Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.”
But Apple’s lawyers are telling a different story. In a recent court filing(nieuw venster), they told a judge, “Given Apple’s extensive privacy disclosures, no reasonable user would expect that their actions in Apple’s apps would be private from Apple.”
This article, part of our series on privacy washing(nieuw venster), examines several reasons the iPhone doesn’t live up to its marketing claims or consumer expectations. It certainly doesn’t align with the privacy standard we use at Proton. But there are a few steps you can take to improve your iPhone privacy.
This article explains what data Apple collects about you and highlights two recent revelations: that Apple was secretly sharing data with law enforcement agencies and left a security backdoor that may have been exploited by the Chinese government for political repression.
Apple can see your data
Contrary to the claim that what happens on your iPhone stays there, Apple constantly gathers data from your phone whenever you use Apple services, the App Store, or the Apple News or Stocks apps, each of which has its own privacy policy(nieuw venster).
Apple can see all your data in iCloud Mail, Contacts, and Calendar. If you use these apps, there’s no way to turn on end-to-end encryption(nieuw venster).
By default, Apple can also see your photos, iCloud and Messages backups, notes, reminders, voice memos, and more. You can, however, turn on end-to-end encryption for this data by enabling Advanced Data Protection.
We explained the limitations of Apple’s encryption in our article about iCloud privacy(nieuw venster).
A growing advertising business
There’s a perception that, as a hardware company, Apple doesn’t need to collect personal data. But as computer and phone sales slow down, the company is searching for new revenue sources.
In fact, from 2022 to 2023(nieuw venster), Apple’s hardware sales fell by over $18 billion. Meanwhile, revenue from services, including advertising, has grown steadily.
To deliver targeted ads, Apple collects information(nieuw venster) about your device, location, App Store searches, shows you watch, and books and articles you read.
Read more about Apple advertising tracking here
Apple may have shared push notifications with law enforcement
In December 2023, a US senator revealed that Apple had received sealed court orders that forced it to secretly share push notification data(nieuw venster) with law enforcement agencies in the US and foreign countries. (He did not reveal what other countries.) Apple claims federal authorities prohibited them from disclosing these surveillance requests.
As a US-based company, Apple is vulnerable to this kind of secret surveillance. Even so, Apple did not take even minimum precautions to protect users’ privacy, such as requiring a court order before disclosing push notifications. The company quietly updated its privacy policy(nieuw venster) following the scandal.
Proton, by contrast, is based in Switzerland, so it would be illegal for us to comply with a foreign request without a valid Swiss court order. We not only require court orders but also often challenge them.
Leaky AirDrop used for political repression
In January, another story broke. This time, security researchers in Beijing reported(nieuw venster) an Apple bug that allows attackers to identify senders via AirDrop, which Chinese government officials said they used to identify people sharing “inappropriate information”.
It turns out that a German research group had notified Apple about this very issue in 2019, but the company didn’t fix the problem. The group subsequently published an open-source fix(nieuw venster) in 2021. But Apple left the vulnerability in place.
How to protect your privacy on iPhone
Compared with other hardware manufacturers, Apple offers much greater privacy, robust security features, and a great user experience. If you use Apple products, there are simple steps you can take to keep the company out of your data.
First, you can turn on Advanced Data Protection(nieuw venster) or turn off iCloud syncing if you don’t need it. You can also turn on Advanced Data Protection while turning off iCloud specifically for the services that don’t support end-to-end encryption, such as Mail or Calendar. You can also turn off location tracking for apps that don’t need it.
Next, you can switch to privacy-focused alternatives for Apple Mail, Calendar, iCloud, iMessage, and other apps. Signal(nieuw venster) is an encrypted messenger service. And Proton offers end-to-end encrypted alternatives for email, calendar, cloud storage, and password manager. Since our only source of revenue is subscriptions, we don’t need to collect data and our only incentive is to protect your privacy.