This information is provided by the app developer; in this case Meta are telling Apple they use your health data and Apple is merely showing that information in the App Store.

I've only ever used Android, so I'm ignorant here to how iOS operates and, to a certain extent, the rules Apple has in place around this sort of thing. I would think, though, that this sentence is key:

>The Facebook app gets around Apple privacy rules by opening web links in an in-app browser, rather than the user’s default browser, according to Wednesday’s complaint.

If FB is supposed to follow iOS settings by opening links in the default browser set by the user, but is intentionally not doing that here so that they can maximize the data they collect, then yeah they'd be breaking rules.

I thought the point was more that until now, app developers have been able to keep how they use data quiet, and that Apple is forcing them to reveal what they do.

That's not really the case, the data is just in a format that people can't be bothered to read (Privacy Notice).

I think that Apple's format is better in some ways, but not others.

There are a lot of possible types of data, but they can each appear in multiple categories. Developers can't justify why they use data in a privacy label, so it's difficult for people to tell exactly how the data collection would affect them (if at all), and whether it's justified or not.

No lots of people realized them, and lots of people have been talking about them for years just no one really payed attention until now.

When you install FB or any other app you get a nice list of things the App is allowed to do, if you do not want the app to do those things you should not install the app.

The problem is most people simply ignore this list and click "install" with out questioning why a Flashlight app would need access to your call history...

With Android the user is in control, Some/Most people can not handle that responsibility.

For a person that is concerned about privacy, Using facebook at all seems counter intuitive...

For me while I do supports Apple's take on user privacy, I do not support their Business Practices of being rabidly anti-repair, anti-ownership, and anti-consumer. It is my device not Apple's, the the fact that Apple wants completely control over a device have I bought from them for about $1,000 is a non-starter for me, I can control my privacy in other ways I do not need my phone OS to do that for me.

Donkeyd, I find the privacy cards in the iOS app store to be an unreliable source. I will read the relevant privacy policy stating 'data not collected' to mean anything but. Do you know if the card self-reporting?

Good alliteration.

Apple doesn’t enforce what the app does with app data. Apple makes sure that if the app uses a platform API that is sensitive, it gets your opt-in (or prohibits the use of the API altogether). Apple makes sure that the app publishes a privacy nutrition label. But what the app does inside with whatever data you choose to give it, that’s up to the app.

If you voluntarily choose to give data to the app, what the app does with it is your problem. Apple just tries to make sure the app can’t take data that you haven’t chosen to give it.

Think of the new privacy controls: Facebook doesn't like them. So they open their own iOS store, circumventing all Apple rules concerning privacy labels and do not track status.

Apple are the first to actually do this properly by cross-app tracking, forcing developers to outline data collection statements, and providing clearer sharing acceptance pages.

> Once BigTech has your data, they can do anything with it in the future (despite what they say today) because of the lack of appropriate law and regulation to prevent this.

This is entirely incorrect. HIPPAA and GDPR are very clear about PII health data, and a large corporate like Apple will be fined through the teeth violating it. Changes to the PP are communicated, and allow the user to opt out by discontinuing the service. Sure they’re sometimes opaque, but Apple has built a reputation on responsible data policies, which are frequently contrasted with those of other big tech data factories like Facebook and Google.

Apple says a lot of things. Just like FB said that they were being responsible with our data. I'm asking Apple to show me what they are doing with my data. If they've been designing their systems properly, this should be simple to do.

> Nearly every service is optional, with the exception of getting OS updates and using the App Store for third-party apps.

But there's still a lot of data that goes back to Apple, which doesn't have to go through them at all.

> Reasonable people can believe that they do show you how your data is stored, so it's important to be more specific about what you're getting at.

But AFAIK, they don't show. They only tell. And I think reasonable people would be distrustful of Marketing-Speak.

> They refuse to allow you to control your data in arbitrary ways.

It doesn't matter how they refuse to allow me to control my data, it matters that they allow me to control my data.

> Reasonable people can believe that they allow you to control your own data if you want to.

But those reasonable people would be factually wrong. It's a fact that their products refuse to decouple themselves from Apple's servers.

> it's important to be more specific about what you're getting at.

