Apple of course prioritizes the privacy of customer data, but a new analysis takes a look at what Apple does and doesn’t know about you.
Apple pitches itself as the most privacy-minded of the big tech companies, and indeed it goes to great lengths to collect less data than its rivals. Nonetheless, the iPhone maker will still know plenty about you if you use many of its services …
Apple is releasing a new API to allow developers to add the new sign-in function to their apps for a more convenient way of logging in using Face ID without revealing additional personal information. The new sign-in feature is coming with Apple's new operating systems this fall and will be available across macOS, iOS, and through websites.
Apple uses two main approaches to protecting your data. First, it aims to collect as little information as possible. Wherever it can, it processes sensitive data on your device, so it is never passed to Apple’s servers. Second, Apple encrypts data as standard – though to one of two different levels.
The Axios report doesn’t tell us anything new, but it does make for a good summary of what Apple does and doesn’t know about us.
Face and fingerprint data: Apple uses the Secure Enclave to store our most sensitive data: our face or fingerprint data. These would permit access to everything else, so Apple not only stores them on the device, but on a chip which cannot be directly accessed even by iOS. All iOS can do is ask the Secure Enclave for a yes or no on authentication, and that’s all the data that ever gets released from the chip.
Photos: Face-recognition in the Photos apps on Mac and iOS is also done on the device, not on Apple’s servers.
Maps: Your saved locations (like home and work) are stored on the device, and all location data that is sent to Apple servers is tied to an anonymized unique identifier, not your Apple ID.
Apple Pay: Apple doesn’t store your transaction history except for purchases from Apple.
Messages and FaceTime: Both use end-to-end encryption, which means Apple has no ability to intercept your communications, even if faced with a court order.
Encrypted, but Apple knows the key
iCloud backups: This is currently the greatest vulnerability. iCloud backups contain a copy of almost all the data on your devices, and although they are encrypted, Apple does hold the key. This means that it can disclose data to law enforcement when served with a court order, but it also leaves the data potentially vulnerable to rogue employees (though Apple likely has significant protections in place to minimize that risk).
Siri: This is encrypted in transit, but decrypted by Apple for processing. As with Maps, all your Siri data is associated with a unique identifier, not your Apple ID.
Safari bookmarks: These are encrypted but Apple knows the key. However, end-to-end encryption is used for all browser data from iOS 13 and macOS Catalina, so then Apple will have no access.
Data Apple specifically holds on you
Apple of course knows your full purchase history for all physical and digital products. In addition to hardware, this includes music, movies, books, and apps. Apple does store and process this data in order to make recommendations among other things, and Apple also has access to the billing and physical address information used for these purchases.
At 4:30 a.m., just in time for the morning news cycle on the East Coast, Cook published an open letter to Apple customers explaining why the company would be opposing the ruling, which “threatens the security of our customers.” He referenced the danger that could come from the government having too much power: “The implications of the government’s demands are chilling,” he wrote.