With consumer privacy as the backdrop, Apple’s recent iPhone advertisement promotes their commitment to protecting sensitive data with a “what happens on our devices, stays on our devices” promise. “It’s as simple as that” the ad claims as it cautiously highlights the amount of data stored on smartphones. You can watch the one-minute cut here if you haven’t seen it.
Apple’s commitment to protecting personal information—at a time when data is routinely being collected and sold—deserves applause. According to their privacy statement “Every Apple product is designed from the ground up to protect that information. And to empower you to choose what you share and with whom.” The concept centers around putting you in control of your personal data; a welcomed stance in the age of data breaches and targeted advertising.
But privacy isn’t that simple. To take full advantage of this scenario, consumers must buy Apple products and only Apple products. Naturally, when you’re fully embedded in an ecosystem of services hosted by a single organization, the need diminishes for that organization to sell your personal data to third parties. Apple, after all, is in the business of selling their smart devices, not data.
As soon as you step outside of that ecosystem, however, such as when you install social media apps, email clients, GPS, and so on, your data gets collected, stored, transferred, and likely sold. And even if Apple doesn’t share your data, they do collect and store it. Accordingly, Apple registers as a target for cybercriminals. iCloud has fallen victim to cyber-attacks in the past, and comes with the usual cloud-storage vulnerabilities. As such, the reality of Apple’s marketing strategy falls squarely on one important concept:
iPhone privacy and security are two different things.
They work together and seem interchangeable in casual conversation, but there is a difference, and it’s important to understand that difference.
Privacy refers to the appropriate use of data that is collected, stored, and transmitted. For example, Apple swears to only use your data for the functionality and improvement of their products. A violation of privacy would mean posting that same data on Facebook or compromising it through some other egregious lapse in judgement.
Security refers to our efforts as human firewalls to ensure that data is not accessed by unauthorized parties such as social engineers and cybercriminals. Security means not clicking on random links and attachments, making sure that workstations are organized and password-protected, and verifying that access-controlled areas remain locked.
While it’s great that Apple campaigns for personal privacy (such as rolling out updates which allow end users to delete all audio collected by Siri) the onus of security still falls on the consumer. It’s the consumer who must use caution when downloading apps. It’s the consumer who must learn to identify social engineering attacks that specifically target Apple customers. It’s the consumer who must click with care and utilize strong, unique passwords.
And from a professional standpoint, Apple employees should routinely participate in security awareness training. Human error makes most data breaches possible. Apple’s privacy policies won’t matter if an employee clicks on a phishing link or accesses a random (and potentially malicious) USB flash drive.
So, even though Apple deserves props for their efforts in maintaining and respecting the privacy of their customers, let’s not oversimplify what that means, or assume that privacy equals security.
Latest posts by Justin Bonnema (see all)
- Tis the Season for Holiday Shopping Scams - December 11, 2019
- iPhone Privacy: It’s Not That Simple - November 7, 2019
- California Consumer Privacy Act: What it is and Why it Matters - October 25, 2019