With every iPhone, iPad and iPod comes a set of densely worded documents informing you that by using these gadgets you’re giving up a ton of highly sensitive information. It’s perfectly legal for Apple to gobble up all this personal data because you’ve basically said it’s allowed to do so. Worse, you might not even realize that you have. That’s because most of us read the terms and conditions like this:
Here are five private things we’re surrendering to Apple or, at times, to third-party developers — just by using our iPhones normally:
Whenever you talk to Siri, some Apple-employed third party might eventually hear you, too. The point is to “understand you better and recognize what you say,” according to the software license agreement.
Siri (and your phone’s dictation feature) also lets Apple use and share “other information” with its “subsidiaries and agents.” That “other” stuff is partly defined as your name and nickname; the names, nicknames and relationships of your address book contacts; songs you listen to; and the location of your device when you make requests. The subsidiaries and agents — along with other groups named in the agreement, like “licensees” and “partners” — remain undefined but could encompass thousands of individual people, Ryan Calo, an assistant professor at the University of Washington School of Law, told HuffPost.
The present focus of the effort to gather location data seems to be helping Siri become a better virtual assistant, Lior Strahilevitz, a professor at the University of Chicago Law School, told HuffPost in an email. He noted that if Apple were to tweak some of the language in the software license agreement, it would be able to do “disturbing things” with data from Siri, particularly if it started tying people’s names with a history of things they’ve said to their devices.
“Non-personal” information, on the other hand, is a broader array of stuff Apple might share with third parties. But it includes some fairly personal things, such as a user’s occupation, zip code and the location where the device is used. It’s called “non-personal” because it “does not, on its own, permit direct association with any specific individual.”
However, it’s certainly possible to unravel the nameless datasets to create dossiers for real people — the “who, when and where,” Pitts explained. For example, when AOL (parent company of The Huffington Post since 2011) released search history data back in 2006, it was surprisingly easy for New York Times journalists to identify one user, number 4417749, as Thelma Arnold of Lilburn, Georgia. Certain data brokers, too, specialize in piecing together information from different sources into a coherent whole, painting a picture of an individual.
Any “service” — however you want to define it — that uses your phone’s location can collect your location data to “provide and improve such products and services.” Since we carry our phones pretty much everywhere, our whole day potentially could be mapped out. Our location searches (in a map app, for example) are gathered, too.
Apple states, however, that location information isn’t collected in a way that ties it to individual users. It might not have your name attached, but it still might be possible to combine with other data for a fuller picture of who you are.
Apple devices can also track where users purchase and use apps. We’re not really sure why it’s necessary, but if an app is able to use your location, it can send information about where you use the app to Apple and “partners, licensees and third party developers.”
Any app that uses location data may also collect your “road travel speed information.” That’s most likely useful for apps that give us traffic information, Strahilevitz told HuffPost.
There has been at least one instance of speed information making its way into the hands of law enforcement. TomTom, makers of mobile navigation tools, apologized to customers in 2011 after it was revealed that the company had sold traffic data to police in the Netherlands. The police had used it to set speed traps.
In order to make sure iMessages are properly delivered, Apple stores them in an encrypted form “for a limited period of time,” which it doesn’t define. But holding onto that data at all involves a bit of risk, Strahilevitz explained, since it could become a target for hackers — although encryption makes that task significantly more difficult.
One thing Apple doesn’t store is FaceTime data, which would be a huge and expensive storage undertaking.
Apple’s iOS software license agreement states very broadly that using its software “in connection with an Apple ID, or other Apple Service, you agree to the applicable terms of service for that Service.” So you accept iTunes’ latest terms and conditions by using it on your device.
But there might be more to this condition, as Strahilevitz helped us clarify. Downloading an app with your Apple ID could mean you’ve automatically accepted that app’s terms and conditions, too. But it’s tough to tell when and if this kind of thing is happening.
“It really comes down to incentives,” Calo said. “And whether you trust the company.”
Apple has said that it’s not in the business of selling its customers’ data to advertisers. Unlike Google and Facebook, the company profits most by selling its ubiquitous iDevices, and some of its terms specify that user data is collected to figure out what is and isn’t working, which is supposed to help Apple improve products like Siri. Pitts made a point to tell HuffPost that Apple has shown how it takes data security seriously, particularly by using encryption to secure data.
However, data brokers — the companies that make millions by collecting, sorting and selling profiles on consumers — are thriving, thanks to the information that gadget owners allow them to collect, sort and sell. After you’ve agreed to hand over a bunch of private data to Apple, you’re free to turn on your iPhone and browse the web or download a bunch of fun apps — and the whole time you’re being monitored by other companies interested in gleaning information of their own.
“[Consumers use and] talk to their phones as if it’s their best friend, and they don’t realize it’s going into a voracious, hungry data vacuum,” Pitts told HuffPost.
Data brokers can compile information on an individual’s religion, ethnicity, political affiliation, usernames, income and family medical history, among other things, according to a 2014 CBS News investigation. One major player in the consumer data industry, Acxiom, claims it has 1,500 pieces of information on a majority of American adults.
Individuals, however, hold a surprising amount of power over tech giants, Strahilevitz said. Good companies take notice when their customers aren’t happy about products, services or even privacy policies.
“When large numbers of consumers become upset about a company tactic,” Strahilevitz said, “the company often reverses course.”