A watch that actually tells time, all the time. Portrait mode for pets. Slofies. Apple’s annual shiny-new-toys event last week was packed with glitzy news from Apple as usual. These features are fun, but something’s been troubling me for the last few days since those announcements: something that was almost completely ignored for the entire 90 minutes.
Apple, which regularly touts its user privacy and security credentials, was surprisingly silent about this topic during its event. The only time privacy came up was in relation to using data from Apple Watch to support health research. That seems incongruous for a company that ran a giant billboard ad proclaiming, “What happens on your iPhone, stays on your iPhone,” particularly given that consumers value personal data protection more than ever amidst the seemingly never-ending stream of leaks, hacks, and missteps.
Here are some important things I wish Tim Cook and his team had said:
“The new U1 chip in the new iPhone offers granular location tracking, and here’s how we’ll prevent that from being misused.”
Has Apple learned any lessons since it last introduced a micro-location technology, iBeacon? It was a disaster for privacy, quickly adopted by companies wanting to track our every move, potentially down to the inch. Apple’s own website explains to developers how they can use beacons to target consumers in stores based on which section of the store they’re in.
So what are we to think of the new U1 chip, which Apple describes as “more precise”? Or the new ability it enables for others to identify your device’s name (which is often set to your actual name) simply by pointing their U1-equipped device at you? Will Apple, retailers, and advertisers be able to tap into these new trackers to collect more data from you, more quickly, and more accurately? Greater location tracking precision means greater privacy and security risks, and it’s a shame Apple didn’t proactively address them.
“We are going to have a lot of data about how you consume content, and here’s exactly what we are going to do with it.”
Apple used to make money primarily by selling hardware to consumers, but product sales have been dipping. Meanwhile, its services (apps, music, videos, photos, etc.) are an increasingly lucrative business and now account for one-third of the company’s gross profits. To keep consumers hooked on its newest services like Apple Arcade and Apple TV+, the company will no doubt want to analyze our behavioral data. To demonstrate it truly cares about consumer privacy, it should have been proactive in answering key questions: What sort of data will it be collecting? How exactly will that happen? Who will have access to this data? Do consumers have the ability to opt-out?
“We will treat security vulnerabilities with the gravity they deserve and be honest with our users about the risks they face.”
Google security researchers recently revealed that vulnerabilities in iOS were exploited to hack thousands of iPhones in an attack understood to be targeted at the persecuted Uyghur minority. Security researchers responded with shock at the chillingly broad scale of the attack, which went undetected for years. Apple responded by downplaying the impact and criticizing how Google described it.
These were exploits that enabled deep system access to hackers, providing access to nearly all personal information on the compromised iPhone. And since that includes authentication tokens, it could also unlock access to the user’s accounts independent of the compromised device, indefinitely. Simply put, this was the most consequential iPhone hack ever. So for Apple’s executives to stand on stage just days after the disclosure and wax lyrical about new phones without a peep about how the company will improve its security posture felt like a dereliction of duty.
Apple’s announcement wasn’t just a bid for our wallets but also for our data: Use an iPhone to capture all your personal moments, make an iPad your primary computing device, watch all your entertainment through Apple TV and Apple TV+, and let Apple Watch track and analyze your health stats. So its silence on privacy and security during its most high-profile event was glaring.
If the company wants consumers to trust it with some of their most sensitive data, it needs to earn that trust through words and actions and live up to its stated belief that privacy is a fundamental human right.
Harold Li is vice president of ExpressVPN.