Even without a booth, Apple is looming large over CES. Literally. In a giant billboard that went up on the side of the Springhill Suites Marriott hotel near the Vegas strip late last week, Apple is touting the privacy features baked into the iPhone, telling people, “What happens on your iPhone, stays on your iPhone.”
It’s a clever and effective ad that plays off the classic Vegas slogan. And it’s timely. In an age of regular data breaches and scary hacks, privacy and security have become a really big deal. Apple has made privacy a major component of its iPhone sales pitch for years, so while the ad might not mention Google, Samsung, or Amazon, it’s clearly aimed at trolling Apple’s biggest rivals and their somewhat laissez-faire approach to privacy.
The billboard’s claim is certainly true for parts of the iPhone. Maps doesn’t require nearly as many permissions as Google Maps to work properly. iMessages are encrypted end-to-end as opposed to Google’s RCS-based chat. Siri requests are processed locally. Face ID is more secure than nearly every other smartphone’s authentication scheme. But even so, many—maybe even most—people won’t experience the lock-down privacy Apple alludes to in the billboard.
While Apple’s own hardware and services may be more secure than the competition, the iPhone doesn’t operate in a vaccum, divorced from a larger universe of potential threats. So once you download a third-party app from the App Store, you immediately loosen the privacy reins.
Sure, Apple may be able to claim that its iOS store is more secure than Google’s Play Store when it comes to malware, but we still hear about the occasional iOS app that’s outed for misappropriating iPhone users’ data. And, of course, Facebook, Google, and Twitter aren’t magically safer than they would be on an Android phone.
Bottom line: Apple’s own apps and servers are private and encrypted, but the same doesn’t apply to the countless apps that you willingly use to share your personal data. Whether we’re talking about bugs in Google+ or Facebook’s outright violations, what happens inside those apps on your iPhone most certainly does not stay there. And let’s not forget that even Apple itself was at the center of a massive hack of celebrities’ photos, the very type of data that’s supposed to be locked down.
What Apple’s billboard is really saying is that the company treats your data with more respect that its competitors. Apple vows to never sell your data (though contrary to popular belief, Google doesn’t either, at least not directly). Apple won’t spy on your conversations. And Safari will prompt you when a site attempts to access your cookies or other data. So if you limit your iPhone activities to Apple apps and basic functions, then, yes, there's a very good chance that what happens on your iPhone stays on your iPhone. But it’s just not realistic to think anyone will live entirely in an Apple universe.
See no evil, hear no evil
Privacy is particularly topical now as Google Assistant, Amazon Alexa, and other digital assistants become mainstream. Even with the launch of its first smart speaker in the HomePod, Apple has made a point to keep the data used by Siri personal and private, promising, “Whether you’re taking a photo, asking Siri a question, or getting directions, you can do it knowing that Apple doesn’t gather your personal information to sell to advertisers or other organizations.”
So when you summon Siri to make a request, that specific information doesn’t leave your iPhone. Instead, it’s anonymized and randomized as part of a differential privacy technique that lets Apple analyze your data without knowing who it belongs to. Even with physical switches on their devices to limit listening, Google and Amazon can’t make that same promise. But with its billboard, Apple isn’t talking about Siri or even the HomePod, it’s talking about the iPhone as a whole. And if you want the kind of lock-down privacy that Apple is promoting, it’s going to take some work.
Simply put, Apple can’t make that same privacy promise about Alexa or Google Assistant on the iPhone. And that goes for the rest of Google’s app catalogue too. When you decide to use one of Google’s apps or services on your iPhone—Maps, Assistant, Search, whatever—you’re agreeing to let Google track you. There isn’t even a Do not track switch in Chrome on the iPhone anymore.
Of course, you can go into your Google account and make it as private as you’d like, or turn off location services for Google Maps on your iPhone to stop it from following you. But that’s hardly the point, as you can do that on any smartphone. Apple’s billboard can be interpreted to mean that everything you do on your iPhone is for your eyes only, and that’s simply not true—despite Apple’s admirable job in making the iPhone’s default apps and services as private and personal as they can be.
The fine print
It’s somewhat fitting that Apple’s privacy billboard would grace the side of a Marriott hotel. Just a few days ago, the company disclosed that more than five million unencrypted passport numbers were stolen as part the massive data breach last year. And guess what: If you used an iPhone to make a reservation through Marriott you carry the same risk as someone who used an Android phone. Or does Apple not consider that “happening on the iPhone”?
I know what you’re thinking: It’s a cheeky billboard ad, and it’s not supposed to be taken literally. That may be true of cars that drive underwater or Siri working in space, but even obviously over-the-tops ads have disclaimers warning you not to try this at home. Maybe I just can’t see it with my eyes, but I don’t see any such asterisk on Apple’s new billboard.
And perhaps there should be, along with a whole bunch of fine print.