I don't have Facebook and I'm generally skeptical of Apple's pro-privacy messaging. However, seeing this response from Facebook has gotten me very excited for this update. There must be more to it then Apple's generic 'Most Advanced Update Ever' marketing. I'm still skeptical of Apple's commitment to privacy, but I'm certainly happy to get this update. Apple should thank Facebook for the free marketing.
> I'm generally skeptical of Apple's pro-privacy messaging
That's a very healthy attitude towards Apple's claims. They developed all these APIs that allow app makers to spy on their users, and then blame the app makers for spying.
For example, why does any app need to know which other apps I have installed, and how long I use them? This permission should very sparingly pass the review process, and only for apps in specific categories.
I completely agree that it is a healthy attitude to have, and all of Apple's claims should be independently investigated. But I also agree that you should check facts or provide citations before spreading FUD:
- There was never any API for a third party app on iOS to get the time spent in another app. The only workaround I saw to this was an app that asked you to screenshot your app usage screen, and it was able to process those screenshots in an automated way (can't find the link).
- There is an API to open URLs between apps, so that one app can link to another app. When developers realized that they could check whether or not a given URL was openable to check if an app is installed, they started abusing this API to check every app on the system. Apple cracked down on the API in iOS 9 and made it so that all apps declare which other apps they can check, and App Review decides if they have a legitimate use: https://developer.apple.com/documentation/uikit/uiapplicatio...
Good summary. And it’s common for apps that might not otherwise have a URL handler to have one for things like authentication callbacks from login with Facebook, emails from the app, etc.
APIs are great.. i want an app to be able to list all the apps installed. I just don't want facebook app to do it, because it really doesn't need that data, and I don't want to give it to them.
This should be done the same as with location and microphone access... ie. "ask the user". "Flashlight 2000 DX app wants to access list of apps installed - allow once, allow always, deny now, deny always". Facebook wants to track 50 different things? Well.. ask the user 50 different times and try to explain why you want access to their call history and calendar data (adding calendar entries could also be a write-only option, with optional unique ids to change/remove entries).... and give your UX team a headache. Also, "deny" should be the "bolded" default. Maybe even give the user a list of unchecked permission the app wants, with explanations why it needs them, and have the user check the ones they want to give to the app (default state is unchecked (deny)).
Also granularity is key... giving location access for bluetooth connections, giving "manage calls" access to stop playing music when you get a call, etc. is just stupid.
I don't think they're great, it seems like a way of obfuscating what the app really does. Your approach might work for savvy or paranoid users, but not everyone notices much beyond "contains ads" or such.
Apple needs to force them to be up front from the very beginning that their stupid game or screensaver or else is also a tracking app. And boot any app that uses your phone to do anything beyond what they told you they would do in the app store description.
IDK MacOS blocks saving exports from Sequel Ace every single time I try. Have to do a file dialog dance each time or it silently fails. Guess devs just have to stay on top of the changing API requirements.
I guess timing and education matters. People would just click through all those Windows alerts. So they were useless. And maybe people weren't so savvy about privacy and security.
Nowadays, people are more aware about such things, so maybe you can start to assume the users are more comfortable about computing and the internet. So they should change their direction.
I'd agree with the sentiment if it was like Samsung making fun of removing a headphone jack, only to do the same thing less than a year later.
But i want to be able to use an app to act as a VNC server (screen capture, inputs,...), or an app (eg. tasker automation) to start a vpn connection and an ssh server when i send a SMS to the device. I just don't want a screensaver app to be able to do that.
Basically, i'd be happy if those "risky" permissions would be hidden in app management in settings, disabled by default, and enabled only by power users.
The problem now is, that due to fscked up permissions schemes, some apps are unable to work at all, even the stuff they work now, some due to play store issues (eg. termux because they want to run downloaded code), and some due to missing apis (eg vnc servers).
> why does any app need to know which other apps I have installed, and how long I use them
What are you referring to? As far as I know, one app can't query the list and usage time of other installed apps on iOS. This stackoverflow question[1] seems to confirm this. But please enlighten me if I'm misunderstanding what you're referring to.
Why does an app need to know which other apps you have installed? Because it might want to interface with those apps obviously. Apple has actually ratcheted down permissions on that API because it was abused.
People want apps to be able to do things and those things can often allow tracking in addition to being useful to the user. There is pretty much one API Apple devised specifically for tracking users and this very issue is Apple attempting to shut down.
Clarification: Just to be clear, Apple isn’t shutting down the API entirely, they are changing it from opt-out to opt-in.
I can think of a few. An app might need to know if Twitter is installed so it can show a button to open a link in twitter or a web browser (This was before App Deeplinking was a thing). Maybe if an app company had multiple apps that it wanted to cross sell and see if they have both apps installed to enable certain functionality.
> For example, why does any app need to know which other apps I have installed, and how long I use them? This permission should very sparingly pass the review process, and only for apps in specific categories.
Since I can't edit my original comment, I chose to reply to it instead of replying to everyone who corrected me. Yes, there's no API to directly query installed apps and usage on iOS. I think I got the wrong impression from years ago, when the function canOpenURL() could be abused to detect which apps were installed[0]. Thank you all for the corrections.
Not only do they develop these technologies (wifi location db, ibeacon, deep linking, findmy, etc)
They don't give you the ability to block them.
and of course, you can't find out what is going in and out of your phone over the network, and you definitely can't firewall it. ("content blockers" are nerfed)
You can disable almost all of those things in one way or another.
The problem is all of these things you mention are also useful for things users want. Often they are useful for things users want inside their applications. Nobody wants a neutered OS.
To disable ibeacon you turn off bluetooth and/or location services. I don't know about find my - it may locate other people's stuff no matter what you do. You can't really disable deep linking. If you get a text message with an amazon link, the amazon app will see it.
It is not apple's way to advertise this capability is available, and give you granular control.
For some reason I have a bad feeling about this update actually getting released. I'm worried that FB is going to convince some judge to tell Apple they can't do this, and delay it for months or years. Maybe (hopefully) this is an irrational worry, but you never know the extent to which people will go when billions of dollars are on the line.
I think what's more likely than any kind of legal injunction is that FB and Apple will come to a "mutual understanding". Maybe Facebook will license Apple Maps (for a princely sum) and make some symbolic compromise on data collection that lets Apple water down the permission dialogs.
I’d argue that Apple executives realize that privacy is one of the unique USPs of Apple compared to their main competitor, since the value exchange between Apple and their customers is simpler (customer pays Apple money, Apple delivers hardware/software).
Now that so much news has spread about these privacy additions, Apple selling out will actively hurt this image they have spent a lot of time building. It’s going to have to be an extremely lucrative agreement between them and Facebook for it to be worth it.
The problem is Apple relies on hardware sales. FB's entire business from the top down is ad money. And source for a billion dollar ad business? That sounds way higher than my initial impression. (And google paying to be the default SE is not advertising imo)
> Apple’s most recent earnings report revealed that it earned $12.51B from Services in calendar Q3/fiscal Q4, though there is no breakdown on how much of this comes from ad revenue.
Notice the 'could's:
> Samik Chatterjee argued the company could leverage the millions of users who search its App Store and Safari browser daily to generate the stellar growth seen by Facebook and Google in recent years.
> he launch of Apple TV+, coupled with Apple Inc’s foray into digital services, could help the company increase its income from advertising by more than five fold to $11 billion annually
This article is literally just speculation. Actually, it's quoting someone's speculation.
There’s a lot of guesswork there. It’s even worse than that actually, they assume that their advertising operation will grow as Facebook’s. It is extremely implausible under current conditions (no tracking and ads limited to the stores). So yeah, if Apple were Facebook, ads would be important to them.
And even the wildest estimates put it far short on the actual money maker, which is hardware sales. When push comes to shove, if they have to choose between ad and devices, they won’t hesitate long.
I saw a few articles when I searched from the previous year which also projected growth to the $2b number the next year but as Apple bundles it all in services who knows?
This is honestly pretty reasonable. Apple already knows which apps I download and this is made fairly clear (you're logged into the App Store and your account lists all apps you obtained).
Apple also knows which App Store ads I saw given that their server sent them to me in the first place. The ads are (at least for now) limited to the App Store and don't carry over across the web or other Apple apps.
Thus I don't see the problem with Apple using the data they've already got to provide anonymized conversion metrics to app developers.
I see what you mean, but iPhone says are something like 150x that. If privacy concerns weaken even 1%, that wouldn't be worth it. Maybe that's unlikely, I'm not sure.
This looks like simply naive thinking. Without evidence to backup your statement about Apple, everything about it breaks the cardinal rule of the ads business.
On the contrary—I’m not sure if you’ve ever watched Mad Men, but there are some pretty good examples of ads in there that didn’t use tracking at all.
Calling tracking a cardinal rule of ads is like calling HTML a cardinal rule of communication. Sure it might be ubiquitous now, but if HTML were to suddenly disappear I guarantee communication between humans won’t stop — it would adapt. Tracking isn’t a foundation, it is merely what has worked this past decade or so.
My point is that advertising right now uses tracking because it can be used, and it makes money.
But in no way does it need it. We could easily go back to untargeted, reasonably effective ads that appeal to broad markets instead of extremely specific ones.