Any data. Updates, documents, telemetry data, logs, etc.

I believe that reasonable people would look at what Apple says, then seeing that their actions don't follow, would distrust them. If Apple is spending a lot of effort protecting my data, then why do they work so hard to hide that away from me. To me, that seems like it could have huge marketing potential.

Sure, information is dangerous, so Apple needs to keep the users uninformed.

Don't you see that this information can affect Apple\s profits and they hide it for that reason not to protect anyone? Their App Sore is filled with stuff that is not good for the users but if that makes money for Apple then it is allowed, including those shitty mobile games.

When Apple protects users only when they make money from it then some semi intelligent person would manage to figure out the truth.

I do. And I also realize how much worse it'd be if Apple didn't gate user data behind OS-level user consent dialogs.

This is incredibly draconian.

I know it's Apple's platform but when ¼ of Earth uses that platform, letting one company have that much power and control seems dangerous.

> Because these privacy violations are happening despite their locked down App Store.

That’s an obviously false comparison. You are comparing against a perfect world, not against the real world.

A valid comparison is against what privacy violations would be happening without the App Store.

As a simple example, we know for certain that Facebook would be a doing a lot more tracking without the App Store, because they have told us in public that they would.

Therefore the App Store is in fact protecting users against large categories of privacy concerns, and this easily corrected hole doesn’t change that.

Key point: Apple isn’t Facebook, and Apple has made it a key of their marketing that they are protecting their user’s privacy. This isn’t a fact that you can gloss over as if they are equivalent companies seeking only profit. Notably, if Apple ceases to protect my privacy, I can move to another platform (one that won’t protect it either, but what can you do?).

How is this leverage at all? Apple doesn't have my health data. I have a device produced by Apple that allows me to store and share health data conveniently. The state has the unilateral authority to use violence against me. I have very very little leverage on the state vs a company that sells me a glorified filing cabinet.

> The point of gathering all the health data is that it's valuable to provide your health information to other businesses. . . They'll provide an API for third parties to make business decisions about your individual health. There is no way to do this is a privacy-preserving way.

The point is that's valuable to me, the person who the data is about. Apple already has a. privacy preserving model all they to do is follow their current model. Collect all that data for me, the person who the data is about, store it on my device, and allow me, the owner of said data to provide it to whoever I see fit. This allows me to get the best of all worlds. I have this amazing resource that tracks my activity, diet and environmental exposures and various clinical health metrics across many different information streams. If I want to share my workout routine with my insurance company to get a discount I can decide to do that, if I want to show only my doctor i can pull it up during a visit and show him. If I want to share my Xrays or medications with my personal trainer I can likewise make that decision. There is no reason for me to think that Apple will implement an API here for mass data exports because there is no reason too, I can send the data on a case by case basis. And if Apple changes their privacy policy, which I honestly find unlikely, I can delete and walk away.

I think it's pretty clear that they are discussing an App Store policy, not analytics collected by their app.

It's just both a grave security mistake and a breach of trust to treat Facebook preferentially without letting the user know.

To me, it's indistinguishable from cynically handing over the user to Facebook.

Apple isn't "creating" an enemy here. They aren't running full page advertising against Facebook. Apple is making it so users have to give permission before companies can utilize an API. Just giving that one power to end users has apparently scared the hell out of Facebook.

> ...why would Apple allow Facebook in their App Store and take 30% of the generated revenue?

Apple doesn't get 30% of Facebook's generated revenue. It gets 30% of sales and in-app purchases. Facebook doesn't use either as far as I know.

> If anything, the App Store made Facebook more popular than ever, so it's a "monster" that Apple helped create.

If they had perfect foreknowledge, Apple would likely have done this from the start. Steve Jobs made it very clear at the time that Apple itself should ask permission before collecting information every time. If they'd foreseen influential companies like Facebook creating APIs which were widely spread through the App Store, they'd have likely closed this door a long time ago.

Yes, as long as you are acting under an ID that is tied to your own name, then forget about privacy.

The payment system itself has the same problem, but at least they don't fling private information back at me in unexpected moments, and the information they have is usually limited, and banks are (somehow) held to higher privacy standards.