Linked by Thom Holwerda on Thu 10th May 2018 03:03 UTC
Apple

Over the last few days, Apple has seemingly started cracking down on applications that share location data with third-parties. In such cases, Apple has been removing the application in question and informing developers that their app violates two parts of the App Store Review Guidelines.

Good.

Order by: Score:
Yes, good
by wocowboy on Thu 10th May 2018 11:29 UTC
wocowboy
Member since:
2006-06-01

Android fans will label this "anti-consumer" but the exact opposite is true. Privacy and identity theft and protecting these things is not anti-consumer, it is actually about as pro-consumer as you can get. And with the news today of another Android malware threat, this step by Apple makes even more sense. I will gladly accept slightly less functionality in exchange for letting Apple do what it can to protect my identity and privacy.

Reply Score: 2

RE: Yes, good
by missingxtension on Thu 10th May 2018 12:56 UTC in reply to "Yes, good"
missingxtension Member since:
2011-01-14

I don't think you could ever spin this around. There shouldn't be any room for this problem to exist.
The problem will always be that you still need to jailbreak or root your device to be able have control of your device. Any lock that prevents users from entering, is anti consumer. Even if it's for their own good

Edited 2018-05-10 12:57 UTC

Reply Score: 2

RE[2]: Yes, good
by The123king on Thu 10th May 2018 14:46 UTC in reply to "RE: Yes, good"
The123king Member since:
2009-05-28

The majority of consumers are idiots, and don't need a system that's as open and free as Android is. As
Windows on the PC has proved, an open system just invites malware, and the average user won't know what malware is, if it's a bad thing, or how to remove it. Sure, it's nice to have an open system, but that openness should be something the power user has to unlock, rather than be default. Remember, there's more idiots than Einsteins.

Reply Score: 1

RE[3]: Yes, good
by darknexus on Thu 10th May 2018 17:04 UTC in reply to "RE[2]: Yes, good"
darknexus Member since:
2008-07-15

openness should be something the power user has to unlock, rather than be default. Remember, there's more idiots than Einsteins.


While I agree, even this wouldn't be enough. I've seen people who do use Android follow instructions on web pages on enabling side loading apps because they really thought they were going to get the newest game for free, or thought they needed that update to Adobe Flash to view that Facebook page. Even if you buried it down deep, they will find it if they think they'll get something for free.

Reply Score: 0

RE[4]: Yes, good
by WorknMan on Thu 10th May 2018 18:28 UTC in reply to "RE[3]: Yes, good"
WorknMan Member since:
2005-11-13

I've seen people who do use Android follow instructions on web pages


Sure, you can't save everyone from themselves, but an unlock switch that's hard to find unless you're looking for it will keep 95% of Joe Dumbasses out there out of trouble, vs having everything wide open out of the box.

Reply Score: 0

RE[5]: Yes, good
by darknexus on Thu 10th May 2018 19:26 UTC in reply to "RE[4]: Yes, good"
darknexus Member since:
2008-07-15

The problem I was getting at is that it's no longer hard to find, if they're being told how to do it. I don't know how you combat this issue. My first thought was an unlock code unique to each device, but then you raise a whole set of problems about who will maintain those codes and what happens if that entity goes belly up.
Personally, I wish we could solve it by being able to teach these people not to do stupid stuff. It's really amazing how they'll follow detailed instructions to the letter to get something they think they want installed, but won't follow a simple "don't click on that!". It boggles the mind.

Reply Score: 0

RE[6]: Yes, good
by WorknMan on Fri 11th May 2018 00:23 UTC in reply to "RE[5]: Yes, good"
WorknMan Member since:
2005-11-13

I don't know how you combat this issue.


Simple answer is... you don't. People are going to do what they're going to do.

Reply Score: 2

RE[7]: Yes, good
by Alfman on Fri 11th May 2018 02:42 UTC in reply to "RE[6]: Yes, good"
Alfman Member since:
2011-01-28

WorknMan,

Simple answer is... you don't. People are going to do what they're going to do.


Exactly. You can put warnings up, but if an owner insists, then they should have the prerogative to do what they want with their own devices.

Reply Score: 4

RE: Yes, good
by Alfman on Thu 10th May 2018 13:43 UTC in reply to "Yes, good"
Alfman Member since:
2011-01-28

wocowboy,

Android fans will label this "anti-consumer" but the exact opposite is true. Privacy and identity theft and protecting these things is not anti-consumer, it is actually about as pro-consumer as you can get. And with the news today of another Android malware threat, this step by Apple makes even more sense. I will gladly accept slightly less functionality in exchange for letting Apple do what it can to protect my identity and privacy.