Facebook could not afford not to as they would lose a huge amount of users. Apple is just doing to them what FB does to people: Accept these terms, be tracked everywhere, or miss out on all the people providing us free content on our platform. Many people accept that because they don't want to be unable to communicate or view things in their garden. That is leveraging their huge scope to push less favorable terms.
So FB has Apple with some leverage over them saying accept this or else. FB is in a weak position because it would be hard to tell your users hey leave Apple because they won't let us take all your data without permission. I don't feel for them at all.
I think they would. Facebook products are a huge part of any app ecosystem, and without them, Apple customers would be pissed.
Ecosystem concerns aren’t as relevant today, since both Android and iOS have everything you’d want, but in the olden days of Blackberry, Microsoft, and many other mobile operating system vendors trying to compete, they were always seriously hampered by their lack of ecosystem.
You’d be surprised how many fb users (mostly less technical) just use a browser to access fb..
They don’t need an app in the App Store to do so..
So this might actually be a fight against the strange people working at Facebook that will get them to rethink what it is they do everyday..
I think this is a good case for what Apps bring to the table and highlighting what the cost is privacy wise. As a developer I think apps are cool, the way they're leaking data is awful. This is something the platforms need to step up control over and I think that because this isn't the case there's an incentive to keep things as they are. Like automotive and the iterative improvements.
I use the low bandwidth option if I need to get on there. mbasic.facebook.com no nagging about apps and you can actually use the messenger web interface.
I tell my mom she needs to use FF containers for FB. I set it up so she can't do anything else. She's happy & gets to see her extended family pics/updates.
Isn't this done automatically now in Firefox? As in, you don't need to even install the containers add-on as Facebook and related properties are automatically opened in a default Facebook container?
Apple customers generate a large chunk of the content there is to see in Facebook products, so losing them would diminish engagement across all remaining platforms. If competitors can capitalize on the opportunity, that could very well trigger a death spiral that would destroy Facebook within mere months, whereas Apple could weather that easily.
Few things could flat out annihilate Facebook, but punching a large hole in their network is probably one of them.
I would be delighted to have that sh-t gone from everyone's iPhone,
because it would create an obvious a compelling opportunity for someone to finally break the stranglehold of FB's monopoly.
I miss my friend and family connections, but most people in my community won't go near that ecosystem with a flaming 10' pole any longer, and many friends like me, despair that our loved ones' reaction to e.g. the Social Dilemma and ongoing revelation after revelation of sociopathic corporate amorality is "yes that is sad but I have choice" because "all my friends are only insta" or "my cottage business depends entirely on my pages" etc etc.
They are almost certainly doing this; question is whether they will file it.
FB's noise around this feels very out of character, even for something that's devolved into a personal conflict. They may be truly scared of the update.
Facebook has been reported as assisting Epic Games in its lawsuit and been preparing for months for lawsuits against Apple. For the kind of company it is, it might pull a “Peter Thiel on Gawker” move, though it won’t reflect well on its name. But not enough people seem to care much about Facebook’s practices or what it does. After the uproar over WhatsApp’s upcoming policy change on data sharing with Facebook, several people moved to other chat platforms. But I still see those people stuck with WhatsApp and also using Facebook and Instagram even while knowing that these are all part of the same company.
FB undoubtedly knows enough about powerful judges and politicians to get what they want. J. Edgar Hoover's wildest dreams didn't contemplate what Facebook can do.
The more likely scenario in the long run is that Apple is forced to allow alternative App stores, which will probably be riddled with malware and spyware.
I know nothing about legal system, but it seems like Apple could make an argument that they are helping their apps be GDPR and CCPA compliant? That could explain the strange wording "Ask app not to track" - apps can still track, just not as much as before, so perhaps more of a compliance permission. Just speculation.
I think they say “Ask app not to track” because, if they say “Make app not track you” or something similar, they open themselves to huge lawsuits if (much more likely when) any app turns out to keep tracking users.
I don’t have the link handy, but Apple’s policies on this require apps not to track users across apps through other means if a user chooses “Ask App not to Track” at the prompt. The prompt text is just to show that Apple cannot technically prevent tracking even when a user tells the app they don’t want to be tracked across apps. There are a lot of shady practices being spread through common/popular SDKs used by apps.
That Apple is unfairly privileging its own ads business. It's a tough cookie though; the offending behavior is simply Apple's truthful (if arguably hyperbolic) notice and consent popup.
It could work if they demonstrate that Apple does track its user across apps for advertising purposes without showing consent dialogs. I am more than a bit skeptical, but you never know.
Apple isn't a monopoly -- they're a walled garden.
