My Contract with Apple
While this is not strictly about coding, it is a very important topic. It's essential, as a developer and end user, that we understand how we use data, and how others use it as well.
Privacy is becoming a more and more prevalant topic. Data breaches, governments requiring personal information being released. Recently, the EU compiled a declarative law requiring certain things from companies in regards to privacy and data handling. The EU GPDR is one of the most up-to-date government attempts to get a handle on the current state of privacy and data affairs.
All this aside, as a general statement, this article takes no stand on the benefits or downfalls of any legal document. It is simply an informative article.
A TL;DR is available at the bottom of this article
Apple & You
Apple is somewhat popular for taking a stand against data requests. This article details one of the more public cases, in which Apple refused to unlock an iPhone used by a terrorist in an attack against the United States. But, being a tech company, don't they collect information anyway? Even if they don't share it? Of course. But just how much?
Some other authors have already written about this, but I wanted to share my own experience as a developer. Some of these involve official Apple SDKs, and can give us an insight about just how much we can glean from others, and why we should use this responsibly.
So, What Is Available?
Requesting your data from Apple is a relatively simple process. But, of course, like everything else you do, it's still very secure.
In accordance with the GPDR released by the EU earlier this year, Apple developed a Privacy Portal, accessible first only in the EU, then later in other countries. This privacy portal not only gives you information on how to access your data, it also gives you information on who else can see it, and how they can access it.
Some information (like iCloud Keychain) is encrypted end-to-end. This means that without a key, no one else can access it. This is usually used for very specific things, data that no one should be able to access - and they don't. But, documents in iCloud, calendars, and notes, are stored without end-to-end encryption. These and more, according to the Privacy Portal, are accessible to the governement and those with legal authority.
This does not mean some three-letter agency can just sweep in and ask for all the data on Apple's servers. What it does mean is that, with the right reason, they can ask for yours specifically.
So, What'd You Get?
Being a developer, I took a personal interest. What has Apple collected in the 8 years that I've had an account with them? I use a lot of services, and I've owned a lot of products over the years. As an overview, I use:
- iCloud Storage (200 GB)
- Apple Music
- iTunes & App Stores
- iTunes Match
- Apple Developer
That's a decent list, right? Surely they at least can tell a little bit about me from the tunes I rock out to...
So, I took the plunge. Signed into my Apple ID on the Privacy Portal, and checked out my data. After a 5 day waiting period, the results were in. Here's what I asked for:
- AppleCare
- Apple Online & Retail Stores
- App, iTunes & iBooks Stores
- Apple Music
- Maps "Report an Issue"
- Marketing Subscriptions, Downloads, and Other Activity
- Game Center
- iCloud Bookmarks, Calendars, Notes, Contacts, and Reminders
- Other Data
There's a few more things you can ask for if you so choose (like your iCloud Photos), but I was a little less interested in that stuff.
It's also interesting to note, the Privacy Portal allows you to close or suspend your account. You can also edit your information if you believe anything is inaccurate.
What's in the box?
When I downloaded my data, there were a couple of surprises. First off, for a user of 8 years, I had just under 100 MB worth of files. I mean it.
The file structure was clean, compact, and easy to understand too.
Inside, there were a bunch of CSV files containing everything Apple knew about me.
App Store Information
First, I trawled through my App Store data. There was some things that you expected to find, like my App Subscriptions history, my iBooks collection and annotations, and app reviews. There was also a very interesting file taking up about 35 MB. Called "Apps and Service Analytics," and coming in at an impressive 42000 lines (with the longest line I could find being around 4200 characters long), my best guess is that this is an analytics file based on searches done in different stores.
What interested me the most though was a folder titled "Account and Transaction History." As it turns out, it contains a file with the date of account creation, and the exact device type I used to create it. Man, I used to love my old iPod Touch 2nd Generation...
(Sorry guys, can't be giving away my account ID or birth year that easy!)
I was also interested to find a list of authorized devices, pre-order history (good times), and every billing configuration I'd ever used. That's some detail right there. I also found my TestFlight information, for those of you who were wondering.
One more interesting thing, Apple included the entire amount that I've spent through the iTunes & App Store (including gift cards). The total came out to just under $800!
iCloud Information
For the most part, this one was just stuff I already had. All my previous calendars, reminders, etc. This includes Other Data, which was just some statistics on what devices used iCloud, etc.
Marketing data included things like what promotional emails I'd been sent, devices registered pre-Yosemite and iOS 8, etc.
Not too much interesting stuff here.
AppleCare & Service Information
This one was a bit of a throwback for me. Apple gave me a list of every device I'd ever bought from them, including when it was bought. I got to get excited over all my old stuff!
(Again, sorry guys. Gotta make this one a challenge!)
They also had all my old transcripts from service requests, including the one I'd made when I wanted to downgrade my first Apple Watch from the Developer Beta!
And, What Did We Learn?
Apple's file size is surprisingly small, all things considered. The amount of data they keep on us is pretty minimal. And a lot of it can be quite helpful, too. You can get receipts, old contacts, photos, and much more from Apple.
Apple takes privacy seriously. That's why, when developing applications, we always should use the provided official APIs, no matter how irritating they can be sometimes! This ensures that everything is processed to standard, our users' information is secure, and we all have peace of mind about how data is used.
TL; DR
Apple has a privacy portal that is now available to any and all comers. You can request your own personal information, or an authorized legal organization can request certain information about you. A lot of information can be requested as a backup, if you're deleting your account, or if (like me) you're just curious!
