Apple’s App Store privacy efforts are backfiring big time

There have been some complaints recently about how the Apple App Store handles privacy. Although Apple is trying to position itself as the consumer-privacy-friendly company — in stark contrast to Google, primarily — some have complained that it is doing it in far too heavy-handed a way.

But what struck me as most interesting about the situation is how many companies have been hurt when, for example, an app that a company needs suddenly goes missing from the App Store, with no indication of when it will return or, well, just about any information at all.

Do these companies abandon the app and standardize on some other app? That can take quite some time and be disruptive and costly. It’s also infuriating if the original app suddenly returns the day before the new, more expensive app is supposed to roll out. Apple’s corporate attitude of “We’ll tell you nothing until we feel like it” is a real problem if Apple expects companies to rely on its business apps.

The privacy attitude of taking an app down with no notice or hint about its return may be fine for a game or some other entertainment app, but it’s a very serious issue for business apps. By the way, Apple could side-step this issue with a notification rather than a mandatory shutdown. For example, it could say, “Notice: Apple has found some privacy violations in this app and we are in discussions with the vendor to get matters fixed. If you’re still OK downloading the app, feel free to proceed.”

This approach would still position Apple in the pro-privacy area, but it would allow its users to make informed decisions. Better yet, the notice could specify the nature of the alleged privacy violation and truly allow for some informed decisions.

Let’s look at what happened recently with a security app from a company called Trend Micro. In September, Apple decided that some data retention in the app was a privacy violation. Without giving the company time to fix the issue, the app was yanked from the App Store.

Customers of Trend Micro were left in an awkward position. New employees and contractors couldn’t get an app that had become the customers’ standard. With no information about the app’s status and when it would return, customers were unsure what to do.

Jon Clay, Trend Micro’s director of global threat communications, said in a Computerworld interview that Apple asked for certain changes and then, when those were made, asked for new changes. “There’s a bit of a back-and-forth going on,” Clay said, referencing an initial Apple request to remove some browser history. “They came back and then said we need to look at some other areas. We feel our customers’ pain.” He said Apple’s lack of public details about when an app will return is “a valid frustration” for businesses.

Trend Micro posted a blog on this topic and said that the information Apple had shared was misleading. “Reports that Trend Micro is ‘stealing user data’ and sending them to an unidentified server in China are absolutely false. Trend Micro has completed an initial investigation of a privacy concern related to some of its macOS consumer products. The results confirm that Dr. Cleaner, Dr. Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. This was a one-time data collection, done for security purposes to analyze whether a user had recently encountered adware or other threats, and thus to improve the product and service. The potential collection and use of browser history data was explicitly disclosed in the applicable EULAs and data collection disclosures accepted by users for each product at installation. The browser history data was uploaded to a U.S.-based server hosted by AWS and managed/controlled by Trend Micro. Trend Micro is taking customer concerns seriously and has decided to remove this browser history collection capability from the products at issue.”

But Apple was apparently not satisfied, and this situation has now drifted into December, with many TrendMicro apps still banned from the App Store.

Daniel Portenlanger, who runs a security firm called Simprocity, said he has six clients who have been impacted by the Apple move. “In the name of Mac privacy and security, Apple removed all Trend Micro apps, including enterprise iOS MDM apps that provide privacy and security.  How is that for irony?  As a result, none of my customers have had control over their Apple mobile devices since Sept. 12. We’re completely blindsided. To pay $1,000 per device and have it not be securable for months is frustrating and disappointing. Android devices are working fine, because I can side-load the client.”

Note to Apple: When your actions make Android devices look good by comparison, it’s not a good day for you.

One of the impacted Simprocity customers is Siegfried Lebherz, president of Perfect Temperature Control. “We’re having security issues. I’m having to invest more with having out IT people monitoring everything and looking for options,” Lebherz said. “Now I feel like I’m stuck in limbo. I don’t know which way to go. Communication is the key to any successful business.”

Another end user who has been impacted is Patrick Ryan, president of Fab-Rite Sheet Metal. “Automatic scans are deactivated. We lost a big job” because email capabilities were limited, Ryan said. “It has somehow deactivated the email on our phones. That is what is frustrating for us: We have no idea where it stands. It would be great to have a little communication.”

To be fair to Apple, until it finishes its back-and-forth with app makers, it would have no specific way of knowing when the vendors will be able to replace the app. But that is precisely why it needs to give users the choice of continuing to use an app that it has flagged for potential privacy violations. Why disrupt a large number of companies for something that is beyond their control? Give users the option to make their own choices.

That, however, is not the Apple way. (Neither, it seems, is responding to media inquiries. Computerworld has been working on this column for more than a month, which was when we sent our first message to Apple. No reply was ever received.) Apple is all about controlling the experience. Well, thus far, that seems to have worked. It has controlled the experience wonderfully, so that all users have a bad one. Congrats.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *