When compared to the likes of Facebook, Google, and others, Apple are probably doing a better job. But they could be doing more.

Bloomberg Businessweek (paywall):

Bloomberg News recently reported that for years iPhone app developers have been allowed to store and sell data from users who allow access to their contact lists, which, in addition to phone numbers, may include other people’s photos and home addresses. According to some security experts, the Notes section—where people sometimes list Social Security numbers for their spouses or children or the entry codes for their apartment buildings—is particularly sensitive. In July, Apple added a rule to its contract with app makers banning the storage and sale of such data. It was done with little fanfare, probably because it won’t make much of a difference.

When developers get our information, and that of the acquaintances in our contacts list, it’s theirs to use and move around unseen by Apple. It can be sold to data brokers, shared with political campaigns, or posted on the internet. The new rule forbids that, but Apple does nothing to make it technically difficult for developers to harvest the information.


The company’s main argument for why it’s a better steward of customers’ privacy is that it has no interest in collecting personal data across its browser or developer network. It simply doesn’t need to, because it doesn’t make its money off advertising. The public wholeheartedly agrees with this “hear no evil, see no evil” strategy because of popular discomfort over the quiet surveillance of private online habits by all the other multibillion-dollar corporations.

Apple’s argument holds when it comes to tracking phone messages or the articles users read. Certain data are indeed safer from third parties when stored on a device. But when it comes to the app developer network, that’s like a parent—in this case, Apple—claiming the developer kids are well-supervised. They’re not. Once Apple reviews and approves independent apps, it can’t see how the data they collect is used.