U.S. Markets close in 7 mins

Apple's new privacy promises hold up

Aaron Pressman
AP Trust me. Apple posted a big thing about how it takes care of your data and privacy on its website. In a letter to customers, Tim Cook said, “A few years ago, users of Internet services began to realize that when an online service is free, you’re not the customer. You’re the product. But at Apple, we believe a great customer experience shouldn’t come at the expense of your privacy.” Lots of people latched onto that line, and interpreted this as a sign that Apple was attacking Google and Facebook. Some even think that this is Apple trying to position itself as the anti-Google to consumers who are worried about privacy. Apple is certainly trying to do some of that, but that’s not the real reason it’s talking about privacy right now.  The reason Cook is making a big deal out of privacy right now is that Apple is about to have an unprecedented amount of data on us. It will have our credit card data, it will have our personal health data, it will have our text messages, our emails, and our naked photos all on one tiny device — the iPhone.  Apple For the most part, people don’t really care about privacy. We’ve given up on the idea of privacy. As long as our products work, we’re willing to trust corporations with our personal information. But, if anybody starts to have any doubts about whether or not it’s smart to give Apple all this information, it could hurt Apple. Tim Cook is trying to get out in front of that doubt by telling the world Apple can be trusted.  There’s a secondary impact that he disses Google, but that doesn’t matter. Nobody is bailing on Google because of privacy, just ask Microsoft which tried that route for some advertising.  This is all about getting people comfortable with Apple having an insane amount of personal data on us. Read more stories on Business Insider, Malaysian edition of the world’s fastest-growing business and technology news website.

After years of learning about all the sneaky ways companies track us online, even when they kind of, sort of say they won’t, it’s hard not to be cynical about the so-called privacy policies they post.

After all, the Federal Trade Commission has an endlessly scrolling Web page listing its actions against companies for online privacy policy violations, ranging from the goofy guy whose flashlight app secretly sent precise location data to advertisers to major players such as Google (GOOGL), dinged for ignoring a browser’s "do not track" setting.

So when Apple (AAPL) CEO Tim Cook put up a letter last night bragging about his company’s enhanced privacy and security policies, I reached for my cynical analyst cap and got to work digging into the 500-word missive and its supporting articles.

Suspect timing

The timing is certainly somewhat suspect. Apple just introduced new iPhones and software with the capability to collect an array of incredibly sensitive health data, including blood sugar levels and heart rates. And the company surely doesn't want customers dwelling on the recent theft of Hollywood celebrities' nude photos from Apple's iCloud servers.

In the letter, Cook obliquely attacked his recently designated top rival Google and promised Apple deeply respected the privacy of its customers’ personal information.

“A few years ago, users of Internet services began to realize that when an online service is free, you’re not the customer,” Cook wrote. “You’re the product. But at Apple, we believe a great customer experience shouldn’t come at the expense of your privacy.”

That’s been a rallying cry of Apple fans for ages.

Immediately, I thought I found a gotchya -- Apple doesn’t make all its money from selling products, just most of it. It also helps sell advertising in apps via its iAds service, just like Google!

Cook went on to explain, briefly, that customers need not worry, because iAds “sticks to the same privacy policy that applies to every other Apple product.” And more-detailed articles linked to his letter explain how iPhone users can even block iAds tracking by switching off the scheme Apple created for advertisers to differentiate and identify individual phones.

But that might not be the real issue for users, because Apple’s iAds network is a relative pipsqueak in the mobile ad space, garnering just 2.5% of mobile ad revenue last year (and it isn’t projected to crack 3% in the next three years), according to an analysis by eMarketer. Apple iPhone app users still see plenty of ads, though, and generate slightly over half of all mobile ad revenue. They just don’t see many placed via Apple’s in-house solution. And if those other services aren’t using Apple’s phone identifier scheme, they wouldn’t be affected when a user turns on the "limit ad tracking" privacy setting.

Surprising research

However, that’s where a little research stopped me dead in my cynical tracks. Back in 2011, Apple introduced its own phone identification code for advertisers. Most advertisers were using a unique serial number in every phone known as UUID, a number that users couldn't change or block. By creating an identifier just for advertising purposes, Apple could exert more control over how and when it was used.

Initially advertisers weren't much interested in that scenario. But slowly Apple tightened control over ad tracking, stopping use of the UUID and prompting – or really requiring – competing mobile ad networks such as Google’s to rely on Apple’s identifier scheme. And all apps that rely on Apple’s in-house tracking id are blocked if the user switches on the "limit ad tracking" setting.

So that gotchya I thought I found? Not correct -- an iPhone user can block ad tracking on all ad networks by using the privacy setting to limit it. "When Limit Ad Tracking is turned on, third-party apps are forbidden by Apple’s guidelines to use the Advertising Identifier to serve you targeted ads," Apple says. "As part of submission to our App Store, Apple requires all developers to agree that they abide by your choice to Limit Ad Tracking." And you can be sure the FTC will be tracking that requirement pretty closely.

Still, there is a minor issue or two with Cook’s letter. It’s probably smart from a marketing perspective for Cook to hype Google’s dependence on collecting personal user data with creepy language, even if he doesn’t mention his rival by name. But it could be a little misleading.

"We don’t ‘monetize’ the information you store on your iPhone or in iCloud,” Cook writes. “And we don’t read your email or your messages to get information to market to you.”

The first phrase is ambiguous enough to make it sound like some other service is trying to sell the rights to the pictures you store or steal your screenplay idea. In reality, automated software analyzes files to customize search results and advertising based on keywords. It’s the same with email. There aren’t a bunch of Google employees that “read your email.” It’s all software analysis.

Apple may not have such programs, but its human customer service reps have been tricked into giving email access to hackers, a totally different but much more damaging problem. That kind of targeted hacking of Apple accounts was going on for a year before the recent, high-profile photo thefts from Hollywood stars.

Google introduced a much more secure form of account log ins, known as two-factor authentication, in 2011, two years earlier than Apple. And Apple only belatedly expanded its two-factor program to block hackers from stealing backed-up data such as photos after the Hollywood scandal.

And, to be sure, Apple’s recent changes should dramatically improve the security and privacy of information stored on its servers. Sometimes it takes it problem like the celebrity hacking scandal to get a company motivated.

Related Video: