Apple Will Beef Up Privacy in iOS 8 — Here’s What It Means for Local
When Apple unveiled iOS 8 last month, only brief mentions were made of iBeacon, the company’s much-hyped proximity messaging protocol. But early versions of the software released to developers in July suggest that the forthcoming operating system could include changes with even deeper implications for stakeholders across the commerce, advertising, and retail technology industries.
The most important changes center on Apple’s role as a gatekeeper for user’s information. In June, Apple announced Healthkit, a new program include in iOS 8 which helps measure and manage the highly sensitive and regulated world of personal health information. As the company builds software around more sensitive personal information — from pulse to payments — Apple appears to be pulling back on other personally identifiable information like location as well.
“If Apple wants to extend these services, it is going to have to create a more structured sandbox,” Maya Mikhailov, vice president at GPShopper, a retail-focused mobile development shop, told me earlier this week. Mikhailov, who has spent time with some of the developer builds for iOS 8, says the company’s newest software includes deeper, more granular privacy controls for users, and a potentially destabilizing threat to some in the advertising and analytics sector.
In the current version of Apple’s iOS software, a user can either allow or disallow an application for using its location. In theory, an application can only access ask for a user’s location if it offers a feature that depends on location data — say, finding a nearby restaurant or sending reminders when they arrive home. But once the user opted-in, the application was free to measure and record a user’s location at any point, regardless of the use case.
That’s set to change with iOS 8. According to Mikhailov, the early builds of the new software show a third type of permission for location data: Yes, but only when I use the app. That means that an application can only collect data when a user has opened the app, and is using it for a given feature.
The FTC has cracked down on some of the more egregious abuses of location data by mobile developers recently. In April, the commission filed a formal complaint against the maker of a Flashlight app, which collected user’s location data without a clear feature.
The new permissions come as the mobile advertising industry struggles to deal with some of the consequences of surging demand. A spike in demand from advertisers for location-enabled impressions has caused the amount of advertising inventory with location data included to soar — well beyond the number of location-based applications in the market. Some developers appear to have either started to ask for permission to collect a user’s location data in more nefarious circumstances, or generate fraudulent data points based on less accurate information.
Every time you walk within range of a wireless router (which in a city is nearly always), your phone sends a twelve digit code to the router with a request for more information. The router then sends the phone the basic information about the router — its name, whether its locked etc — that shows up in your wifi settings.
An entire sector has popped up in the past few years to help retailers, and others, turn those small pieces of data into meaningful insights — into the number, types and kinds of people who come into their stores. One of the big selling points is that they can not only tell the number of phones in a given area but whether, and how often, those phones have come in before.
iOS 8 could very well render that last part of the technology useless. According to Mikhailov, and reported by others, iOS 8 will create a dynamic MAC address, which will regenerate ever so often — although the frequency remains unclear. These companies will continue to be able to count users in the aggregate but they will not be able to tell who is who, and whether they’ve visited before.
In the short run, this has less to do with privacy. But it could signal a deeper shift down the road.
Shortly after the conference in June, developers began to report a new feature that surfaced apps in a user’s lock screen based on location. Adjacent to the camera icon, the relevant app logo pops and allows users to swipe and open in one motion. The leaked builds, originally posted to a forum in Macrumors, show the tool used with the Apple Store and Starbucks app.
“I think it’s an interesting opportunity for companies with physical stores or presence to really take advantage of that physical presence,” said Mikhailov. She says that the system appears to use the same technology that drives its new Nearby me tab in the app store, which offers users the most popular apps in that location. The most likely application will likely center around surfacing branded apps, but its unclear whether a third-party application like Shopkick or Square to show up as well.
As rumors go, all roads seem to lead to an Apple wallet. Mikhailov points out that Passbook, the company’s big announcement last year that was supposed to lead to a wallet, still lacks the privacy and security infrastructure to support payments.
But that could change soon. She calls Passbook a long-play, and believes that the tighter security structures in iOS8 hints at a push into our some of our most sensitive types of information: fitness and finance.
Steven Jacobs is Street Fight’s deputy editor.