Elliot Libman has filed a lawsuit against Apple over App Store data collection. The tech company is accused of violating users’ privacy and monetizing App Store data without users’ permission.
Security researchers and developers from ‘Mysk’ found that Apple was keeping a log of how users interact with the App Store meaning that users’ every tap in the App Store is sent to Apple in real-time. The data was transmitted via JSON file even when the Share Analytics and personalized recommendations features were disabled.
Based on the research report mentioned above, the plaintiff alleges that the tech company violates users’ right to privacy by getting an insight into their “browsing history and activity information” by breaching their privacy safeguards like turning off Share Analytics and personalized recommendations. He hopes the case would become a class action lawsuit against the tech company.
Why doesn’t Apple show the ATT permission prompt for server-side data collection?
The case primarily targets the tech company for not showing the App Tracking Transparency (ATT) permission prompt before collecting users’ App Store data, in addition to data collection when Share Analytics is not opted-in. The plaintiff further accuses the company of invading “a zone of privacy protected by the Fourth Amendment” and “violated dozens of state criminal laws on wiretapping and invasion of privacy.”
“Apple’s practices infringe upon consumers’ privacy; intentionally deceive consumers; give Apple and its employees power to learn intimate details about individuals’ lives, interests, and app usage; and make Apple a potential target for “one-stop shopping” by any government, private, or criminal actor who wants to undermine individuals’ privacy, security, or freedom. Through its pervasive and unlawful data tracking and collection business, Apple knows even the most intimate and potentially embarrassing aspects of the user’s app usage— regardless of whether the user accepts Apple’s illusory offer to keep such activities private.”
The details of the case highlight the issue of distinguishing between server-side data collection and iOS privacy settings. Apple Insider explains that ATT prompt and Share Analytics settings are relevant to App Store data collection because “app developers and an App Store hosting company, in this case, Apple, are not one and the same, despite the App Store being an app.”
Since the tech company does not sell users’ data to third-party data brokers, the fourth amendment does not apply in this case.
It’s not clear why data collection by a company that you are doing business with and agreed to data collection in the terms of service of a product, in this case, both the App Store, and the iPhone itself, is a violation of wiretapping laws, especially if Apple anonymizes or aggregates any data collected by the App Store.
The date is yet to be decided for when the case would be heard.