Curated app stores and platforms are a driving force in the growth of the app economy and offer unique benefits for consumers and small business app developers alike. ACT | The App Association detailed many of the economic and competitive benefits of platforms in our white papers and past blog posts. But how do platforms manage data and ensure user privacy? This post is the first in a series on how various platforms handle consumer data privacy.
With Apple’s Vice President of Software Technology Bud Tribble testifying in this week’s Senate Commerce hearing on consumer privacy, we begin with the steps iOS takes to ensure consumer privacy. Apple developed iOS with a unique set of tools for consumers to make informed decisions about sharing their personal information, along with clear guidelines for third parties on privacy. We’ve highlighted some of these tools below.
Data Management in iOS
iOS is an operating system that includes data management infrastructure for users and app makers. iOS maintains data in five categories:
1. iOS uses the Secure Enclave of the device to store highly sensitive biometric data such as fingerprint and facial information. iOS uses this data to help the user conveniently lock and unlock the phone. Apple notes Touch ID doesn’t store any images of your fingerprint, and instead uses a mathematical representation of the fingerprint. It also prevents access to the data for any other purpose.
2. iOS uses end-to-end encryption to share highly sensitive data with other devices. This means that only the devices that share a secret have access to this data, and to anyone else the data will appear as opaque and meaningless, regardless of whether it is in transit or temporarily stored in the cloud. Examples of this type of data include HealthKit data, communications via FaceTime and Messages, and password information stored in the Keychain.
3. iOS can store and synchronize data between a user’s devices using iCloud, both for its own built-in apps and for apps from the App Store. iOS does not permit access to data between different users or apps from different vendors without explicit permission from the user.
4. iOS prompts the user for just-in-time permission before giving apps access to personal storage or sensors that reveal private information about the user, such as the user’s location, a photo library, the camera, or the microphone.
5. iOS allows app makers to use third-party cloud services to maintain their data, as long as their methods comply with the App Store Review Guidelines, which are designed to protect and maintain user privacy. On the device, iOS only permits app makers to access the data stored by their own apps.
Apple’s Data Management
Like any other company, Apple also manages information about its customers and potential customers, for the purpose of promoting its products and services. For example, Apple will periodically email customers new product announcements and special offers.
As apps continue to transform the way we live, work, and play, consumers must feel secure with whom they entrust their information. Platforms play a critical role in facilitating consumer trust with third parties and will continue to create new tools to keep their data safe.