Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> “Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity,”

Every big app collects analytics without such disclosure (and definitely no visual indicator). I honestly can't think of a counterexample.

If Apple's declaration is taken literally, this will have massive fallout on the analytics ecosystem.



> If Apple's declaration is taken literally, this will have massive fallout on the analytics ecosystem.

Good. I don't know when it became OK to log just about everything a user does in your app (or operating system, in the case of Windows 10) "just in case". It's creepy, often unnecessary, and prioritizes the convenience of the developer over the user's right to privacy.


Especially since software UX has not become significantly better as a result.


Exactly. Only "conversion".


I wonder whether UX monetization has or whether the analytics haven't had any effect at all.


You didn't pay attention to the key part "to a third party". Most of the larger companies don't use third party logging software, AFAIK.


That's not true. Most companies offload analytics to a third party such as Google Analytics or Mixpanel.


Indeed, there are only a handful of analytics frameworks that control the bulk of marketshare, Google being the largest. Just banning the frameworks entirely would fix the problem for a vast majority of apps.


Sounds like a great opportunity for someone to sell some old-fashioned on premise software.


On-premise is not old fashioned. It is indeed a requirement in several countries, for many domains including finance, banking, healthcare, telco and such. When you include PII in your analytics service, it has to be taken care of explicitly. There are indeed a few on-premise mobile / web analytics platforms for product analytics purposes that you can deploy on your own servers and retain your users' data with your own rules with no dependence on 3rd parties (disclaimer: I am cofounder of Countly).


Just some minor pedantry - that should be on premises. Although it's pretty commonly misused, technically premises should always be plural when referring to a property/residence/place of business, and premise (as a noun) only means "a previous statement or proposition from which another is inferred or follows as a conclusion."


Already exists, it's called Matomo and it is awesome.


Neither of which show the passwords or credit cards users enter into input boxes, or replay the entire session and every single thing the user does in-app, like the software in question does. Did you read the original article on the software being used here? It's not analytics in the sense like the companies you mentioned are providing. https://techcrunch.com/2019/02/06/iphone-session-replay-scre...


Ohh, I wonder if this is related to why Apple is doing this. It benefits the end user but also punishes app developers who rely on Google.


> It benefits the end user

There's your reason.


How funny that "benefits end user" and "punishes ... Google" are in the same sentence in such a nonchalant way.


Dropping all analytics and crash reporting hurts the product and by extension the user.


Apple aggregates and sends crash reports if users choose to share them with app developers.


Now you may ask yourself why some do not see that as enough to fix bugs in a timely manner.


The second of the two quoted sentences doesn't include that qualification. Does apple view it as implied by the previous sentence? Quite possibly, but both viewpoints are arguable.


The first party already has your data under their own privacy policy. But users aren’t necessarily agreeing to the privacy policies of third parties when they use an app.


There is a pretty significant difference between recording users' activities at an abstract, aggregate level (e.g, to measure DAU and user retention, or to track how many users use a feature or complete a funnel), and recording the activities of individual users at the highly specific level used by Glassbox. I suspect that Apple's statement is meant to target the latter, not all analytics as a whole.


There's a fair number of vendors that "record" web sessions too. Not via a screenshot, but the difference isn't much to a lay person. They track mouse movements, key up/down, etc. Enough to credibly recreate a "video" of sorts. Apple would have a harder time banning that.


> Apple would have a harder time banning that.

Well, obviously Apple cannot ban what is outside of its walled garden.


I'm not sure about that. They certainly control which browser apis they choose to support.

And it seems like those that support web applications getting closer to native apps functionality are the ones they lag on.


I agree, which is why the exact verbiage on Apple's end is important.


Not every big app. Every app.

It can often be difficult to determine root cause of an issue when you are just given a stack trace. I suspect we will soon see two patterns arise: (1) Popups when the app launches to get consent and (2) Screen recording that still happens but only phones home if an exception occurs and where they get consent at that point.

And what does this mean for core metrics like Google Analytics ?


I have published several apps on the App Store and none of them make use of any analytics or screen recording or any telemetry, really. So your statement "every app" is categorically wrong as far as I can understand it.


What kind of metrics can you get from Apple. Clearly number of downloads, but how about things like Daily Active Users?


And if your app has any kind of online component, there's probably an HTTP request hitting your server whenever the user launches the app. So even without explicit telemetry in the app, you can easily get decent data from your web server's logs.


Quite a bit, actually: daily active users, retention rates by day, sessions are among the things you can view.



I sincerely doubt Google would send ANYTHING to a third party unless it really had to.

That being said I think this is a good compromise and I hope Apple applies this to all vendors.

I think the biggest winner here if I read this correctly is AWS and other cloud providers. The most straightforward way for someone like mouseflow to comply is to separate each customer to its own instance in a way that mouseflow has no access to user data.


