Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Apple

'I Checked Apple's New Privacy Nutrition Labels. Many Were False.' (msn.com) 73

Long-time Slashdot reader Futurepower(R) shared this investigation from the Washington Post's technology writer: When I spot-checked what a couple dozen apps claim about privacy in the App Store, I found more than a dozen that were either misleading or flat-out inaccurate...

Apple's big privacy product is built on a shaky foundation: the honor system. In tiny print on the detail page of each app label, Apple says, "This information has not been verified by Apple." The first time I read that, I did a double take. Apple, which says caring for our privacy is a "core responsibility," surely knows devil-may-care data harvesters can't be counted on to act honorably...

About 1 in 3 of the apps I checked that claimed they took no data appeared to be inaccurate... If a journalist and a talented geek could find so many problems just by kicking over a few stones, why isn't Apple? Even after I sent it a list of dubious apps, Apple wouldn't answer my specific questions, including: How many bad apps has it caught? If being inaccurate means you get the boot, why are some of the ones I flagged still available?

Putting aside the deception, there's another question: Are Apple's labels even helpful...? Nowhere on any of Apple's privacy labels, in fact, do we learn with whom apps are sharing our data. Imagine if nutrition facts labels left off the whole section about ingredients.

Irony alert, there's a tech giant that is more transparent: Facebook. With a setting called "off-Facebook activity" that it launched in 2020, you can actually see all the different apps and websites that are feeding your data to Facebook and ask the social network to stop using the data to target you with ads.

Finally, the article notes that apps from some major companies — including Google — "have yet to even post labels."
This discussion has been archived. No new comments can be posted.

'I Checked Apple's New Privacy Nutrition Labels. Many Were False.'

Comments Filter:
  • Apple is one of the most successful businesses in existence. They can't be bothered to validate a single privacy claim because it might cut into their massive profits. Their privacy claims are pure bullshit advertising that means absolute nothing. I would go so far as to say Apple is perpetuating fraud to increase their profits.

    • by Actually, I do RTFA ( 1058596 ) on Saturday February 06, 2021 @10:11PM (#61036024)

      Can you imagine the cost of trying to verify all the privacy claims? There are millions of apps (~5 million). How long is it going to take them to verify each one?

      The right solution is to have a bounty program (paid for by the app developers) for people who catch the labels in a lie. Independent researchers will be scrambling all over themselves to find an error in Facebook's app - esp. if the amount FB agreed to pay in the event of a lie scaled with the number of individual instances that would be assumed to have occurred (e.g. amount per user x users). But even a small app with 500 people will find someone looking for the $25 check from Apple and resume item "Received $X in bounties from Apple for finding security holes"

      • by sjames ( 1099 )

        Unfortunately, based on TFA, even if someone spot checks apps and reports violations free of charge with no expectation of reward, Apple will still leave the Apps unchecked.

      • by rossz ( 67331 )

        A bounty program would require Apple to actually spend money to keep their promises. Are you insane?

        • by jonwil ( 467024 )

          Apple wouldn't have to spend any money, they could include a clause in the very long set of conditions developers need to follow in order to be on the app store that says that if the developer is caught (by Apple or otherwise) lying in their privacy labels then that app developer has to pay up.

        • I never implied Apple would have to spend money. I specifically said that FB (or the other app developers) would agree to pay as part of the TC of selling on the Apple store. Apple could delay the bounty payout until it collected from the developer (eliminating risk). hell, Apple could even charge a 30% fee on that payment as well and make even more money.

      • Re: (Score:2, Insightful)

        by war4peace ( 1628283 )

        Can you imagine the cost of trying to verify all the privacy claims? There are millions of apps (~5 million). How long is it going to take them to verify each one?

        False argument. I as a customer don't care whether Apple needs to hire 100K people to fulfill their promises, or whether they develop a suite of automated algorithms, or a bounty program, or whatever they need to do to make it happen.
        I'm a customer, and I'm paying premium price for their hardware, walled garden ecosystem and services. It's their responsibility to ensure it's clean.
        "We don't do it because it costs too much" is not a valid argument because everything can have the same argument plastered to it

        • And I as a customer don't care about whether Apple needs to pay for materials and labor to produce their phones. I want a new phone delivered in a Lambo, which I also get to keep. However, I'm aware my wants aren't that relevant to Apple's business.

          You may claim it doesn't matter, but 100k people able to detect truly privacy violations (so, six-figures) is running $10+ billion a year. (100k x 100+k). That's not realistic.

          • You're just derping on yourself.

            If it is too expensive to verify that it is true, then they shouldn't advertise it.

            Duh. It is on them to check the cost, and choose to do it, or not do it. If they tell the customer it is true, then they have a responsibility to check.

          • You may claim it doesn't matter, but 100k people able to detect truly privacy violations (so, six-figures) is running $10+ billion a year. (100k x 100+k). That's not realistic.

