'Privacy. That’s Apple,’ the slogan proclaims. New research from Aalto University in Finland begs to differ.

The researchers studied eight default apps, the ones that are pretty much unavoidable on a new device, be it a computer, tablet or mobile phone: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My and Touch ID. They collected all publicly available privacy-related information on these apps, from technical documentation to privacy policies and user manuals.

'Due to the way the user interface is designed, users don’t know what is going on. For example, the user is given the option to enable or not enable Siri, Apple’s virtual assistant. But enabling only refers to whether you use Siri’s voice control. Siri collects data in the background from other apps you use, regardless of your choice, unless you understand how to go into the settings and specifically change that,’ says Associate Professor Janne Lindqvist, head of the computer science department at Aalto.

'The online instructions for restricting data access are very complex and confusing, and the steps required are scattered in different places. There’s no clear direction on whether to go to the app settings, the central settings – or even both,’ says Amel Bourdoucen, a doctoral researcher at Aalto.

In addition, the instructions didn’t list all the necessary steps or explain how collected data is processed.

The researchers also demonstrated these problems experimentally. They interviewed users and asked them to try changing the settings.

‘It turned out that the participants weren’t able to prevent any of the apps from sharing their data with other applications or the service provider,’ Bourdoucen says.

  • DeltaTangoLima@reddrefuge.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    7 months ago

    Interesting (kinda) coincidence. I’ve just switched from Android back to iPhone, after about 10 years away from the platform.

    But I use an always-on Wireguard VPN back to my home network, with my DNS set to my Pi-hole servers and my firewall rules blocking access to all external DNS servers, except from my Pi-holes for upstream resolution.

    I’m yet to do some p-caps to see what I’m missing in this setup - while I’m confident it did a great job of protecting me from a lot of Google’s data-harvesting shenanigans, I’m yet to investigate what I need to do to achieve a similar outcome for my iPhone.