Apple privacy protections called into question


It's “virtually impossible” to keep data hidden from Apple, according to the researchers who looked into the famously privacy-minded company’s practices.

What happens on your iPhone, does not necessarily stay on your iPhone – despite the company’s well-known slogan claiming otherwise, a new study from Aalto University in Finland has demonstrated.

The study has found that default apps on an iPhone, iPad and MacBook collect user data even when they appear disabled, suggesting that Apple users are not in full control of their privacy.

The researchers have studied eight apps, namely, Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My, and Touch ID.

“We focused on apps that are an integral part of the platform and ecosystem. These apps are glued to the platform, and getting rid of them is virtually impossible,” said Associate Professor Janne Lindqvist, head of the computer science department at Aalto.

While many studies have looked into how third-party apps erode people’s privacy, this is the first time privacy settings of Apple’s own default apps have been investigated, the researchers said, adding the results “surprised” them.

“Due to the way the user interface is designed, users don’t know what is going on. For example, the user is given the option to enable or not enable Siri, Apple's virtual assistant. But enabling only refers to whether you use Siri's voice control,” Lindqvist noted.

“Siri collects data in the background from other apps you use, regardless of your choice, unless you understand how to go into the settings and specifically change that.”

The scientists said that protecting privacy on an Apple device required “persistent and expert clicking” on each app individually, while online instructions were complicated and didn’t list all the necessary steps. It was also not clear how the collected data was processed.

To test how easy it was for a regular user to protect their privacy, the team set up interviews where participants were asked to try and change the settings. While the participants were able to take one or two steps in the right direction, none succeeded in following through the whole procedure.

“The online instructions for restricting data access are very complex and confusing, and the steps required are scattered in different places. There’s no clear direction on whether to go to the app settings, the central settings – or even both,” said Amel Bourdoucen, a doctoral researcher at Aalto.

“It turned out that the participants weren’t able to prevent any of the apps from sharing their data with other applications or the service provider. Finding and adjusting privacy settings also took a lot of time.”

“When making adjustments, users don't get feedback on whether they’ve succeeded. They then get lost along the way, go backward in the process, and scroll randomly, not knowing if they've done enough,” Bourdoucen said.

Researchers could not say what Apple does with the collected data based on publicly available information but suggested it could be used to train the AI system behind Siri and offer personalized experiences, among other things.

Some workarounds to the problem could be using third-party alternatives to default apps, for example, switching Safari with Firefox, the experts said.

Cybernews has contacted Apple for comment. The peer-reviewed study is available online. Its findings will be presented at the CHI conference in Honolulu in May.