a second. Aren't Apple caught up in a big, "tussle of the titans" sort of argument over this at the moment? Why yes, I believe they are [theverge.com].
So who would benefit if Apple's efforts to improve end user privacy wer