Last week, when Apple Inc. announced the next version of its mobile operating system, iOS 8, the focus was, naturally, on features both shiny and new.
But lost amidst the gleam of the company’s expertly scripted live press release were the company’s plans for our personal data, and all the privacy implications therein.
In some areas, Apple is taking the privacy of its users more seriously. At the same time, the company is making it easier to collect more sensitive data in one centralized place than perhaps any consumer device before.
Though iOS 8 is still under development, there is a beta version of the new OS available for developers to install. Now, when apps ask for access to your phone’s sensors and data, they are more upfront about why. The microphone, Instagram now happily explains, is used to record sound for your videos – perhaps obvious in this context, but not so much when launching, say, a newly installed Calendar app.
Elsewhere, the operating system will gently prompt you when an app accesses your location data in the background – ensuring that, yes, this is indeed behaviour that you’ve opted to allow. “"Weather” has been using your location in the background,” it might say. “Do you want to continue allowing this?”
Or, more directly, “Allow Google to use your location, even when you are not using the app?”
Apple is also giving users the option of using DuckDuckGo as the Safari Web browser’s default search engine, a more privacy-conscious alternative to Google for those who would rather their search history not be tracked. And iMessages, which previously stuck around forever, can now be set to purge messages older than a year or 30 days.
These are good changes. Having some degree of choice, as users of competing smartphone platforms should know, is nice. But what will have the biggest impact on user privacy – and not necessarily for the better – are changes to the way in which apps can exchange data and interact.
One new app, called Health, acts as a repository for all of the body-related data that your phone and other paired devices collect. Currently, an app that measures the quality of your sleep or the number of kilometres you run each week only has that data to itself. It’s “siloed” data in the words of Craig Federighi, Apple’s senior vice president of software engineering. But Health will give developers the opportunity to share this data – and to use the data tracked and gathered by other apps – by storing it all in one centralized place.
The other change is a feature called HomeKit – less an app than a software layer that will allow internet connected “locks, lights, cameras, doors, thermostats, plugs, switches” to communicate between one another with ease. Here too are devices and data that currently exist in isolation, each controlled via a manufacturer’s own proprietary app. Programming your kitchen lights to turn on when the garage door opens, or for the thermostat to raise the temperature of your house when your car is an hour away is not something that, at present, is easy to do.
That so much data and digital control over our day-to-day lives now exists isn’t what matters here – it’s that Apple is taking on the very serious responsibility of unifying all sorts of private, sensitive, and revealing data into one almighty data store that can be synced to the cloud and accessible from almost any device.
“It a very compelling target, because people will know there’s a lot of high value info in one place,” says Tamir Israel, a staff lawyer at the the Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC).
“And let’s face it, all mobile devices – people can argue about which is more secure and which is less – will never be more secure than a hospital database, which is where some of this info might be pulled from.”
To put this degree of trust in singular company is a very, very big ask.
Which isn’t to say we haven’t done it before. We forget how much data we give to Google daily, such a part of the Internet’s plumbing the search giant has become. Merely logging into Facebook leaves digital cookie crumbs from our lives across the Web. You could argue we’ve been here before, we know the stakes, and that we’ll press “agree” without even a thought to the lengthy legalese.
But something about this feels different. Perhaps it’s the sudden connectivity that’s been bestowed upon things that have long remained offline amidst our increasingly digital lives. It’s not merely a trickle – a thermostat here, and a bathroom scale there – but a barrage of things coming online all at once. You don’t really realize how far we’ve come in such a short amount of time until you thumb through Apple’s Health app and realize: even now, in beta, there are 63 distinct health indicators that Apple is already expecting to catalogue about some our lives.
Your Vitamin K intake, your body’s galvanic skin response, the oxygen saturation of your blood, your inhaler usage, your body-fat percentage – it’s all there, waiting to be tracked.
Mr. Israel aptly points out that these centralization concerns are hardly unique to Apple. Google and Facebook and myriad other companies grapple with these concerns every day. But given Apple’s user base and market penetration, its ambitious plans for unifying health and home data certainly make it one of the most mainstream.
“We’re not just talking [data from] light switches and temperature,” Mr. Israel says of the potential for risk. “one of the things we’ve seen with malware on mobile platforms is they try to find ways to secretly activate the recording hardware on these devices so they can hear what’s going on.”
“The more of these functions that get centralized into these devices, the more important it becomes to really up their security game.”
That’s not to say that Apple isn’t up to the challenge, or is incapable of securing the data that it wants to centralize and store. But everything gets hacked or attacked eventually. There’s always a chance that something can go wrong.
While Health and HomeKit certainly aim to solve common pain points of dealing with wearable devices, activity trackers and the connected home – and might very well prove to be features both valuable and great – it’s good to know the stakes before deciding who to trust with your data.
Because, really, we should stop thinking it’s “just my iPhone.” More than ever, it’s a digital extension of ourselves.