Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Cracking Down On Apps That Send Location Data To Third Parties (9to5mac.com)

Posted by BeauHD on from the laying-down-the-law dept.

Apple has been removing some apps that share location data with third parties and informing developers that their app violates two parts of the App Store Review Guidelines. "The company informs developers via email that 'upon re-evaluation,' their application is in violation of sections 5.1.1 and 5.1.2 of the App Store Review Guidelines, which pertain to transmitting user location data and user awareness of data collection," reports 9to5Mac. From the report: Apple explains that developers must remove any code, frameworks, or SDKs that relate to the violation before their app can be resubmitted to the App Store. Apple's crackdown on these applications comes amid a growing industry shift due to General Data Protection Regulation, or GDPR, in the European Union. While Apple has always been a privacy-focused company, it is seemingly looking to ensure that developers take the same care of user data.

In the instances we've seen, the apps in question don't do enough to inform users about what happens with their data. In addition to simply asking for permission, Apple appears to want developers to explain what the data is used for and how it is shared. Furthermore, the company is cracking down on instances where the data is used for purposes unrelated to improving the user experience.

28 comments

  1. from the waaaay too late dept. by Narcocide · · Score: 1

    They already know where you are.

  2. GDPR by khchung · · Score: 4, Insightful

    Wow, a law that seemed to be actually accomplishing what it intended to do! Who would have thought?

    --
    Oliver.
    1. Re:GDPR by Anonymous Coward · · Score: 0

      Not really, just because the App doesn't do said function doesn't mean they cant just give the data over in other ways. GDPR is a half measure it needs to make data sharing illegal in the sense that a companies T&C's are like a toothless tiger. That is, meaningless.

      Customer data remains the customer data, should you wish to share said data, you simply cant, it isn't the companies to share nor is it the companies right to store it unless it has a specific function with the purpose of the App. I.E like a creditcard, sure you can store it, sure you can create internal stats off it (if you really want) but you can't just charge it whenever you wish or give it too a 3rd party under any circumstance.

      Now when it comes to Facebook, that alone means very little to them. Creating demographic information and how many likes someone has, even approximate locations, this is all good. It's just that information alone is fairly useless, likes don't equate to sales. Which is odd in the sense that FB is really all that valuable.

      The value of say FB seems to be based on more particular things. I.E the type of stuff they track outside the function of their App. What sites they visit outside of FaceBook.com for example or conversational information via the messenger, these are the things that need to be sanctioned. Same goes with Slashdot, I'm seeing what 16 ad trackers on this page alone. Tracking the site I were before visiting here to give me relevant Ads i just wrong in my view.

      In anycase, demography and like information seems fairly superfluous. I'd like to know what really gives FB that $500bn marketcap because from my perspective it seems all based on unicorns. Especially if we start tightening up on where data goes and for what purpose.

    2. Re:GDPR by mjwx · · Score: 0
      B-B-B-B-B-but Apple said that they didn't do this and automagically protected my datas. Only the great SatanDroid allowed this.

      Wow, a law that seemed to be actually accomplishing what it intended to do! Who would have thought?

      Amazing that, it's almost as if the EU cares about the safety and well being of its citizens.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    3. Re:GDPR by Wrath0fb0b · · Score: 2

      Wow, a law that seemed to be actually accomplishing what it intended to do! Who would have thought?

      In the context of data collected by a third party app, it seems certain that the OS and/or hardware manufacturer is not a data processor or data controller within the meaning of the GDPR.

      So this has nothing at all to do with the GDPR. Sure the actual processors/controllers of the data -- here the app developer and whatever third-party services to which they are sending the data -- might be out of compliance, but that can't be Apple's problem.

      [ Think of it this way, if the GDPR considered the platform owner to be a processor or controller of data collected by a third-party application and liable for that data, then it would be crazy to even allow an application to bring up a WebView, since that would mean that a remote service could request arbitrary information (e.g. name/DOB) in a way the platform would have no visibility into and no way to later revoke/delete.

      Ultimately, the application that actually collects the data needs to be the one that's compliant. The OS/hardware/app-store/platform can provide tools to help, but they cannot enforce the GDPR. ]

      [[ Also, it occurs to me that maybe the law is accomplishing this by raising awareness of location privacy and thus spurring Apple to take an action that, while not required by the law, is in the spirit of the law. In that case, sure, but at least that requires acknowledging that the law didn't coerce them into doing so. ]]

    4. Re:GDPR by Anonymous Coward · · Score: 0

      You mean it was intended to degrade the user experience and cost small companies tens of thousands of dollars proving they don't sell you data when they never did?

    5. Re:GDPR by ausekilis · · Score: 1

      Well, it is a European law and they've been known to value privacy there.

        It wouldn't fly long in the U.S. because there's no quick money in it.

