'Privacy. That’s Apple,’ the slogan proclaims. New research from Aalto University in Finland begs to differ.

The researchers studied eight default apps, the ones that are pretty much unavoidable on a new device, be it a computer, tablet or mobile phone: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My and Touch ID. They collected all publicly available privacy-related information on these apps, from technical documentation to privacy policies and user manuals.

'Due to the way the user interface is designed, users don’t know what is going on. For example, the user is given the option to enable or not enable Siri, Apple’s virtual assistant. But enabling only refers to whether you use Siri’s voice control. Siri collects data in the background from other apps you use, regardless of your choice, unless you understand how to go into the settings and specifically change that,’ says Associate Professor Janne Lindqvist, head of the computer science department at Aalto.

'The online instructions for restricting data access are very complex and confusing, and the steps required are scattered in different places. There’s no clear direction on whether to go to the app settings, the central settings – or even both,’ says Amel Bourdoucen, a doctoral researcher at Aalto.

In addition, the instructions didn’t list all the necessary steps or explain how collected data is processed.

The researchers also demonstrated these problems experimentally. They interviewed users and asked them to try changing the settings.

‘It turned out that the participants weren’t able to prevent any of the apps from sharing their data with other applications or the service provider,’ Bourdoucen says.

  • Auli
    link
    fedilink
    English
    arrow-up
    47
    ·
    3 months ago

    Everyone knows when Apple says privacy they just mean from others.

    • DeltaTangoLima@reddrefuge.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 months ago

      Interesting (kinda) coincidence. I’ve just switched from Android back to iPhone, after about 10 years away from the platform.

      But I use an always-on Wireguard VPN back to my home network, with my DNS set to my Pi-hole servers and my firewall rules blocking access to all external DNS servers, except from my Pi-holes for upstream resolution.

      I’m yet to do some p-caps to see what I’m missing in this setup - while I’m confident it did a great job of protecting me from a lot of Google’s data-harvesting shenanigans, I’m yet to investigate what I need to do to achieve a similar outcome for my iPhone.

  • eveninghere@beehaw.org
    link
    fedilink
    arrow-up
    24
    ·
    3 months ago

    This sounds like an exaggeration though.

    To me it seems like these researchers are saying the switch is confusing and complicated. That is not to say that Apple secretly collect data after lying to their users.

    The problem with Siri, first example, is more about Apple’s (characteristic) terminology garbage. Siri’s voice control has nothing to do with Siri’s search suggestion, yet they marketed both as Siri. Actually, you can turn them both off, but since the voice control is just called Siri, they confused their users.

    That’s different from "collecting data even when supposedly disabled.

    (Tbf, even if they were better termed, my mom would still manage to confuse herself… mo matter what Apple do, the average user won’t be able to turn off anything.)

    That said, there’s no point trying to convince someone on the internet anyway, and so I don’t really know why I wrote this comment.

    • teawrecks@sopuli.xyz
      link
      fedilink
      arrow-up
      22
      ·
      edit-2
      3 months ago

      Depends on whether you consider dark-patterns to be “lying”. If a normal user would reasonably think that data isn’t being collected based on the settings they chose, then is it dishonest for them to still be collecting data? Is it good enough for them to say “well we technically never said that disabling X disabled all the invasive functionality needed to do X.”

    • Knedliky@discuss.tchncs.de
      link
      fedilink
      arrow-up
      15
      ·
      edit-2
      3 months ago

      Maybe this research and language is intended to suggest that there is a point past which “confusingly and unintuitively designed” strongly resembles “intentionally deceiving”? We’re probably not going to get internal emails saying “make it complicated so that we can collect users’ data”.

      Also, researchers don’t really control how university press departments write up their results. Even less so when they’re interviewed by media.

      Addendum: Apple takes great pride in UI and user-centered design, and lately they have been highlighting privacy as a differentiator from Android. Maybe they just dropped the ball, maybe people don’t care, maybe people aren’t very bright. Still, some people have questions:)

      • Zworf@beehaw.org
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        3 months ago

        Maybe this research and language is intended to suggest that there is a point past which “confusingly and unintuitively designed” strongly resembles “intentionally deceiving”? We’re probably not going to get internal emails saying “make it complicated so that we can collect users’ data”.

        This is Apple that pride themselves on UX as you mention. They mainstreamed opinionated design. If they do it a certain way there is a reason, which is not always with the user’s interests in mind. It’s not because Bob in development couldn’t think of a better way. Other brands might get away with that excuse but not Apple.

  • dan@upvote.au
    link
    fedilink
    arrow-up
    19
    ·
    edit-2
    3 months ago

    Of course Apple collect data. The reason they wanted to prevent other apps from collecting data was so only they can use their data, and their ad network could have an advantage over the others.

    Yes, they have an ad network, and want to significantly expand it:

  • teawrecks@sopuli.xyz
    link
    fedilink
    arrow-up
    15
    ·
    3 months ago

    Obviously a Google phone will be at least as bad, but I’m curious how de-googled Android forks like graphene would fare.

      • teawrecks@sopuli.xyz
        link
        fedilink
        arrow-up
        11
        ·
        3 months ago

        I’ve been running graphene for almost a year I think, and I haven’t had to make any functional sacrifices. Though I was already not using Google’s voice assistant features.

        • luckless@beehaw.org
          link
          fedilink
          arrow-up
          6
          ·
          3 months ago

          I have to agree, I never used the VA features. I was prepared to have issues with banking apps and such but found myself not having issues with even those.

  • Ashu@lemmy.zip
    link
    fedilink
    English
    arrow-up
    5
    ·
    3 months ago

    I was kinda expecting that sooner or later. Although it seems that it is only the basic interaction metadata - device info, crash logs, etc.