Apple has officially rolled out the new privacy labels on its App Store, which allows users to understand the type of data collected by each app.
The labels are displayed under the download option. According to CNBC, most apps will receive as many as three labels, depending on the information app makers are required to submit to Apple.
Security leaders say these privacy changes in iOS 14 are part of an unstoppable trend to increase the protection of user privacy. The move, however, has been criticized from app makers for being too "strict" with its demand, as well as the possibility of the labels discouraging users from downloading apps. Developers must now show what information they gather, listed in terms of what is taken to track users and what is linked directly to them.
Chris Hazelton, Director of Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile security solutions, says this trend will not stop with tracking for advertisers and developers that update their apps moving forward won’t have their apps approved unless they include this information. "macOS 10.15 Catalina kicked everyone out of the kernel, a privilege that endpoint security providers had since the beginning of desktop operating systems. With this move security vendors are now also limited in accessing user and system information, and must operate like any other app. Fighting this trend is like fight the ocean tides; you can't. You have to adapt to the trend and innovate or die. Mobile security providers innovated when they couldn't have kernel access and I am sure advertisers will find a way to innovate as well," Hazelton adds.
iOS 14, however, puts additional focus on user privacy, and in particular gives users better visibility into their personal information that is shared with 3rd parties, he notes. "Users are more in control of their personal information. They can now decide on an app-by-app basis which will have access to personal data. Previously, iOS users only had the choice between sharing all their information when using apps, or declining to share and not having access to apps. Now Apple has created levers for users to more easily pick and choose the developers with which they share personal information. This requirement to disclose third-party data collection, and whether it’s used for tracking will make it easier for users to understand how apps use personal data. This format will clearly disclose the data used to track users across their other apps and websites. It will also disclose how data, like financial information, will be linked to other accounts, devices, or identities. Like nutrition labels in real life, the goal is to create a common, easily understandable format for users to see how their personal data is collected and used by developers and their partners. It will make it easier for users to question whether free services from developers are worth the cost in terms of privacy and security of their own data.”
Setu Kulkarni, Vice President, Strategy at WhiteHat Security, a San Jose, Calif.-based provider of application security, notes, “Typically, end users "trust" their mobile phones as well as the apps on their phones. However, these apps have unparalleled access to explicit, and more importantly, implicit user data.
He says the average application user is not savvy enough to understand technical feedback from applications. Therefore, the details of the data that the app is capturing has to be communicated in a manner that the average user is able to comprehend and make decisions on how they want to use the app.
"In general, this move is a good one that will force the convergence of privacy and user experience," he says. "Moreover, if done right, end users will start trusting some apps over others. An app that tells me that “we track you current location only when you are using the app, but do not store your tracking information” will fare better at garnering trust than an app that tells me “tracks GPS coordinates. The challenge is going to be – how does the app developer now relay all this on the limited form-factor that a mobile phone offers and yet engage the end user?”