“Privacy Nutrition Labels” in Apple’s App Store

Apple will start requiring standardized privacy labels for apps in its app store, starting in December:

Apple allows data disclosure to be optional if all of the following conditions apply: if it’s not used for tracking, advertising or marketing; if it’s not shared with a data broker; if collection is infrequent, unrelated to the app’s primary function, and optional; and if the user chooses to provide the data in conjunction with clear disclosure, the user’s name or account name is prominently displayed with the submission.

Otherwise, the privacy labeling is mandatory and requires a fair amount of detail. Developers must disclose the use of contact information, health and financial data, location data, user content, browsing history, search history, identifiers, usage data, diagnostics, and more. If a software maker is collecting the user’s data to display first or third-party adverts, this has to be disclosed.

These disclosures then get translated to a card-style interface displayed with app product pages in the platform-appropriate App Store.

The concept of a privacy nutrition label isn’t new, and has been well-explored at CyLab at Carnegie Mellon University.

Posted on November 12, 2020 at 6:22 AM14 Comments

Comments

yet another Bruce November 12, 2020 8:33 AM

I love this concept. It would be nice if someone could encourage the use of a similarly concise standardized summary of terms of service also.

What is the recommended daily allowance of third-party cookies?

John Harvey Kellogg November 12, 2020 9:25 AM

Apple wouldn’t need privacy “nutrition” labels if developers were required to respect our privacy to begin with.

This stinks of a public relations stunt, as it grants legitimacy to the very act of spying.

Sad that tech celebrities would play along without calling Apple out on this. Of course doing so would mean losing all those speaking engagements and fawning media attention.

Untitled November 12, 2020 9:47 AM

Sounds good, but didn’t we learn long ago not to take nutrition labels at face value? Will Apple take any steps to verify app developers’ declarations? Developers themselves may be perfectly genuine, but do they – and will Apple – follow the trail of collected data right down to the slime at the bottom of the food chain to find out where users’ data is really going?

Zapman November 12, 2020 9:49 AM

Advertisements is the funding model of the internet. Asking people to “respect our privacy” just ignores this reality.

If you want lots of free goodies on the internet, SOMEONE is paying for them all, and they’re paying for them for a reason.

I hope this is more than a public relations stunt. I hope this has some teeth in it on Apple’s side, and I hope it’s successful, and Google follows suit.

Though Google will only follow suit if Apple is successful.

Untitled November 12, 2020 9:54 AM

While we’re talking about Apple: is it permitted to draw attention to the long list of security fixes in iOS 14.2? More to the point, has anyone noticed the kind of bugs that have been fixed? Again and again, a security exposure “was addressed with improved input validation.” What that means is that Apple is fixing schoolboy coding errors – failure to validate input – the sort of errors that no programmer should make who is trusted to work on an operating system. The sort of errors that proper testing should have exposed. Who do they have working for Apple, anyway?

Chelloveck November 12, 2020 9:57 AM

@John Harvey Kellogg: Required… by whom? What entity would you like to see having the authority to mandate privacy requirements? What entity would handle complaints? Do your answers differ if the mandate is changed from “privacy of phone apps” to “privacy of computer programs” in general?

If your answer is that it’s Apple’s responsibility you have a fair point about this being a PR stunt rather than an actual solution.

If your answer is any entity other than Apple, then sure… Maybe we should have that. But we don’t, and the “nutrition” label is Apple’s attempt to work within that reality.

Clive Robinson November 12, 2020 10:46 AM

@ Bruce, ALL,

The concept of a privacy nutrition label isn’t new

No it’s not new and there are reasons why that is so.

Thus I suspect this may well be a “smoke screen”, in that Apple think or know there is rather more than a change in executive in the near future, and they are trying to head things off at the pass rather than go through what other Sillicon Valley Corp heads and executives have been through. With Congress pushing it’s Camel like protuberance into their businesses internals, no flap appears safe from lifting.

Thus whilst it may appear to be a rather small and insubstantial fig leaf, it can with care be spun to cover all manner of potential embarrassment like the mightiest of shields.

Thus it might be beholdant on all of us to keep a weather eye on the horizon, as Apple Execs are not exactly daft, and they have rather more contacts in places both high and low than most of us.

Impossibly Stupid November 12, 2020 10:54 AM

This is the same Apple App Store that will list “4+” for an age rating, but allows the app to force users into a legal agreement immediately upon launch? Forgive me if I doubt the sincerity of their “nutrition” efforts. They have the power to simply not feed us garbage. Settling for disclosure is another marker of late-stage capitalism.

xcv November 12, 2020 6:06 PM

Apple will start requiring standardized privacy labels for apps in its app store,

The disclosures are intended for women concerned about being stalked and “eating out” … a chauvinist pat on the head for a “good girl” who stays out of the bad parts of town and is home in her own bed at a certain hour as per her cell phone location data.

Too many women in groups sacrifice their privacy for the sake of building a community, and attracting boyfriends for the sake of vice, dirty tricks, and false arrest set-ups.

Petre Peter November 13, 2020 6:45 AM

My guess is that this will lead to an Android vs iOS campaign. I just don’t see how android will be able to have these labels on their store.

Marc November 15, 2020 11:57 AM

This seems like a horrible idea that legitimizes spyware and distracts away from the real issues at hand. It’s just another example of how Apple puts its profit goals first, then uses its marketing to distract and steer the conversation the way they want it. Let’s not forget than this is an abusive company and that their goals are at odds with basic computing freedoms.

Me November 18, 2020 8:39 AM

This seems like a good step in the right direction.

Self reporting that can be audited seems like a good starting point to me.

Clive Robinson November 18, 2020 10:12 AM

@ Me,

Self reporting that can be audited seems like a good starting point to me.

Do you fancy flying in a 737 Super-Max?

Because it was the sort of system you think is a starting point that caused all those hundreds of deaths when the aircraft software flew the planes into the ground despite the despetate efforts of the pilots…

someone on the internet November 20, 2020 12:39 PM

Another factor should be whether the app insists on getting access to mobile phone information it has no need for.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.