> The Android platform API should simply never allow apps to obtain global system identifiers
When the revenue stream of the creator of Android fundamentally depends on being able to tie devices to identity and behaviour, it's highly unlikely this is going to happen. They can't also keep it only for themselves and block for others or they'll get unfair trade practices action on their backs.
Thr fact that Apple which could do this without significant adverse monetary impact but has chosen not to do so suggests they want to keep the possibility of re-entering the advertising business (or at least portray so to their shareholders)
> Thr fact that Apple which could do this without significant adverse monetary impact but has chosen not to
They restrict access to most of the things listed above, giving randomised fakes where necessary. The advertising ID they do let apps access is unique to a publisher so they can't be tied together with behaviour from apps by other publishers, and it's trivially disabled/resettable by the end user (Settings > Privacy > Advertising > Limit Ad Tracking / Reset Advertising Identifier…). They improve things every year, e.g. Safari's intelligent tracking prevention.
I'm not really sure how you can arrive at the conclusion that Apple are holding back; they seem clearly committed to improving privacy as demonstrated by their continuous work in the area.
> The advertising ID they do let apps access is unique to a publisher so they can't be tied together with behaviour from apps by other publishers, and it's trivially disabled/resettable by the end user (Settings > Privacy > Advertising > Limit Ad Tracking / Reset Advertising Identifier…).
They still let apps give you a unique identifier through shared containers, those will only be deleted if you delete all apps that can access it. There is also some other container (I forgot the name) which will never be deleted unless you get a new device and don't restore any backups.
You can see this kind of behaviour when you delete Instagram and they automatically fill out your username the next time you install it.
With Facebook owning WhatsApp, they are already able to give each iOS device a unique identifier. What is Apple going to do about it? Remove WhatsApp from the App Store?
Shared containers are also restricted by publisher – you can't share data with another publisher using them.
I believe the other container you're talking about is the keychain. You can store small amounts of data in there (typically secure auth info) and it will persist even after app deletion. This is hardware encrypted by the Secure Enclave and can't be shared between publishers.
Apple have shown that they are willing to remove big social media apps from the App Store just a few weeks ago, with Tumblr.
Also, collecting information for use in WhatsApp and using it for a different purpose in Facebook is a DPA and GDPR violation:
Apologies, I'm conflating two slightly different things there.
There's the identifierForVendor [0] which is unique to the publisher. This is pretty safe to use however you see fit (within reason).
Then there's the advertisingIdentifier [1], which is not unique, but can easily be permanently zeroed out by the user. Apple also have some fairly stringent rules about how it can be used [2], not to mention further rules about not identifying people surreptitiously [3]:
> 5.1.2 Data Use and Sharing
> (iii) Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way.
They ask you to explicitly confirm that you're following the advertising identifier rules in particular every single time you submit to the App Store.
Cannot these restrictions be lifted if you write that the user agrees to sharing all of their data for any purposes somewhere between the lines of a 20-page Privacy Policy?
I imagine Apple has the final word on how to define the word surreptitiously. I would like to think Apple could interpret somewhere in 20 page privacy policy is surreptitious.
>I'm not really sure how you can arrive at the conclusion that Apple are holding back; they seem clearly committed to improving privacy as demonstrated by their continuous work in the area.
Given the Apple phone was successfully hacked in the FBI case, I'm not sure why HN seems to think they are the bastion of privacy.
Given the other anti-consumer and anti-developer practices at Apple, I wouldn't trust them to protect privacy(today, and in the future when their stock price takes a hit).
That iPhone was a 5C which doesn't have the Secure Enclave Processor and is a huge jump in hardware security. There's a reason the FBI rails against Apple even in their public speeches and I assure you it's not because they are insecure.
I was responding to somebody who is under the impression that Apple are purposefully choosing not to protect user privacy. The most powerful government in the world hacking an Apple product in their possession without Apple's consent isn't relevant to that. If anything, the fact that Apple went to court to avoid being compelled to aid them in the endeavour supports what I am saying.
I'm not saying that Apple products are 100% impenetrable against nation states; I'm pointing out that Apple are clearly putting serious effort into protecting user privacy.
I'm not sure why this is such a foreign concept to so many people. This is something Apple can do that their competitors cannot due to their business models. It's becoming more and more of a concern to customers and the law in many places. Even if you assume Apple are 100% self-serving, this is obviously a valuable differentiator for them to capitalise on.
That is illogical. Declining to hand over unwarranted data to LEO is independent of using user data for commercial purposes.
Google also has tight security and privacy from government intrusion
It's contradictory in fact, because data monetizing companies prefer to control data not leak it, to keep the data's price high.
>When the revenue stream of the creator of Android fundamentally depends on being able to tie devices to identity and behaviour, it's highly unlikely this is going to happen.
Well put. I’ve tried to explain to people that I prefer Apple’s upfrontness that they are there to sell me a device and it’s software for money. Unlike Android systems where I feel the lead is intentionally buried by telling me how “free” the software is.
iOS apps have similar issues, actually. On the Android side, you can at least use free and auditable apps from the F-Droid repository, and buy your device from an OEM vendor which will let you unlock it and install google-free LineageOS.
(More speculatively, the community is now working on replacing AOSP altogether with the usual Linux desktop stack, via PostmarketOS. Not usable right now, but it's progressing rather quickly, and may well be practically useful later in 2019.)
>On the Android side, you can at least use free and auditable apps from the F-Droid repository, and buy your device from an OEM vendor which will let you unlock it and install google-free LineageOS.
Do you go audit every line of source code in the apps and OS you install? Do you then verify that the binary blobs you're installing were built from the same source? Do you somehow audit the source for the firmware on your device and verify that that is the firmware installed on your device? What about the hardware, do you audit it?
Filtering apps by license is a great filter for intent. There are many reasons people write FLOSS licensed software for, but the fewest include wanting to get your data. For economically thinking professional data collectors who e.g. put some dancing pigs game out to get your contact data, the gaining access to a small population aren't worth the effort of open sourcing. F-Droid also has the concept of antifeatures, which upfront informs users about potentially unwanted behaviour like tracking.
I trust the community (including the security community) to do a better job at this than a handful of proprietary hardware and software vendors. Yes, it would be nice to have more openness on the hardware side too (and the Librem 5 phone is a worthwhile answer to that) but let's focus on the lowest-hanging fruit first.
Being non-free and non-auditable, including proprietary SDKs that can gather tracking info/IDs, connecting to Facebook (even when the app is something other than a FB client)... Stuff that's quite comparable to what the video is talking about.
Indeed. I don't have a Facebook account and yet various apps on my iOS devices still attempt to connect to graph.facebook.com (amongst other servers I'd rather they didn't, e.g. flurry).
Not true at all..this would have significant monetary impact. If advertisers lose to ability to monitor purchases at a granular level attributed to advertiser specific initiatives they will not spend and that has a chain effect that trickles to apple since they take 30% cuts of all in app revenue. If advertisers pull the plug on in app purchases and go around...they may go the route of removing IDFA to screw over advertisers for trying to go around their App store.
When the revenue stream of the creator of Android fundamentally depends on being able to tie devices to identity and behaviour, it's highly unlikely this is going to happen. They can't also keep it only for themselves and block for others or they'll get unfair trade practices action on their backs.
Thr fact that Apple which could do this without significant adverse monetary impact but has chosen not to do so suggests they want to keep the possibility of re-entering the advertising business (or at least portray so to their shareholders)