After years of learning about all the sneaky ways companies track us online, even when they kind of, sort of say they won’t, it’s hard not to be cynical about the so-called privacy policies they post.
So when Apple (AAPL) CEO Tim Cook put up a letter last night bragging about his company’s enhanced privacy and security policies, I reached for my cynical analyst cap and got to work digging into the 500-word missive and its supporting articles.
The timing is certainly somewhat suspect. Apple just introduced new iPhones and software with the capability to collect an array of incredibly sensitive health data, including blood sugar levels and heart rates. And the company surely doesn't want customers dwelling on the recent theft of Hollywood celebrities' nude photos from Apple's iCloud servers.
In the letter, Cook obliquely attacked his recently designated top rival Google and promised Apple deeply respected the privacy of its customers’ personal information.
“A few years ago, users of Internet services began to realize that when an online service is free, you’re not the customer,” Cook wrote. “You’re the product. But at Apple, we believe a great customer experience shouldn’t come at the expense of your privacy.”
That’s been a rallying cry of Apple fans for ages.
Immediately, I thought I found a gotchya -- Apple doesn’t make all its money from selling products, just most of it. It also helps sell advertising in apps via its iAds service, just like Google!
But that might not be the real issue for users, because Apple’s iAds network is a relative pipsqueak in the mobile ad space, garnering just 2.5% of mobile ad revenue last year (and it isn’t projected to crack 3% in the next three years), according to an analysis by eMarketer. Apple iPhone app users still see plenty of ads, though, and generate slightly over half of all mobile ad revenue. They just don’t see many placed via Apple’s in-house solution. And if those other services aren’t using Apple’s phone identifier scheme, they wouldn’t be affected when a user turns on the "limit ad tracking" privacy setting.
However, that’s where a little research stopped me dead in my cynical tracks. Back in 2011, Apple introduced its own phone identification code for advertisers. Most advertisers were using a unique serial number in every phone known as UUID, a number that users couldn't change or block. By creating an identifier just for advertising purposes, Apple could exert more control over how and when it was used.
Initially advertisers weren't much interested in that scenario. But slowly Apple tightened control over ad tracking, stopping use of the UUID and prompting – or really requiring – competing mobile ad networks such as Google’s to rely on Apple’s identifier scheme. And all apps that rely on Apple’s in-house tracking id are blocked if the user switches on the "limit ad tracking" setting.
So that gotchya I thought I found? Not correct -- an iPhone user can block ad tracking on all ad networks by using the privacy setting to limit it. "When Limit Ad Tracking is turned on, third-party apps are forbidden by Apple’s guidelines to use the Advertising Identifier to serve you targeted ads," Apple says. "As part of submission to our App Store, Apple requires all developers to agree that they abide by your choice to Limit Ad Tracking." And you can be sure the FTC will be tracking that requirement pretty closely.
Still, there is a minor issue or two with Cook’s letter. It’s probably smart from a marketing perspective for Cook to hype Google’s dependence on collecting personal user data with creepy language, even if he doesn’t mention his rival by name. But it could be a little misleading.
"We don’t ‘monetize’ the information you store on your iPhone or in iCloud,” Cook writes. “And we don’t read your email or your messages to get information to market to you.”
The first phrase is ambiguous enough to make it sound like some other service is trying to sell the rights to the pictures you store or steal your screenplay idea. In reality, automated software analyzes files to customize search results and advertising based on keywords. It’s the same with email. There aren’t a bunch of Google employees that “read your email.” It’s all software analysis.
Apple may not have such programs, but its human customer service reps have been tricked into giving email access to hackers, a totally different but much more damaging problem. That kind of targeted hacking of Apple accounts was going on for a year before the recent, high-profile photo thefts from Hollywood stars.
Google introduced a much more secure form of account log ins, known as two-factor authentication, in 2011, two years earlier than Apple. And Apple only belatedly expanded its two-factor program to block hackers from stealing backed-up data such as photos after the Hollywood scandal.
And, to be sure, Apple’s recent changes should dramatically improve the security and privacy of information stored on its servers. Sometimes it takes it problem like the celebrity hacking scandal to get a company motivated.