I agree with apple'e guidelines, I think it stems from EU directives. How do you enforce it though?


https://9to5mac.com/2018/05/08/apple-location-apps-third-parties/
The app transmits user location data to third parties without explicit consent from the user and for unapproved purposes.


Apple could find out if vendors transmit location data to 3rd parties directly from the user's device, however they have absolutely no way to know if vendors are sharing/selling location data from their end. To even have a chance at catching this they'd have to setup massive sting operations where they try to buy the data themselves.

You may not use or transmit someone’s personal data without first obtaining their permission and providing access to information about how and where the data will be used.

Data collected from apps may not be used or shared with third parties for purposes unrelated to improving the user experience or software/hardware performance connected to the app’s functionality.


This last paragraph creates quite a large loophole since developers could deliberately pin some app functionality into 3rd party services (we see a lot of that happening with javascript websites such that data gets sent to 3rd parties).

Edited 2018-05-10 13:45 UTC

Reply Score: 4

RE[2]: Yes, good
by Brendan on Thu 10th May 2018 17:18 UTC in reply to "RE: Yes, good"
Brendan Member since:
2005-11-16

Hi,

I agree with apple'e guidelines, I think it stems from EU directives. How do you enforce it though?


How about; the app asks the OS for the current location and the OS checks if the user explicitly allowed the app to have the information (and maybe does a "This app wants your location [allow][deny]" dialog box, similar to how firewalls are being done in a lot of cases), and if the app isn't permitted to have location data the OS generates a random location and tells the app that instead (deliberately filling the databases of malicious pricks with misinformation). ;)

- Brendan

Reply Score: 0

RE[3]: Yes, good
by Alfman on Thu 10th May 2018 18:05 UTC in reply to "RE[2]: Yes, good"
Alfman Member since:
2011-01-28

Brendan,

How about; the app asks the OS for the current location and the OS checks if the user explicitly allowed the app to have the information (and maybe does a "This app wants your location [allow][deny]" dialog box, similar to how firewalls are being done in a lot of cases), and if the app isn't permitted to have location data the OS generates a random location and tells the app that instead (deliberately filling the databases of malicious pricks with misinformation).


You are focusing on a different aspect, recording user permissions, but what I meant was how do you prevent app developers from sharing/selling location data (which they themselves are allowed to have) with 3rd parties?


Consumers reasonably expect privacy, but most corporations feel the data they collect from us is theirs to do with as they please. As long as they hide it in the terms and conditions, they laws may actually be on their side.

The problem is more pervasive than just mobile apps as mentioned in the article. People don't realize just how badly they are being betrayed by big name companies buying & selling our private data. Consider that google is said to be purchasing 70% of US consumer credit/debit card transactions.

https://www.thepennyhoarder.com/smart-money/google-data-mining-compl...


To truly stop this across the board, better privacy laws are needed (at least in the US). Corporations have to stop getting away with implied consent via terms and conditions, if they're going to sell our data, then they must obtain a user's explicit agreement. Anything else is ethically wrong and should be illegal.

Edited 2018-05-10 18:09 UTC

Reply Score: 2

RE[4]: Yes, good
by Brendan on Thu 10th May 2018 19:38 UTC in reply to "RE[3]: Yes, good"
Brendan Member since:
2005-11-16

Hi,

To truly stop this across the board, better privacy laws are needed (at least in the US).


Yes, but that has nothing to do with Apple's guidelines.

Corporations have to stop getting away with implied consent via terms and conditions, if they're going to sell our data, then they must obtain a user's explicit agreement. Anything else is ethically wrong and should be illegal.


If the user gives explicit consent for the app to use their location data (e.g. by the user clicking on "allow" in an "This app wants your location [allow][deny]" dialog box); then that data is now owned by whoever it was given to, and whoever it was given to may do anything they like with their data. Ideally there would be laws forcing app developers to say exactly what they are going to do with the data (and this would be built into the dialog box so that user's can make an informed decision), but Apple can't make laws and Apple can't enforce laws that don't exist.

- Brendan

Reply Score: 2

RE[5]: Yes, good
by Alfman on Fri 11th May 2018 02:20 UTC in reply to "RE[4]: Yes, good"
Alfman Member since:
2011-01-28

Brendan,

Yes, but that has nothing to do with Apple's guidelines.


I didn't mean to imply otherwise.


