Starting today, apps in the Mac and iOS App Stores will display mandatory labels that provide a rundown of their privacy policies. Think of it as a sort of “nutrition facts” for apps. It’s Apple’s most visible move yet to give you easily digestible details about what data every app collects and has access to—and what they do with it.
The idea of developing privacy or security breakdown labels for laypeople isn’t new. In the early 2010s, academic researchers had already developed mobile app privacy label prototypes. More recently, countries like Finland, Singapore, and the United Kingdom have started pushing security-focused labels for Internet of Things products. But Apple is seemingly the first global tech giant to embrace and promote the tactic so extensively.
“Apple’s approach looks very promising, but it’s unclear how much user testing went into it,” says Lorrie Cranor, director of Carnegie Mellon’s usable privacy and security lab. “As it rolls out with real apps and real users it will be interesting to see what works and what doesn’t—whether developers understand how to accurately complete the information, whether they actually tell the truth, and whether consumers understand what this means are all open questions.”
The labels have three categories: “Data Used to Track You,” “Data Linked to You,” and “Data Not Linked to You,” with bullet points for each detailing what the app has going on under the hood. A label might reveal that an app wants to collect your location data, financial details, and contact information, and links all of that to an in-service account or identifiers like your device’s ID number. The label might also show that the app goes a step farther and shares that information with other companies to track you across their websites and services as well.
Many apps that have already submitted information will have their labels go live today, but it will take some time before they become universal. The privacy details are only mandatory once a developer submits a new app or an update to Apple for review, and many apps have infrequent update cycles. Apple says, though, that some developers have proactively added the information anyway, perhaps to avoid the appearance of withholding something.
In the reality of today’s app landscape, it’s difficult to find mainstream software that doesn’t do at least some linking and tracking. The privacy labels will help drive that point home, but that pervasiveness might also make it hard to find something actionable in the information. And while providing data for the labels is now mandatory in the iOS and macOS App Stores, it’s also the developer’s job to provide factual information and revise it over time.