Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Cracking Down On Apps That Send Location Data To Third Parties (9to5mac.com)

Posted by BeauHD on from the laying-down-the-law dept.

Apple has been removing some apps that share location data with third parties and informing developers that their app violates two parts of the App Store Review Guidelines. "The company informs developers via email that 'upon re-evaluation,' their application is in violation of sections 5.1.1 and 5.1.2 of the App Store Review Guidelines, which pertain to transmitting user location data and user awareness of data collection," reports 9to5Mac. From the report: Apple explains that developers must remove any code, frameworks, or SDKs that relate to the violation before their app can be resubmitted to the App Store. Apple's crackdown on these applications comes amid a growing industry shift due to General Data Protection Regulation, or GDPR, in the European Union. While Apple has always been a privacy-focused company, it is seemingly looking to ensure that developers take the same care of user data.

In the instances we've seen, the apps in question don't do enough to inform users about what happens with their data. In addition to simply asking for permission, Apple appears to want developers to explain what the data is used for and how it is shared. Furthermore, the company is cracking down on instances where the data is used for purposes unrelated to improving the user experience.

12 of 28 comments (clear)

  1. from the waaaay too late dept. by Narcocide · · Score: 1

    They already know where you are.

  2. GDPR by khchung · · Score: 4, Insightful

    Wow, a law that seemed to be actually accomplishing what it intended to do! Who would have thought?

    --
    Oliver.
    1. Re:GDPR by Wrath0fb0b · · Score: 2

      Wow, a law that seemed to be actually accomplishing what it intended to do! Who would have thought?

      In the context of data collected by a third party app, it seems certain that the OS and/or hardware manufacturer is not a data processor or data controller within the meaning of the GDPR.

      So this has nothing at all to do with the GDPR. Sure the actual processors/controllers of the data -- here the app developer and whatever third-party services to which they are sending the data -- might be out of compliance, but that can't be Apple's problem.

      [ Think of it this way, if the GDPR considered the platform owner to be a processor or controller of data collected by a third-party application and liable for that data, then it would be crazy to even allow an application to bring up a WebView, since that would mean that a remote service could request arbitrary information (e.g. name/DOB) in a way the platform would have no visibility into and no way to later revoke/delete.

      Ultimately, the application that actually collects the data needs to be the one that's compliant. The OS/hardware/app-store/platform can provide tools to help, but they cannot enforce the GDPR. ]

      [[ Also, it occurs to me that maybe the law is accomplishing this by raising awareness of location privacy and thus spurring Apple to take an action that, while not required by the law, is in the spirit of the law. In that case, sure, but at least that requires acknowledging that the law didn't coerce them into doing so. ]]

    2. Re:GDPR by ausekilis · · Score: 1

      Well, it is a European law and they've been known to value privacy there.

        It wouldn't fly long in the U.S. because there's no quick money in it.

  3. Wow by seven+of+five · · Score: 1

    So, no more Uber app?

    1. Re:Wow by Riceballsan · · Score: 2

      It sounds more like apple is requiring their developers to be more up front and clear to the customer about what location information they are collecting who they are sending it to and why, as well as make them explain to apple why the user experience depends on being able to collect location information. Sounds to me like tinder, uber, pokemon go etc... all at most will need to add a bit more information in a pop-up to let the users know if the companies are doing anything with the information other than the obvious, but will have zero issue justifying why that information is needed

  4. Do as I say, not as I do by Solandri · · Score: 1

    Apple used to license a geographic map of WiFi SSIDs from Skyhook. Skyhook developed this map like Google did - by driving cars around the world and recording their GPS locations while sampling the SSIDs in range at that location. In 2010, Apple dropped Skyhook and began using their own SSID map database.

    How did they develop this database without hiring people to drive cars all around the world? They simply recorded and downloaded iPhone users' location data, along with nearby WiFi SSIDs at each location.

    Incidentally, Google was fined by various governments for accidentally recording too much WiFi data with their cars. Apple received very little scrutiny. i.e. Governments punished the company which hired people to go out there and collect this data for themselves, while doing nothing about the company who obtained it by lifting it from their users. Because of that precedent, I suspect pretty much all companies are now collecting this sort of data from their users whenever possible, instead of gathering it themselves.

    1. Re:Do as I say, not as I do by guruevi · · Score: 1

      Or perhaps, they found another company that drives cars around and does mapping stuff. Adding a WiFi receiver to a photo/video/GPS mapping car is easy and there are about a dozen companies that do it.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    2. Re:Do as I say, not as I do by CaffeinatedBacon · · Score: 1

      Perhaps they did. It would be trivial for Apple to confirm or deny. Why don't they want to remove the suspicions? What are they hiding?

    3. Re:Do as I say, not as I do by Riceballsan · · Score: 2

      You are the first person I've heard make any note of the suspicions. If no significant quantity or sources with a huge following are accusing them of something, making a statement to bring it up creates suspicion where there is none. Say for instance if you were looking up a local Chinese food restaurant, and they added to a front page of their site. "We just want to make clear, we do not use cat meat in our food. Here's a record of our actual meat order supplies to prove it". If you've never heard any accusations on their company, you'd be MORE likely to second guess eating there, because the rumors that you previously hadn't heard were just pointed out to you, and the fact that they were worth responding to, makes them more credible than if some random guy on the street told you it.

  5. Re:Well good for Apple by Dog-Cow · · Score: 2

    Policies change. Apps change. And finding out that company behind the app is selling user data is not something that can be done when reviewing the app.

  6. So much for the walled garden protecting customers by acoustix · · Score: 1

    Why wasn't this caught and enforced during the app validation in the first place?

    More proof that a walled garden approach isn't any more secure to an open app environment.

    --
    "A plan fiendishly clever in its intricacies"- Homer Simpson