> I sincerely doubt Google would send ANYTHING to a third party unless it really had to.

In this context, Google is the third party. Plenty of apps use the Google Analytics SDK[1], or the newer GA Firebase SDK[2] for their analytics.

[1] https://developers.google.com/analytics/devguides/collection...

[2] https://firebase.google.com/docs/analytics/ios/start


Huh? Google’s entire revenue model is based on advertising.

Of course they send your info to a “third-party,” that party being the advertiser(s).


Google doesn't have to send your data to a third party to get advertising revenue.

The advertiser creates and advertisement and passes it to Google with a selector, "We want to show this advertisement to men over the age of 35 in Milwaukee" and a price/click.

When someone who fits the selector arrives, the advertisement enters into Google's auction.

If it wins the auction, it's rendered to the customer.

Google doesn't say "Here's the list of our customers, and who they are, let me know who you want to send ads to".

https://support.google.com/google-ads/answer/1704368?hl=en


Googlers will insist that they don't "send" your info to the advertisers, they only let advertisers buy ads based on that info.


I'm a non-Googler who has spent a lot of time around media analytics, and I'll make the same insistence that that is a true and important statement.

Google is a one way mirror. They will suck in as much data as you want to give them about people, but it's virtually impossible to pry any info out of Google that's at an individual and identifiable level. Only aggregated performance information is exposed to advertisers, and the ability to mix and match targeting criteria based off of those dimensions that they expose.

Even with their enterprise marketing products like DoubleClick you can't pry out individual-level data. DoubleClick customers used to be able to export an anonymous ID, so they could use independent third-parties to consolidate conversion and impression data and measure attribution across complex marketing campaigns. But even that isn't possible anymore, due to GDPR concerns[1].

The closest they now get to "sharing" user data is Ads Data Hub[2]. And by sharing, I mean they expect you to share all of your data from outside of Google, which Google will then connect to their data and allow you the privilege of running aggregated queries. But they actually keep their side of the data firewalled off, and it's not human readable or accessible at the row level, only in rollup queries.

In the ad world, I can assure you they are far more protective of user data than most anyone else. The size, effectiveness, and dominance of their marketing channels afford them the ability to take that position without it materially impacting advertiser spending. Very few advertisers take such active measures to insulate exposure of user data from advertisers. And for many that do invest resources in such endeavors, it doesn't mean that they don't provide user data to advertisers. It just means that they don't provide it for free anymore.

[1] https://adage.com/article/digital/google-s-move-remove-doubl...

[2] https://developers.google.com/ads-data-hub/


Sorry, I should have phrased that differently. I'm not doubting the factual accuracy of your account. I guess I'm not sure why this is supposed to be reassuring?

Oh, don't worry, only the most data-hungry machine ever built has your data.


Ha! I completely understand and agree with that viewpoint.

It's only mildly reassuring to me relative to how loose I know most providers are with leaking user data. And because, having interacted with it from the advertiser side, I can tell that they not only recognize the long term value in protecting user data, but that they also invest the resources to design their systems and processes with that fundamental premise in mind.

Conversely, I also recognize just how much they do know about me, and just how privileged of a position they're able to take due to their market-dictating scale. The thought of their growth ever stalling terrifies me, since it can give them cause to re-evaluate that fundamental premise if they ever need to shore up their numbers.


I see, and stand corrected. Must presume this is as long as they never get desperate (a la Yahoo).


Pretty much. Here's to hoping for a long and profitable future for Google on it's current path. Because the alternative is too terrifying to contemplate.


The alternative is inevitable. No company lasts forever.


Well maybe it will help OPEN SOURCE technologies like Matomo spring up and you can, I don't know, OWN YOUR OWN DATA and pay for your own hosting.


We got a 24 hour mandate to upload a tracking free version. Fuck you Apple. "Your lack of preparedness is not my emergency."

My European dev team is now up at almost 1am on Saturday putting in a fix for this.

Unless Apple themselves is going to provide tools to help make better, crash-free software, these are necessary third party tools.


And likewise big chunk of cybersecurity.


Yea Apple needs to clarify what is allowed and what is not. Keeping track of user clicks is pretty much industry standard.


I believe Apple just used their weight to declare that industry standard is, as we already know, anti-customer and anti-privacy. I suspect they’ve realized that beyond the iPhone and iPad, their biggest advantage is that they have history of respecting user privacy. Leaning into that when companies like Google literally can’t because spying on people is the core business model, is pretty smart.


I’ve seen them in action, these frameworks do way more. They record touches, delays between touches, sensor info, key logs, including mistypes. Watching the playback of the collected data against the backdrop of the app is like watching a remote desktop session.


> Yea Apple needs to clarify what is allowed and what is not.

Apple explicitly does not do this, because they know that they'll draw a line and two months later someone will try to get through on a technicality.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: