New research from the University of Aalto in Finland challenges Apple’s claims that users have full control over their privacy on its devices. The study reveals that built-in applications on iOS, iPadOS, and MacOS continue to collect user data even when users believe they have disabled the corresponding functions.
A team of researchers led by Associate Professor Yannah Lindqvist examined eight key Apple applications: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My, and Touch ID. They found that these apps are deeply integrated into the ecosystem, making it difficult for users to completely opt out of them.
“The user interface can be deceptive,” Lindqvist explains. “For instance, when a user disables Siri, it may appear that data collection by the voice assistant has stopped, but in reality, it continues to gather information from other active apps.”
To restrict data access, users must meticulously configure privacy settings for each individual app. However, the guidance available online is often convoluted and incomplete, leading to confusion among users who struggle to determine if they have achieved the desired level of privacy.
“Instructions for limiting data access can be confusing,” says doctoral student Amel Berticals. “They are scattered across various locations, making it unclear whether to adjust settings within the app, device settings, or both.”
To assess the accessibility of privacy settings for average users, researchers conducted an experiment with volunteers. Despite taking some corrective measures, none of the participants successfully prevented data transmission from the studied apps to third-party services. Additionally, the process proved to be time-consuming.
The researchers speculate that Apple might use the collected data for training Siri and personalizing user experiences. However, due to Apple’s lack of transparency, it is difficult to confirm this conclusively.
Experts recommend using third-party apps as alternatives to standard ones, such as replacing Safari with Firefox. Nevertheless, even this switch may not ensure complete data security.
The full findings of the study will be unveiled at the CHI conference in Honolulu in May 2024.