I'm all for regulations that force Apple to open up their hardware so that people can install different software on it, or to disable the walled-garden mode of their software platform akin to how you can install lineageOS or freedroid on android devices but I don't think it's reasonable to mandate that Apple must allow Facebook to do something with their software simply because Apple does it with theirs.
iAds will definitely be privileged. If you read the documentation on what is available to Apple vs. others, you will see Apple's own ad business will definitely benefit from this.
It's one giant fighting another. Apple wants to destroy ad revenue and shift everyone to a paid App model because Apple can get its 30%. I bet you if Apple loses control of the AppStore for anti trust reasons, they would be all for ads.
That's Facebook's claim, yes. And when it comes to Apple News and even the App Store, Apple also serves advertising on behalf of its partners. It's also true that Apple themselves runs a lot of ads, and benefit from ad networks through the services they've integrated in the past. In fact, Apple justifies their 15-30% cut by suggesting that the App Store is itself a platform that promotes apps, and has featured apps in its own advertising on billboards and television.
So it's hard to come to a conclusion that Apple hates ads. It's easier to say that Apple dislikes advertiser networks, since their own attempt at a generic network (iAds) failed miserably. It's not even clear to me that blocking tracking is going to kill ads as a revenue stream, all it will do is make ads more expensive because they're slightly less targeted on iOS?
Also, Apple runs their own seemingly successful ad market within the App Store app — something I'm reminded of each time I search for an app and see a competitor's app I don't want at the top of my search results, filling my screen with the new design. So it's hard to say that Apple does this for the best user experience. Showing extra popups isn't great UX. And Apple likes free apps, it makes their phone and platform more valuable, so they can charge more for the hardware knowing folks can get great apps inexpensively or free.
While I'm in favour of Apple losing its complete monopoly over App Stores and apps that compete with its own, I actually am in favour of Apple enforcing these policies on apps from its own App Store and platform. And while I would say that third-party stores could have different stances on permissions, the idea that a third-party app store could prevent a popup asking to share a phone's identifier, for example, is frankly a security bypass. The same is true if apps want to communicate with other apps without the operating system knowing.
Personally, I'd love it if Apple went a step farther and used the network layer and code signing to identify which apps actively use which trackers and tracking networks the same way they currently identify apps that use the microphone and camera. It'd be fascinating to see an operating system feature that says 50% of my network traffic in Application X was telemetry being sent to Facebook, for example.
> Personally, I'd love it if Apple went a step farther and used the network layer and code signing to identify which apps actively use which trackers and tracking networks the same way they currently identify apps that use the microphone and camera. It'd be fascinating to see an operating system feature that says 50% of my network traffic in Application X was telemetry being sent to Facebook, for example.
If you had broken this paragraph out into a separate post, it might get more and highly deserved attention.
This is Facebook’s narrative, but if Facebook makes a bit less money, how exactly does that “shift everyone to a paid App model”? Facebook’s annual net profit is an 11-digit number. Apple’s move is bad for Facebook’s stock price and good for users, and that’s probably all the noticeable impact.
Even if Apple’s motives are somehow nefarious, Facebook is being scummy in the first place, so it’s a fair move for Apple to take advantage of that, IMO.
> how exactly does that “shift everyone to a paid App model
You nailed it. Facebook wants to confuse and distract. There's absolutely no reason why Apple's push for user permission on tracking would cause the Facebook app to become subscription-based. WTF?
It already is ‘unviable’ for most companies because Facebook and Google dominate it.
It wouldn’t become unviable for Facebook because even with a smaller number of users consenting to tracking they would still have a gigantic ad market.
I'm skeptical as well considering Apple selectively leaves gaping holes depending on levels of public knowledge (e.g. talk a big game on encryption, but don't encrypt iCloud backups while using dark patterns nudging users towards using iCloud backups).
This is definitely good for privacy in the short term, but long term will depend on if Apple decides to monetize this data themselves.
Most of iCloud backups are encrypted with your PIN — the one you unlock your phone.
Some more sensitive data are backup only if you choose backup locally
iPhone users must login to use the phone. Those users need to provide valid identification info considering the phone is linked to their phone service account. Combine that with apple defining every single action the phone takes, they could easily flip a switch to start collecting "anonymized" data.
Or they could simply update the data-sharing default to "Yes" and 75%+ would never disable it.
> The don’t collect this data. How could they monetize it?
Your answer is essentially -
“in principle they could build tracking into all their software”
You seem to be suggesting that their plan is to fein interest in privacy to undermine all the tracking companies first, and then reverse their stance and become a super-intrusive tracking company.
That seems very far fetched and weirdly conspiracy like.
Also obviously not true, given that they have been lobbying for privacy legislation.
