Apple, that paragon of proprietary, seems to have stolen a march on the moral high ground that Google’s Android once claimed. Android, after all, is open source. But open source can be not-quite-open, while Apple’s strict privacy-first mentality may be making it the preferred destination for freedom fighters that used to default to open source Android.
SEE: Mobile device security: Tips for IT pros (free PDF) (TechRepublic)
Getting its privacy act together
Though Apple has long talked a good game on privacy, the reality of its track record is mixed. For example, earlier this year at CES Apple claimed that “What happens on your iPhone stays on your iPhone,” a not-so-clever play on Las Vegas’ tagline. If only.
As The Wall Street Journal‘s Joanna Stern noted, “Don’t be too confident in [Apple’s] privacy controls. Our test of 80 apps in Apple’s App Store reveals most apps are tracking you in ways you cannot control.” About the same time, The Washington Post‘s Geoffrey Fowler ran tests that revealed thousands of trackers pulling data from his iPhone: “In a single week, I encountered over 5,400 trackers, mostly in apps.”
SEE: Tim Cook says Apple is “moving privacy protections forward” (CBS News)
At Apple’s annual WWDC this week, the company was at pains to put the kabosh on privacy-sapping aspects of the online experience, introducing new features like Apple Login to keep companies like Facebook and Google from using easy logins to cart away user data by the truckload. Apple Login’s generation of a single-use email address enables brands to reach their users without being able to sell their user data. It’s not nearly enough to stop apps from sucking data, but it’s a good start.
It’s also a lot more than one can expect from Android, which has long been the more community-friendly counterbalance to Apple’s proprietary ways.
Android talks the walk
As bad as Apple’s iPhone has been with user privacy, Google’s Android has been worse. While the company recently trotted out some improvements, the harsh reality is that it is not in Google’s interest to secure privacy–at least, not private data that it can otherwise use to push ads.
Small wonder, then, that recent academic research from Vanderbilt professor Douglas Schmidt found that Android phones pull roughly 10x more user data than iPhones. Focusing just on their respective browser apps, Schmidt found that Chrome on Android sends roughly 50x more data to Google than Safari on iPhone. He concludes:
[Google is] able to collect user data through a variety of techniques that may not be easily graspable by a general user. A major part of Google’s data collection occurs while a user is not directly engaged with any of its products. The magnitude of such collection is significant, especially on Android mobile devices.
And why? Because Google “utilizes the tremendous reach of its products to collect detailed information about people’s online and real-world behaviors, which it then uses to target them with paid advertising.”
So, unlike Apple, that has left its advertising efforts to die, and hence can introduce something like the Apple Login without needing to keep user data for its own advertising purposes. Google simply can’t shut off the spigot feeding its business model. In fact, users don’t even have to install these privacy-sucking apps–they come pre-installed on Android, with a dash of malware thrown in, as an IEEE research paper has highlighted.
In sum, Apple’s closed nature might actually serve to make it a more welcoming environment for users, particularly those inclined toward freedom. Google CEO Sundar Pichai can toss grenades at Apple, arguing that “Privacy cannot be a luxury good offered only to people who can afford to buy premium products and services,” but the criticism falls flat given that Google stripmines rich and poor of their private data so as to spam them with ads. The iPhone, ironically, is becoming a bastion of freedom–not of source code, but of a user’s control over her privacy.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays