Apple’s privacy-focused ‘nutrition labels’ for apps are only a start

Do you trust companies like Facebook to accurately and completely tell you how, and to what extent, their apps monitor and track you both on your phone and across the entire internet? The question is not a rhetorical one, as Apple’s latest privacy push relies on the answer to that question being “yes.”

Most privacy policies are an unintelligible mess. This problem, thoroughly documented by the New York Times Privacy Project in 2019, is only compounded when people are forced to read the sprawling documents on their smartphones — squinting the entire time they scroll. Apple unveiled a new feature on Monday for the forthcoming iOS 14 intended to address this problem. The proposed solution is labels, similar to nutrition labels seen on the side of food packaging, that quickly and clearly tell users how an app uses their data. 

At face value, this idea sounds great. According to slides shared at WWDC, app labels would list out, in plain language, what data is linked to you and what data is used to track you. There’s just one glaring problem: All the information in the label is self-reported by the companies and developers behind the apps.

Katie Skinner, Apple’s manager of user privacy software, explained the company’s approach to the privacy labels during the WWDC presentation. 

“We’ll show you what they tell us,” she noted. “You can see if the developer is collecting a little bit of data on you, or a lot of data, or if they’re sharing data with other companies to track you, and much more.” 

Erik Neuenschwander, Apple’s director of user privacy, detailed how this differs from Apple’s current practices and how the company’s plan was inspired by the humble nutrition label (this all begins around 58:22 in the above embedded video if you want to watch along). 

Today, we require that apps have a privacy policy. Wouldn’t it be great to even more quickly and easily see a summary of an app’s privacy practices before you download it? Now, where have we seen something like that before? For food, you have nutrition labels; you can see if it’s packed with protein or loaded with sugar, or maybe both, all before you buy it. So we thought it would be great to have something similar for apps. We’re going to require each developer to self-report their practices.

This raises a lot of questions. For starters, how will Apple ensure that the self-reported data is accurate? If a company misrepresents the data it collects on app users, or omits key tracking practices on the privacy label, will Apple hold that company accountable? If so, how? And by when will Apple require all apps in the App Store to have such a privacy label?

We reached out to multiple specific people at Apple, in addition to the general media contact with a host of questions, but received no response from the company. 

As things currently stand, Apple reserves the right to boot developers and their apps from the App Store for things like “[sharing] user data without user consent.” It’s unclear if Apple would take a similar step against, say, Facebook, for failing to list specific data-collection practices on its iOS app’s privacy label.   

To be clear, the goal of making privacy policies more digestible is a laudable one, and Apple should be cheered for this first step — but it is only a first step. 

Because, as things stand, the entire privacy-label proposition depends on companies being honest and forthright about what they do with users’ data — something history has shown to be a dicey proposition. 

Just earlier this year, for example, Motherboard reported that Zoom’s iOS app was sending users’ data to Facebook. The app did this even if users did not not have a Facebook account, and without explicitly stating it did so in the iOS app’s privacy policy. 

SEE ALSO: Mark Zuckerberg doesn’t want to talk about tracking users who’ve logged out of Facebook

Perhaps in the future, Apple will go further than relying on app developers to accurately and clearly fill out the new app privacy label. But hey, until then, it’s a start.