Apple's iOS 14.3 introduces Privacy Nutrition Labels for apps sold at the App Store, and that's good for users, developers, and the enterprise.
Apple today is introducing iOS 14.3, and among a host of improvements, the upgrade introduces Privacy Nutrition Labels for apps sold at the App Store. This should be good for developers, enterprises, and users.
What are Privacy Nutrition Labels?
Apple announced Privacy Nutrition Labels at WWDC 2020. Under the scheme, developers selling apps on the App Store must explain the privacy practices of each one they sell. That means detailed information concerning what data they collect, why, and what they do with it must be provided to users in the form of what looks like a food nutrition label.
The idea is that users — including you and your employees — can engage in a deep review of the privacy practices of apps you may permit the use of on enterprise devices.
The scheme is only now being rolled out. Apple has asked developers to provide this information with their app since Dec. 8; while apps already available in the store don’t have to have it, as developers roll out updates, they’ll be expected to include where data is being used and in what category (including financial and personal data).
It’s not just third-party developers who must include such information. Apple is offering this information on pages for its own downloadable apps and also provides detailed privacy information on all its applications on its website.
Why it’s good for developers
Most developers gather little or no data. What information they do collect usually relates to app functionality and is often quite limited in scope — most of the time.
There are developers who collect vast amounts of data concerning their users, and sometimes this information extends far beyond app functionality. Almost without exception, you’ll find those developers complaining about Apple’s privacy focus are the same ones who harvest these vast quantities of data about you and your employees.
What has made things a little unequal is that smaller developers offering functionality that doesn't infringe on privacy have been limited in how they can explain this – particularly if what their app does is replicated by a less privacy-focused developer with a bigger marketing budget.
Apple’s Privacy Nutrition labels give developers who do respect user privacy a clear and visible way to express that commitment — there’s even a logo that shows when an app gathers no user data at all.
With a little luck, it’s possible those developers who have not considered user privacy until now may become more motivated to do so as users migrate to more privacy-conscious alternatives, changing how their apps work in order to regain space in the circle of trust.
Why it’s good for users
Apple has tried to make it easier to surface this kind of information by, for example, making it possible to review specific permissions granted to apps to use the camera and microphone on your device(s). However, even this insight doesn’t provide a sufficiently complete picture to enable users to make smart choices around privacy protection.
App Privacy labels change this.
Now a user can see at a glance what an app's privacy practices might be. This gives them a chance to reject apps that ask too much, and a credible way to identify which ones that respect user privacy are available for what they need to get done.
This puts users in control of their own digital destiny.
Why it’s good for enterprises
Assuming your business isn’t concerned with making money through the exploitation of user information gathered by apps, data harvesters, and data brokers, then a move to Privacy Nutrition Labels should be good for you, too.
When it comes to reviewing apps for use on your private enterprise networks or using hardware that relates to your business, IT now has a credible source of trusted information to help sign off on an app’s privacy practices.
Privacy Labels will make it much easier for your business to approve applications your users can install on enterprise-related machines, which in itself may help protect your business against increasingly sophisticated hacks and cyberattacks.
While we don’t know how closely Apple will police this feature, it’s reasonable to assume that apps that fail to accurately disclose privacy practices may be thrown off the store.
And, the fact they have expressly failed to provide full information may leave such developers exposed to litigation by users who may suffer injury as a result of being willfully misled by a less-than-true claim regarding app privacy. (I'm not a lawyer, but it sounds like a credible argument to me.)
Why it’s good for all of us
This is just the latest in a rich salvo of fantastic privacy-focused improvements Apple continues to introduce in line with its philosophical belief that privacy is a human right. And the best way to preserve that right is to provide all the convenience of technology without needing to gather people’s private information in the first place.
That’s why Safari became the first browser to block third-party cookies by default back in 2005 and why the company prevented Mac fingerprinting in 2018.
Apple Vice President of Software Craig Federighi recently said:
“Never before has the right to privacy — the right to keep personal data under your own control — been under assault like it is today. As external threats to privacy continue to evolve, our work to counter them must, too.”
This is turning into a philosophical war against those with other business plans. But the truth must surely be that the more complex our devices become, and the more essential to everyday life they are, the more data they will feasibly contain.
After all, that information isn’t just about personal data. It also extends — quite literally — to software, passwords, and system data for connected manufacturing, agriculture, and beyond — all of which also need to be protected.
As for the false difference between the right to protection of consumer and enterprise information, the recent SolarWinds attack shows that even the world’s most secure organizations can be hacked, which means the very best way to protect personal, enterprise, and, indeed, national security data is not to collect it in the first place.
After all, you can’t steal what doesn’t exist, which is what Apple’s approach to "data minimization" is all about: Convenience, without insecurity.