If the user gives explicit consent for the app to use their location data (e.g. by the user clicking on "allow" in an "This app wants your location [allow][deny]" dialog box); then that data is now owned by whoever it was given to, and whoever it was given to may do anything they like with their data.


Actually I think that's antithetical to what apple is going for. An app that collects location data is NOT entitled to do anything they like with OUR data. They additionally have to act for our explicit permission if they'd like to share it with third parties.



Ideally there would be laws forcing app developers to say exactly what they are going to do with the data (and this would be built into the dialog box so that user's can make an informed decision), but Apple can't make laws and Apple can't enforce laws that don't exist.


Except that when it comes to apple's store, it doesn't need laws to enforce it's own restrictions. Apple (and google for that matter) ARE allowed to enforce their own rules.

My concern earlier wasn't about them being allowed to enforce rules, but rather the practical difficulties in enforcing them.

Edited 2018-05-11 02:27 UTC

Reply Score: 2

RE[2]: Yes, good
by wocowboy on Thu 10th May 2018 21:34 UTC in reply to "RE: Yes, good"
wocowboy Member since:
2006-06-01

Apple enforces their guidelines by monitoring the code in apps. I don't pretend to know how they do this, but I read today that after banning some apps from the App Store because they were doing things that are not allowed, those apps have been found to be back in the store after only a name change, obviously to get around the rules. Apple found out about this by looking at the code and those apps are banned again. It is difficult, and some things do slip through, but at least they are trying. I give them props for doing that.

Reply Score: 2

RE[3]: Yes, good
by Alfman on Fri 11th May 2018 02:36 UTC in reply to "RE[2]: Yes, good"
Alfman Member since:
2011-01-28

wocowboy,

Apple enforces their guidelines by monitoring the code in apps. I don't pretend to know how they do this, but I read today that after banning some apps from the App Store because they were doing things that are not allowed, those apps have been found to be back in the store after only a name change, obviously to get around the rules. Apple found out about this by looking at the code and those apps are banned again. It is difficult, and some things do slip through, but at least they are trying. I give them props for doing that.


If this is all apple does (and I make no assertions that it is), then it would be 100% ineffective against apps that sell user data from their own servers. If this is really the case, then it's a huge loophole to get around apple's guidelines, which is why I brought it up in the first place; it's good that apple took a stand on private location data, but IMHO it'll be very hard to actually enforce.

Reply Score: 3

RE[2]: Yes, good
by TheForumTroll on Sat 12th May 2018 00:23 UTC in reply to "RE: Yes, good"
TheForumTroll Member since:
2018-04-28


This last paragraph creates quite a large loophole since developers could deliberately pin some app functionality into 3rd party services (we see a lot of that happening with javascript websites such that data gets sent to 3rd parties).


If an app collects personal information you have the right (GDPR) to have it handed over and get it deleted. So if you collect it and then sell it (or collect it via a 3rd party service) you have to make that 3rd party delete it when your customer asks you to. Yes, even if they paid you for it or *you* will be fined.

Reply Score: 3

RE[3]: Yes, good
by Alfman on Sat 12th May 2018 03:43 UTC in reply to "RE[2]: Yes, good"
Alfman Member since:
2011-01-28

TheForumTroll,

If an app collects personal information you have the right (GDPR) to have it handed over and get it deleted. So if you collect it and then sell it (or collect it via a 3rd party service) you have to make that 3rd party delete it when your customer asks you to. Yes, even if they paid you for it or *you* will be fined.


That may well be true in europe. Those of us in the US have been loosing legal protections due to how extremely corrupt our politicians are.

Reply Score: 2

RE[4]: Yes, good
by zima on Sun 13th May 2018 20:20 UTC in reply to "RE[3]: Yes, good"
zima Member since:
2005-07-06

You're sure the politicians are not just reflections of the population? ;) (how many people would, given the chance to partake, say "no" to their slice of ~political pie?)

PS. BTW, offtopic: was it you fairly recently writing that you don't like the price of GPUs? ...I had a thought in half-sleep ;) that the prices are like that perhaps because they are of a now relatively niche product.

Edited 2018-05-13 20:29 UTC

Reply Score: 3

RE[5]: Yes, good
by Alfman on Mon 14th May 2018 13:44 UTC in reply to "RE[4]: Yes, good"
Alfman Member since:
2011-01-28

zima,

You're sure the politicians are not just reflections of the population? ;) (how many people would, given the chance to partake, say "no" to their slice of ~political pie?)


