> “Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity,”
Every big app collects analytics without such disclosure (and definitely no visual indicator). I honestly can't think of a counterexample.
If Apple's declaration is taken literally, this will have massive fallout on the analytics ecosystem.
> If Apple's declaration is taken literally, this will have massive fallout on the analytics ecosystem.
Good. I don't know when it became OK to log just about everything a user does in your app (or operating system, in the case of Windows 10) "just in case". It's creepy, often unnecessary, and prioritizes the convenience of the developer over the user's right to privacy.
Indeed, there are only a handful of analytics frameworks that control the bulk of marketshare, Google being the largest. Just banning the frameworks entirely would fix the problem for a vast majority of apps.
On-premise is not old fashioned. It is indeed a requirement in several countries, for many domains including finance, banking, healthcare, telco and such. When you include PII in your analytics service, it has to be taken care of explicitly. There are indeed a few on-premise mobile / web analytics platforms for product analytics purposes that you can deploy on your own servers and retain your users' data with your own rules with no dependence on 3rd parties (disclaimer: I am cofounder of Countly).
Just some minor pedantry - that should be on premises. Although it's pretty commonly misused, technically premises should always be plural when referring to a property/residence/place of business, and premise (as a noun) only means "a previous statement or proposition from which another is inferred or follows as a conclusion."
Neither of which show the passwords or credit cards users enter into input boxes, or replay the entire session and every single thing the user does in-app, like the software in question does. Did you read the original article on the software being used here? It's not analytics in the sense like the companies you mentioned are providing. https://techcrunch.com/2019/02/06/iphone-session-replay-scre...
The second of the two quoted sentences doesn't include that qualification. Does apple view it as implied by the previous sentence? Quite possibly, but both viewpoints are arguable.
The first party already has your data under their own privacy policy. But users aren’t necessarily agreeing to the privacy policies of third parties when they use an app.
There is a pretty significant difference between recording users' activities at an abstract, aggregate level (e.g, to measure DAU and user retention, or to track how many users use a feature or complete a funnel), and recording the activities of individual users at the highly specific level used by Glassbox. I suspect that Apple's statement is meant to target the latter, not all analytics as a whole.
There's a fair number of vendors that "record" web sessions too. Not via a screenshot, but the difference isn't much to a lay person. They track mouse movements, key up/down, etc. Enough to credibly recreate a "video" of sorts. Apple would have a harder time banning that.
It can often be difficult to determine root cause of an issue when you are just given a stack trace. I suspect we will soon see two patterns arise: (1) Popups when the app launches to get consent and (2) Screen recording that still happens but only phones home if an exception occurs and where they get consent at that point.
And what does this mean for core metrics like Google Analytics ?
I have published several apps on the App Store and none of them make use of any analytics or screen recording or any telemetry, really. So your statement "every app" is categorically wrong as far as I can understand it.
And if your app has any kind of online component, there's probably an HTTP request hitting your server whenever the user launches the app. So even without explicit telemetry in the app, you can easily get decent data from your web server's logs.
I sincerely doubt Google would send ANYTHING to a third party unless it really had to.
That being said I think this is a good compromise and I hope Apple applies this to all vendors.
I think the biggest winner here if I read this correctly is AWS and other cloud providers. The most straightforward way for someone like mouseflow to comply is to separate each customer to its own instance in a way that mouseflow has no access to user data.
Google doesn't have to send your data to a third party to get advertising revenue.
The advertiser creates and advertisement and passes it to Google with a selector, "We want to show this advertisement to men over the age of 35 in Milwaukee" and a price/click.
When someone who fits the selector arrives, the advertisement enters into Google's auction.
If it wins the auction, it's rendered to the customer.
Google doesn't say "Here's the list of our customers, and who they are, let me know who you want to send ads to".
I'm a non-Googler who has spent a lot of time around media analytics, and I'll make the same insistence that that is a true and important statement.
Google is a one way mirror. They will suck in as much data as you want to give them about people, but it's virtually impossible to pry any info out of Google that's at an individual and identifiable level. Only aggregated performance information is exposed to advertisers, and the ability to mix and match targeting criteria based off of those dimensions that they expose.
Even with their enterprise marketing products like DoubleClick you can't pry out individual-level data. DoubleClick customers used to be able to export an anonymous ID, so they could use independent third-parties to consolidate conversion and impression data and measure attribution across complex marketing campaigns. But even that isn't possible anymore, due to GDPR concerns[1].
The closest they now get to "sharing" user data is Ads Data Hub[2]. And by sharing, I mean they expect you to share all of your data from outside of Google, which Google will then connect to their data and allow you the privilege of running aggregated queries. But they actually keep their side of the data firewalled off, and it's not human readable or accessible at the row level, only in rollup queries.
In the ad world, I can assure you they are far more protective of user data than most anyone else. The size, effectiveness, and dominance of their marketing channels afford them the ability to take that position without it materially impacting advertiser spending. Very few advertisers take such active measures to insulate exposure of user data from advertisers. And for many that do invest resources in such endeavors, it doesn't mean that they don't provide user data to advertisers. It just means that they don't provide it for free anymore.
Sorry, I should have phrased that differently. I'm not doubting the factual accuracy of your account. I guess I'm not sure why this is supposed to be reassuring?
Oh, don't worry, only the most data-hungry machine ever built has your data.
Ha! I completely understand and agree with that viewpoint.
It's only mildly reassuring to me relative to how loose I know most providers are with leaking user data. And because, having interacted with it from the advertiser side, I can tell that they not only recognize the long term value in protecting user data, but that they also invest the resources to design their systems and processes with that fundamental premise in mind.
Conversely, I also recognize just how much they do know about me, and just how privileged of a position they're able to take due to their market-dictating scale. The thought of their growth ever stalling terrifies me, since it can give them cause to re-evaluate that fundamental premise if they ever need to shore up their numbers.
Pretty much. Here's to hoping for a long and profitable future for Google on it's current path. Because the alternative is too terrifying to contemplate.
I believe Apple just used their weight to declare that industry standard is, as we already know, anti-customer and anti-privacy. I suspect they’ve realized that beyond the iPhone and iPad, their biggest advantage is that they have history of respecting user privacy. Leaning into that when companies like Google literally can’t because spying on people is the core business model, is pretty smart.
I’ve seen them in action, these frameworks do way more. They record touches, delays between touches, sensor info, key logs, including mistypes. Watching the playback of the collected data against the backdrop of the app is like watching a remote desktop session.
Every big app collects analytics without such disclosure (and definitely no visual indicator). I honestly can't think of a counterexample.
If Apple's declaration is taken literally, this will have massive fallout on the analytics ecosystem.