Privacy tokens do not guarantee the security of personal data of iOS users. The media found out that Apple does not always verify the authenticity of app labeling. A number of developers have already taken advantage of this loophole.
Recall that privacy tokens were launched in the App Store a little less than two months ago — in mid-December 2020. According to the idea, they should warn the user about what information applications collect about him. For example, whether the games track his financial information or only diagnose failures.
That’s just some developers have learned to bypass this system, according to The Washington Post.
Geoffrey A. Fowler, an employee of the publication, selectively checked about two dozen applications with privacy labels. Half of them had incorrect labeling. And some of the apps that promised not to collect personal data at all actually collected them.
“I downloaded the stress relief app Satisfying Slime Simulator, which had a privacy marker of the highest level (approx. such an application does not track user data). However, it turned out that it secretly sent information from my iPhone to Facebook, Google and other companies,” Fowler wrote.
Moreover, according to Fowler, Apple directly adds a note to the description of applications with markers: “This information has not been verified by Apple.” Therefore, he urged not to rely on the company’s security policy.
Apple has already commented on what happened. The corporation stated that it regularly checks all the information it receives from developers. Apps that use false privacy tokens may not be allowed to update or even be removed from the App Store in the future.