Apple’s privacy policies fail to safeguard that of its users and leave the platform vulnerable to targeting by state-backed and gang-affiliated threat actors, a class action lawsuit is alleging.
The complaint was filed on November 10 by Elliot Libman on his own behalf and that of fellow plaintiffs in the northern district of California.
“Through its pervasive and unlawful data tracking and collection business, Apple knows even the most intimate and potentially embarrassing aspects of the user’s data,” it said, adding that Apple’s practices were both intentionally deceitful and in violation of users’ rights to privacy.
“Apple’s practices [...] give Apple and its employees power to learn intimate details about individuals’ lives, interests, and app usage, and make Apple a potential target for ‘one-stop shopping’ by any government, private, or criminal actor who wants to undermine individuals’ privacy, security, or freedom,” it said.
Illusion of privacy
Describing the tech giant’s guarantees of privacy as “illusory,” the lawsuit claimed Apple was in violation of state law due to “its illegal recording of consumers’ on its mobile applications – a huge and growing treasure trove of data that Apple amasses and uses for its own profit.
“People everywhere are becoming more aware and concerned that large corporations are collecting, recording, and exploiting for profit their personal communications and private information,” it said.
The lawsuit implies that Apple’s response to this shift in public awareness has been to fraudulently claim its customers can opt out of data tracking and sharing, in what amounts to a smokescreen designed to appease public opinion while continuing to monetize user data.
It cites research by cybersecurity firm and iOS developer Mysk, which found that the tech giant’s privacy settings “had no obvious effect on Apple’s data collection” and alleges that the tech giant’s “assurances and promises regarding privacy are utterly false.”
The “off” button that doesn’t work
The lawsuit centers on the option presented to users that ostensibly allows them to control what app browsing and activity data Apple collects by switching off the “Allow Apps to Request to Track” option before opening a mobile app.
It says that Apple “repeatedly assures its consumers” that app developers must ask it for permission before tracking users, suggesting that apps which do not specifically make this request cannot monitor them.
“Based on these explicit representations, consumers reviewing Apple’s privacy controls are left with the reasonable impression that Apple will stop collecting and recording all of their app information or activity if ‘Allow Apps to Request to Track’ and/or ‘Share [Device] Analytics’ settings are turned off,” the lawsuit said.
It further alleges that this amounts to a lie, saying: “Apple records, tracks, collects and monetizes analytics data – including browsing history and activity information – regardless of what safeguards or ‘privacy settings’ consumers undertake to protect their privacy.”
It claims that even when users follow the tech giant’s instructions to disable permission on their privacy controls, “Apple nevertheless continues to record consumers’ app usage, app browsing communications, and personal information in its proprietary apps, including the App Store, Apple Music, Apple TV, Books, and Stocks.”
Every tap you make, we’ll be watching you…
Libman is described in the lawsuit as “an individual whose mobile app usage was tracked by Apple” even after it began offering users the ability to turn off app tracking on devices.
“The recent changes that Apple has made to App Store ads should raise many privacy concerns,” said Mysk, posting on Twitter. “It seems that the AppStore app on iOS 14.6 sends every tap you make to Apple.”
Citing a screenshot example of data sharing on Apple that it attached to its tweet, Mysk added: “This data is sent in one request. Data usage and personalized ads are off.”
Mysk added: “As the user browses the App Store app, detailed usage data is sent to Apple simultaneously. The data contains IDs to map the behavior to a profile. The strange thing is that Apple introduced strict measures in iOS 14.5 to prevent developers from fingerprinting users.”
Mysk said it was unclear whether “Apple still collects data analytics in iOS 16” even when enabling such features is supposedly turned off, but added: “Regardless, the App Store already knows a lot about our behavior and how we explore apps.”
More from Cybernews:
Subscribe to our newsletter