    6. Re: GDPR by Anonymous Coward · · Score: 0

      Apple doesn't do this you chuck. Third party app developers do this.

      Anything to try to make Apple look bad, even lying about what happens. All is fair I guess.

  3. Well good for Apple by Anonymous Coward · · Score: 0

    Seems like if these apps were vetted correctly in the first place. Apple wouldn't have to do this.

    1. Re:Well good for Apple by Anonymous Coward · · Score: 0

      Confirming this, got an app rejected when attempting to push a minor and unrelated update, having successfully passed reviews on launch and previous updates.

    2. Re:Well good for Apple by Anonymous Coward · · Score: 0

      good. i don't use it anyway.

    3. Re: Well good for Apple by Anonymous Coward · · Score: 0

      So we can blame you for leaking our location...and returning home to find the hiuse has been robbed?

    4. Re:Well good for Apple by Dog-Cow · · Score: 2

      Policies change. Apps change. And finding out that company behind the app is selling user data is not something that can be done when reviewing the app.

    5. Re: Well good for Apple by Anonymous Coward · · Score: 0

      Did you notice they also stole most of your 'o' out of your house as well?

  4. Wow by seven+of+five · · Score: 1

    So, no more Uber app?

    1. Re:Wow by Riceballsan · · Score: 2

      It sounds more like apple is requiring their developers to be more up front and clear to the customer about what location information they are collecting who they are sending it to and why, as well as make them explain to apple why the user experience depends on being able to collect location information. Sounds to me like tinder, uber, pokemon go etc... all at most will need to add a bit more information in a pop-up to let the users know if the companies are doing anything with the information other than the obvious, but will have zero issue justifying why that information is needed

  5. Do as I say, not as I do by Solandri · · Score: 1

    Apple used to license a geographic map of WiFi SSIDs from Skyhook. Skyhook developed this map like Google did - by driving cars around the world and recording their GPS locations while sampling the SSIDs in range at that location. In 2010, Apple dropped Skyhook and began using their own SSID map database.

    How did they develop this database without hiring people to drive cars all around the world? They simply recorded and downloaded iPhone users' location data, along with nearby WiFi SSIDs at each location.

    Incidentally, Google was fined by various governments for accidentally recording too much WiFi data with their cars. Apple received very little scrutiny. i.e. Governments punished the company which hired people to go out there and collect this data for themselves, while doing nothing about the company who obtained it by lifting it from their users. Because of that precedent, I suspect pretty much all companies are now collecting this sort of data from their users whenever possible, instead of gathering it themselves.

    1. Re:Do as I say, not as I do by guruevi · · Score: 1

      Or perhaps, they found another company that drives cars around and does mapping stuff. Adding a WiFi receiver to a photo/video/GPS mapping car is easy and there are about a dozen companies that do it.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    2. Re:Do as I say, not as I do by CaffeinatedBacon · · Score: 1

      Perhaps they did. It would be trivial for Apple to confirm or deny. Why don't they want to remove the suspicions? What are they hiding?

    3. Re:Do as I say, not as I do by Riceballsan · · Score: 2

      You are the first person I've heard make any note of the suspicions. If no significant quantity or sources with a huge following are accusing them of something, making a statement to bring it up creates suspicion where there is none. Say for instance if you were looking up a local Chinese food restaurant, and they added to a front page of their site. "We just want to make clear, we do not use cat meat in our food. Here's a record of our actual meat order supplies to prove it". If you've never heard any accusations on their company, you'd be MORE likely to second guess eating there, because the rumors that you previously hadn't heard were just pointed out to you, and the fact that they were worth responding to, makes them more credible than if some random guy on the street told you it.

    4. Re:Do as I say, not as I do by CaffeinatedBacon · · Score: 0

      You have a good point. I have no idea how widespread it is or why anyone would care.
      Obviously some people do. They wouldn't need to hold a press conference or put it on the front page or anything. But somewhere standard and out of the way would do. The conspiracy nutters then wouldn't have a leg to stand on, and no one who wasn't actually looking for it would ever know, or care most likely.

  6. Re:What took them so long? by Dog-Cow · · Score: 0

    In other words, you're a deranged rapist who should have his penis ripped off by a rabid dog.

    As long as we're not even trying to make sense...

  7. Re:What took them so long? by Anonymous Coward · · Score: 0

    Is that how you make a dog cross cow?

  8. So much for the walled garden protecting customers by acoustix · · Score: 1

    Why wasn't this caught and enforced during the app validation in the first place?

    More proof that a walled garden approach isn't any more secure to an open app environment.

    --
    "A plan fiendishly clever in its intricacies"- Homer Simpson
  9. wow took this long by Anonymous Coward · · Score: 0

    so the app store is how old and the company that always talks their commitment to our privacy is only now getting around to this? how many people work at apple? what a joke.