            Then Apple shouldn't fucking pretend it's happening and instill a false sense of security unless you read the very fine print at the bottom.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Can you imagine the cost of trying to verify all the privacy claims? There are millions of apps (~5 million). How long is it going to take them to verify each one?

        Do you honestly think we should really give a shit about the cost, talking about a trillion-dollar company? Apple wants to build a walled garden and claim privacy and security? Fine. Do your damn job. Besides, I offer an alternative solution to this that would likely trim down app store bloat. Advertising millions of apps is like bragging about millions of hits returned in an online search. No one gives a shit, because no one is using 99.9% of it. (Not trying to be cruel here, but how many apps have o

      • by arglebargle_xiv ( 2212710 ) on Sunday February 07, 2021 @06:00AM (#61036706)
        Google method is much more economical. Google ask Google Play authors "are you Russian hacker?" and if reply is "nyet!" then app gets approved.
        • Google method is much more economical. Google ask Google Play authors "are you Russian hacker?" and if reply is "nyet!" then app gets approved.

          Hey, they also have to identify green lights or bicycles.

    • by geekmux ( 1040042 ) on Sunday February 07, 2021 @03:19AM (#61036474)

      Apple is one of the most successful businesses in existence. They can't be bothered to validate a single privacy claim because it might cut into their massive profits. Their privacy claims are pure bullshit advertising that means absolute nothing. I would go so far as to say Apple is perpetuating fraud to increase their profits.

      Then someone should sue them into oblivion for it. Global class action to the tune of trillions. They'll be "bothered" enough then.

      Of course, this is the problem with mega-corps, and why they should be broken into 1,000 pieces. They generally have more lawyers than you do. Pushing legal threats away from the courtroom by threat of legal muscle is not a proper defense. It's a corrupt one.

  • by ugen ( 93902 ) on Saturday February 06, 2021 @10:36PM (#61036070)

    Perhaps you didn't know, but - no one validates nutrition labels either. They are pretty much based on an honor system too. They do follow FDA recommendations and, in theory, consumers can probably complain and/or sue for incorrect information (if they can prove this information caused some specific damage - note that *allergen* information is always separate). In any case, as a nutrition geek I can tell you that a large number of nutrition labels are purposely misleading, and a good portion are completely wrong too. This goes both for the nutrition label itself and the ingredients.

    So, if the food industry, where this actually directly matters to human health, can't get it right - I'd cut Apple, who just added these what, yesterday, a bit of slack.

    • by Tablizer ( 95088 )

      as a nutrition geek I can tell you that a large number of nutrition labels are purposely misleading, and a good portion are completely wrong too. This goes both for the nutrition label itself and the ingredients.

      Why aren't they being caught? Too few inspections, or weak punishments? Time to start jailing CEO's. Why is pirating a Pokemon cartoon a felony but doctoring food labels not? Our priorities are fucked up by deep pockets.

      • Too few inspections, or weak punishments? Both. And they are paid by the government to monitor and themselves. And they game government health initiatives like health star ratings and ingredient number codes. And worse stuff you wouldn't believe. Big Food treats us like cattle.

      • by dfm3 ( 830843 )
        There are too many loopholes, exceptions, and no consequences for blatantly exploiting consumers' unfamiliarity with the metric system by using tricks like rounding errors.

        For example, take a look at the nutrition label for a can of cooking spray... which is, literally, oil. Yet front of the can will probably claim that the product is "FAT FREE!!!*" (*with small print about it actually having a trivial amount of fat). they can claim the oil has 0 grams fat and something like 10 calories per serving because
    • There are few consequences but they do exist; not that it's big enough and the FDA is grossly underfunded with one whole party dedicated to drowning it in the bathtub.

      Apple will have to be their own police, judge, and jury - at their own expense, which can't be more than the marketing benefits from doing so (much of which can just be advertised without doing anything at all; since perception management works extremely well even in the face of overt facts.)

    • by AmiMoJo ( 196126 )

      Apple could easily do a lot more. For example in TFA they mention a relaxation app that phones home. That app does not need internet access at all, but there is no way to disable that. No permission, no firewall.

      Android isn't much better, although you can get firewall apps for it but none of them are all that great.

      A per-app firewall would solve most of these issues.

    • by stikves ( 127823 )

      Main food items are usually okay, but there are two big issues:

      * "Natural Flavor": Basically they can put anything that "came from nature" and don't tell you about it. Starbucks used to include crushed bugs for the red color in strawberry smoothies: https://www.npr.org/sections/t... [npr.org].
      * Staleness factor: The vitamins might have been 2mg when the product was packaged, but they have most likely lost potency after 6 months in the warehouse. What you see is not what you get

      And never make assumptions about food if

    • I just think that the term "nutrition label" is unnecessary since it's just a summarized disclosure box

      If it's not accurate, that's why we have both the free market and the 4th estate

      As someone else points out, no one else seems to be doing this

      Apple making this a "thing" is at least a step in the right direction to actual accountability
  • by BAReFO0t ( 6240524 ) on Saturday February 06, 2021 @11:56PM (#61036234)

    I am not surprised.

