



Everyone knows that apps collect data. However, one of the few ways to find out how the app processes our information is to read our privacy policy.

Let’s do the truth: No one does it.

As a result, at the end of last year, Apple introduced new requirements for all software developers who publish their apps through the App Store. Your app should include a so-called privacy label that lists the types of data collected in an easy-to-scan format. The label resembles a nutrition marker on food packaging.

These labels, which began appearing on the App Store in December, are the latest attempt by tech designers to make data security easier for all of us to understand. You may be familiar with previous iterations, such as the padlock symbol in your web browser. A locked padlock indicates that the website is trusted, and an unlocked padlock indicates that the website may be malicious.

The question is whether Apple’s new label will influence people’s choices. After they read or see it, does it change the way they use the app or stop them from downloading the app? Stephanie Nguyen, a research scientist who studied user experience design and data privacy, asked.

To test the label, I looked at dozens of apps. Next, we focused on the messaging apps WhatsApp and Signal, the streaming music apps Spotify and Apple Music, and the privacy label of the app MyQ, which is used to remotely open the garage door for fun.

I learned a lot. Privacy labels indicate that apps that look similar in functionality can process information significantly differently. I have also found that a lot of data collection is done when you don’t expect it the most, including the internal products you pay for.

However, the labels often shone, but sometimes caused more confusion.

How to read the apple privacy label

To find the new label, iPhone and iPad users using the latest operating systems (iOS and iPadOS 14.3) can open the App Store and search for apps. Look for app privacy in the app description. This is where the labeled box will appear.

Apple divides privacy labels into three categories, giving you a complete picture of the type of information your app collects. they are:

The data used to track you. This information is used to track activity across apps and websites. For example, your email address can help identify that you are also using another app that entered the same email address.

Data linked to you: This information is associated with your identity, such as purchase history and contact information. Using this data, the music app can verify that your account has purchased a particular song.

Data not linked to you: This information is not directly tied to you or your account. For example, a mapping app may collect data from a motion sensor and provide turn-by-turn navigation to everyone. It does not store that information in your account.

Next, let’s see what these labels reveal about a particular app.

WhatsApp and Signal

At first glance, Facebook-owned WhatsApp looks much like Signal. Both provide encrypted messaging and scramble the message so that only the recipient can decrypt it. Both rely on your phone number to create an account and receive messages.

But their privacy labels quickly reveal how different they are internally. Bottom left is WhatsApp’s privacy label. The right side is for Signal:

The label quickly revealed that WhatsApp uses far more data than Signal. When I asked the company about this, Signal said it sought to get less information.

For group chats, the WhatsApp privacy label indicated that the app could access user content such as group chat names and group profile photos. Signal, which does not do this, said it has designed a complex group chat system that encrypts the content of conversations, including those who are in the chat and their avatars.

For people’s contacts, the WhatsApp privacy label indicated that the app could access the contact list. There is no signal. WhatsApp gives you the option to upload your address book to your company’s servers to help you find friends and family who are using the app. However, in Signal, the contact list is stored on the phone and the company can’t tap it.

Signal founder Moxie Marlinspike said it can be more difficult not to collect data. We’ve spent more time designing and building inaccessible technologies.

A WhatsApp spokeswoman referred to the company’s website that describes privacy labels. According to the website, WhatsApp can access user content to prevent abuse and ban people who may have violated the law.

When you don’t expect it the most

Next, I scrutinized the seemingly harmless app’s privacy label. This is Chamberlain’s MyQ, which sells garage door opening and closing devices. The MyQ app works with a $ 40 hub that connects to a Wi-Fi router, allowing you to remotely open and close garage doors.

Here’s what the label says about the data collected by the app: Warning: That long.

Why does the product I paid to open the garage door track my name, email address, device ID, and usage data?

Answer: For advertising.

Elizabeth Linde Marder, who oversees Chamberlain Group’s connected devices, said the company collected data to target people with ads across the web. Chamberlain also has partnerships with other companies such as Amazon, and when people choose to use the service, the data is shared with their partners.

In this case, Label succeeded in stopping me and thinking: Yeah. Maybe switch to an old garage remote control that is not connected to the internet.

Spotify and Apple Music

Finally, we compared the privacy labels of two streaming music apps, Spotify and Apple Music. This experiment unfortunately took me to a confused rabbit hole.

Look at the label. The bottom left is for Spotify. The right side is for Apple Music.

These are just previews and will look different from the other labels featured in this article. The Spotifys label was too long to display in full. We also dug into the labels and found that both contained confusing and misleading terms that couldn’t immediately connect the point to the intended use of the data.

One of the jargon of the Spotifys label is to collect people’s rough spots for advertising. What do you mean?

Spotify said this applies to people with free accounts who receive ads. The app gets device information to get an approximate location and allows you to play ads related to where those users are. However, most people are unlikely to read the label and understand this.

Apple Music’s privacy label suggested linking data for advertising purposes even if the app doesn’t show or play ads. I only learned on Apple’s website that Apple Music could see what you were listening to and provide information about upcoming releases and new artists related to your interests.

Privacy labels are especially confusing when it comes to Apple’s own apps. This is because some Apple apps appeared in the App Store with a privacy label, while others didn’t.

According to Apple, you can find apps with a privacy label by removing only some apps such as FaceTime, Mail, and Apple Maps and downloading them back to the App Store. However, the Phone app and Messages app cannot be removed from the device, so there is no privacy label on the App Store. Instead, the privacy labels for these apps can be found in the hard-to-find support documentation.

As a result, Apple app data practices are less prepaid. If Apple wants to lead privacy conversations, it can give a better example by making the language clearer and less self-serving in its labeling program. When asked why not all apps should keep the same standards, Apple wasn’t addressing this issue anymore.

Researcher Nguyen said a lot must happen for a privacy label to be successful. Besides changes in behavior, she said companies need to be honest about data collection. Most importantly, people must be able to understand the information.

I can’t imagine my mother stopping looking at the label and saying, “Let’s look at the data that is linked to me and the data that is not linked to me.” What does that mean?