In the US anyways, the lower and middle classes have very little representation unfortunately. Both parties are dominated by wealthy elites with corporate ties and it generally isn't viable for people of modest means to run. We'd have better representation picking people at random, haha. Every election people demand campaign reform to fix the disparities, but corporations succeed in corrupting the political process all the time and it's quite normal for politicians to betray their constituents once elected. Not to mention maneuvers like gerrymandering, which are blatantly used to cancel people's votes up front ;)

This isn't to say a representative government would be perfect, not at all, but it would look very different than what we have today.


PS. BTW, offtopic: was it you fairly recently writing that you don't like the price of GPUs? ...I had a thought in half-sleep ;) that the prices are like that perhaps because they are of a now relatively niche product.


Well, maybe; new computers and new GPUs may becoming more niche in general. Normal people are keeping their computers for significantly longer without replacing them.

However the evidence indicates that high GPU prices today are caused by excessive demand over a prolonged period of time which has allowed both manufacturers and retailers to push the prices higher over time.

https://www.digitaltrends.com/computing/graphics-card-pricing-availa...

In other words, they are unable to manufacturer enough cards to meet the demand. What I find totally ironic is that FPGA and ASIC processors leave GPUs in the dust for mining, yet GPUs continue to be snagged from the shelves for that purpose.

The other, perhaps larger demand for GPUs is for data centers. Apparently this is infuriating GPU maker NVIDIA because their "low end" consumer grade GPUs are displacing sales of their high end server grade GPUs (which can cost $10k-20k). So much so that they decided to alter their licensing terms to ban data center applications.

https://www.digitaltrends.com/computing/nvidia-bans-consumer-gpus-in...


Realistically, that's not going to help since consumers and companies will use the hardware for whatever purposes they see fit regardless of what Nvidia wants. High GPU prices are probably going to be a sustained normal, which makes them less accessible to their originally intended demographic. ;)

I shouldn't complain though, I'm guilty of wanting them for AI & data center applications rather than gaming, haha.

Reply Score: 2

RE[6]: Yes, good
by zima on Thu 17th May 2018 23:47 UTC in reply to "RE[5]: Yes, good"
zima Member since:
2005-07-06

Not to mention maneuvers like gerrymandering, which are blatantly used to cancel people's votes up front ;)

Ehh, this practise was quite alien to my place, but currently ruling PL "Law and Justice" (yeah, right...) party is also trying a form of it (they control the national parliament so they can change rules / how areas are counted in local (majors and so on) elections) to even more consolidate their grip. And polls show that all the while they're gaining support... :/

And I take it it was you after all about price of GPUs / I haven't imagined things ;) ...now I'm only left to wonder why my half-waking mind wandered like that. ;)

Reply Score: 2

Deadline?
by asgerms on Thu 10th May 2018 16:47 UTC
asgerms
Member since:
2018-05-07

Slightly off topic, but does anybody know how much of a deadline these app developers were given before their apps were taken down? Was it like "due to GDPR you have 6 months to update" or did they simply wake up one morning with the news?

Reply Score: 2

RE: Deadline?
by daveak on Thu 10th May 2018 18:32 UTC in reply to "Deadline?"
daveak Member since:
2008-12-29

GDPR has been EU law for nearly a year now, with the caveat that it was not to be enforced until the 25th this year. There is no excuse. Chances are their actions were already illegal under existing privacy law as well, so again no excuses for the developers. There is no reason they should have been provided with any warning.

Reply Score: 3

RE[2]: Deadline?
by asgerms on Fri 11th May 2018 15:40 UTC in reply to "RE: Deadline?"
asgerms Member since:
2018-05-07

I'm sure those ~1000 pages of legislation are very black&white to you (that just wasn't my question).

Reply Score: 0

RE[3]: Deadline?
by daveak on Fri 11th May 2018 21:39 UTC in reply to "RE[2]: Deadline?"
daveak Member since:
2008-12-29

They mostly are. Most of it is what was already best practice information governance / management, or already covered in existing legislation.

Reply Score: 3

More idiots than Einsteins
by missingxtension on Fri 11th May 2018 11:12 UTC
missingxtension
Member since:
2011-01-14

I agree there's more of me, but there is no actual solution for this. So the community has a way of coming up with solutions.
It sounds like the idiots have more brain cells than Einstein.
When ios and Android were lacking a major part of what is now standard, the community was able to find a solution that was eventually incorporated upstream.
Since there are more idiots (me) than you, let's put those idiots to do the heavy work.

Reply Score: 3