    Apple has always been a company selling appearances.
    Their products are vanity jewelry first, and tools second.
    It does not matter if the CPU is adequately cooled, the keybord lasts, or the app cares about privacy.
    It only matters what is *says* it is, so that the clueless and blindly believing owner can feel superior.
    That is why the higher the price, the more popular it is.

    Some people just need that in their lives. E.g. to compensate an inferiority complex. And Apple very gladly feeds that need.

    So of course all that matters here, is that there are good-looking labels, so you can feel good.
    If you had a clue, you wouldn't have bought Apple, (nor Samsung or Huawei or Google) in the first place.

    • What would I have bought if I had a clue?

  • by misnohmer ( 1636461 ) on Sunday February 07, 2021 @12:15AM (#61036266)

    The vast majority of people will never know this, nor will they care to read the nutrition label and care even less about reading the small print disclaimer that Apple does not verify anything. All they see is that "Apple cares about my privacy" marketing message, and if it drives more sales, it worked.

  • Except for the big labels, I don't believe anything other apps say. That is unfair to small guys but that is the reality. If an app is capable getting data, it is getting it and using it. That is my default assumption even if the app says otherwise. Only top companies with deep pockets can ever be sued and that also for a small amount in class action lawsuits. Laws are clear. By installeing app you are giving them key to your device. Now if they steal things from your device, it is a civil action and you ca

    • If an app is capable getting data, it is getting it and using it.

      Whoa, whoa, whoa. Let's all remember the highly-limited, specialized context here: iOS (and Android and MS Windows, etc). You don't really think your statement happens to be the case in the context of Debian (and Ubuntu, Mint, Pop_OS, etc), do you?

      $ dpkg -l | wc -l
      3228

      3228 apps spying on me right now? I think not. The web browser does some pretty creepy, dangerous things, but for the most part I bet any info leaks are bugs, not actual attack

  • ... built on a shaky foundation: the honor system.

    If you're unable to punish people, you're unimportant. If you're not verifying the work (random samples), you're not getting honest answers.

    It's a useful maxim and it describes how corporations view many US federal regulations: Rules are not enough.

    In the past I subscribed to a state government departmental newsletter. It summarized court cases it had undertaken and their rulings. The message was clear: Don't do this or you'll be in the shit too.

  • I imagine app developers will initially get penalised based on users reporting those apps to Apple. I would also imagine if the number of reports proves too high there may be some incentive for Apple to develop an automated detection system of done sort?

    • "Any observed statistical regularity will tend to collapse once pressure is placed upon it for control purposes." -- Charles Goodhart

      Otherwise known as, "When a measure becomes a target, it ceases to be a good measure."

      Stats, like reports to Apple for ToS infringements, are mere proxies of the underlying conditions they want to control. As we've seen over & over again, it's very profitable to manipulate stats without actually changing the underlying conditions to someone's favour. Malicious actors will

  • Of course we can trust advertising agencies to be honourable. What reasons would we have to suspect that they might deceive, mislead or manipulate us?
  • The only possible limits Apple can impose is limiting access to OS level APIs. An app can do far more data gathering in other ways, outside these API calls, how can anyone honestly believe Apple has a clue.
  • The Slashdot-owned and operated site Sourceforge offers a monumental amount of binaries, claimed to reflect source code.

    There's no requirement for privacy statements.
    There's no obligatory verification that the binaries respect any privacy statement made.
    There's no obligatory verification that the binaries behave legally.
    There's no obligatory verification that the binaries reflect the source code.
    There's no obligatory independent verification of source code as representing legal behavior.

    Clearly unacceptable

  • ...rather its about control.

    Come on guys, this shouldn't require a mastermind to figure out the plans of this villain.

  • IF the most successful, most profitable company in all of human history hasn’t the moral impetus to respect and protect humanity; it is fated - to undo.

  • They need to take a look at F-Droid because they have nailed this.

  • Sounds just like Apple MFi. Manufacturers can put the "MFi" logo but Apple doesn't actually certify the vast majority of MFi products on the market.

  • I'm not for one moment suggesting that the basis of the article is factually wrong. I haven't checked, so I'll take the evidence at face value. But something about this smells.

    Here we have an article in the WaPo that suggests that companies are flouting Apple's new privacy rules. OK.

    But hang on a second. Aren't Apple caught up in a big, "tussle of the titans" sort of argument over this at the moment? Why yes, I believe they are [theverge.com].

    So who would benefit if Apple's efforts to improve end user privacy wer

No spitting on the Bus! Thank you, The Mgt.

Working...