Apple throws down the gauntlet with overhauled privacy policy

29.09.2015
Apple is making it very clear how it uses your data with a revamp of its privacy policy, posted in full on the company’s website. In the process, Cupertino is also making it plain just how different it is from other tech companies.

Apple affirmed its commitment to customer privacy a year ago, and Tuesday’s update covers everything new in iOS 9 and OS X El Capitan. The company isn’t just issuing platitudes about how great its privacy protections are—it dives into real detail about how its various services use and protect your data.

Here are the highlights.

Beefed-up encryption: iOS 9 makes six-digit passcodes the new default on Touch ID-enabled iPhones. That significantly reduces the chances of someone cracking your passcode by just guessing it.

“We’ve been protecting your data for over a decade with SSL and TLS in Safari, FileVault on Mac, and encryption that’s built into iOS,” Apple’s privacy policy reads. “We also refuse to add a backdoor into any of our products because that undermines the protections we’ve built in. And we can’t unlock your device for anyone because you hold the key—your unique password.”

If you don’t use a passcode to secure your device, you might want to think twice. Apple encrypts the data on your device—like the information collected and stored in the iOS Health app—with encryption keys protected by your passcode. iMessages and FaceTime calls are also protected with end-to-end encryption, so it’s impossible for someone else to access your iMessages without your passcode.

Proactive Siri: In iOS 9, Siri is more helpful, providing you with suggestions for apps to use based on your habits and time of day. Apple says those predictive capabilities are stored on your device, not the cloud, which means the same encryption applies.

If Apple needs to pull information from its servers to offer you suggestions, like what time you should leave the house to make it to an appointment on your calendar, then the company will use anonymized rotating identifiers so that locations and searches won’t be traced to you. (You can also turn off proactive features’ access to your location altogether.)

Maps: This is where Apple really goes after Google (without naming names, of course). Google pulls all of your location data when you’re signed in to Google Maps to create a complete picture of who you are and where you go. That information is really useful to advertisers. Apple’s Maps app only knows you as a random number that frequently resets, scrubbing your data altogether.

“Maps is also engineered to separate the data about your trips—including public transit directions—into segments, to keep Apple or anyone else from putting together a complete picture of your travels,” the policy says. “Helping you get from Point A to Point B matters a great deal to us, but knowing the history of all your Point A’s and Point B’s doesn’t.”

Safari content blockers: iOS 9 brings Safari’s content-blocking capabilities to your iPhone, so you can install apps that block ads while you’re browsing the web. Apple says Safari supports content blockers in a way that prevents the content blocker from sending information to developers about your browsing habits.

Apple Music: Apple doesn’t use your streaming picks to advertise to you on any other service.

News app: The articles you read in iOS 9’s News app aren’t linked to you specifically, but to an anonymous News-specific identifier that you can reset at any time. News does use iCloud to offer you recommendations across all the devices you read News on, but those are stored on the device and not seen by Apple.

Apple does put ads in the News app and uses your reading activity to determine which ads to show you, but that information cannot be used outside of News to show you ads in any other app—not by Apple, and not by the publishers you read in News. You can also turn on Limit Ad Tracking so Apple can’t target ads to you based on your activity in News.

Government requests: Governments around the world ask Apple for information on a regular basis, usually because someone has reported a stolen device and needs help tracking it down. But 6 percent of government requests are looking for personal user information. Apple can only divulge information about your iCloud account. If a device is protected by a passcode (which it should be, on devices running iOS 8 and iOS 9), Apple can’t comply with search warrants because files on those devices are protected by an encryption key tied to your passcode. That means Apple complied with just 27 percent of the 6 percent of account information requests in the U.S. from July 1, 2014 through June 30, 2015. Apple didn’t say how many total requests it received, but said less than 0.00673 percent of its customers were affected by requests.

“Apple has never worked with any government agency from any country to create a ‘backdoor’ in any of our products or services,” its government information request policy states. “We have also never allowed any government access to our servers. And we never will.”

Now if you want to dive deep into the details of Apple’s security, grab an adult beverage and sink into your sofa for some quality time with the 60-page iOS 9 security white paper.

(www.macworld.com)

Caitlin McGarry