← Back to context

Comment by thelean12

4 years ago

That's not even close to true. Apps that you have downloaded can reveal a massive amount of potentially personal information.

Think about someone having a dating app that would out them. Or a therapy app that they don't want people to know about. And that just scratches the surface.

Only if linked to personally identifiable information. Do we have any evidence this is happening?

  • You are moving the goal posts.

    It is also trivially linked to ip address, which is usually personally identifying.

    • Do you have any proof this is happening?

      This is Apple we are talking about, which has the strongest privacy commitment of any device maker, and no advertising business outside of the App Store. Linking IP addresses to app certificate requests provides them zero benefit and exposes them to substantial brand damage.

      2 replies →

  • I'm not an Apple user so forgive my ignorance here.

    1. Do you need an apple account to use the app store?

    2. Do you need to provide personal information to use an apple account (I'm thinking at least enough to get a credit card working for app purchases/subscriptions)?

    3. Is the data sent to this anti-malware service linked to your Apple account or an apple hardware id? (Has someone wiresharked the data to confirm/deny)

    • 1. Yes

      2. Yes

      3. I doubt it

      But regardless of 3, simply by using the App Store at all (similarly to any other App Store out there) you're already giving them more information than they get from these hashes (at least for the apps that come from the store). I know for a fact that they keep a record of which apps you've downloaded there, associated with your account, because they check for updates and let you re-download them. As does the Android store. As does the Windows store.

      1 reply →

  • That's unrelated to my comment. I was simply responding to the astoundingly wrong claim that "My personal data involves what I do within those apps, not which ones they are."

Part of it is that, when we're talking about a traditional computer (contrasted with a phone), all of that stuff happens in the web browser these days. The average user's native binaries are mostly limited to said web browser, some work communication apps, maybe a notes app, maybe some dev tools or office tools or media tools depending on the person. Nothing remotely interesting to advertising companies. Maybe that will change with the new iOS app support, but I kind of doubt it.

And anyway, when we are talking about a phone, it would be literally impossible to run an app store without recording (and personally identifying!) that information. Maybe that's one more argument to allow third-party app stores, which I'm not against (though who knows if they're more trustworthy with that data?), but nevertheless.

My point is that in the grand scheme of privacy concerns, this is a very silly hill to die on. In the grand scheme of system reliability, on the other hand, it's totally legitimate to be upset that this effectively took down thousands of expensive workstations across the world for a few minutes.

  • So you're okay with it because at the moment you personally (or at least some vague idea of the "average user") don't have any "interesting" apps on your traditional computer? You should step back and understand why this is the wrong way to look at it.

    Take a look at the macOS App Store medical section. Doing a quick scan of the top apps there is one app to help with some diabetes pump, one for a personal ECG machine, one that says it's a "mobile lactation consultant". Those can reveal a lot about a person that they might want to keep private. Searching "therapy" or "dating" also shows many results that people might want to keep private.

  • > My native binaries are mostly limited to said web browser, some work communication apps, dev tools, maybe a notes app. Nothing remotely interesting to advertising companies.

    Translation: "I've got nothing to hide".