Sincere question: what new steps would you recommend they take?
The iOS location request prompt uses very clear language while allowing for granular access, and the granted permissions are easily reviewed in Settings.
The App Store requires data usage disclosures, which are presented about as succinctly as possible.
They could mandate that apps share absolutely no location data with any third party, but that would break all sorts of things (external mapping APIs, for example), and it’d basically be impossible to police.
Are there mitigations they could provide that I’m missing?
> Are there mitigations they could provide that I’m missing?
Apple could start by stopping their constant tracking and uploading of MAC addresses around Apple devices.
That's right, even if your device has no telemetry whatsoever but has active WiFi / Bluetooth network scanning, Apple is still tracking you if someone close to you has an Apple device.
> We investigate what data iOS on an iPhone shares
with Apple and what data Google Android on a Pixel phone
shares with Google. We find that even when minimally configured
and the handset is idle both iOS and Google Android share
data with Apple/Google on average every 4.5 mins. The phone
IMEI, hardware serial number, SIM serial number and IMSI,
handset phone number etc are shared with Apple and Google.
Both iOS and Google Android transmit telemetry, despite the
user explicitly opting out of this. When a SIM is inserted both
iOS and Google Android send details to Apple/Google. iOS sends
the MAC addresses of nearby devices, e.g. other handsets and
the home gateway, to Apple together with their GPS location.
Users have no opt out from this and currently there are few, if
any, realistic options for preventing this data sharing.
Any app can get a general sense of your location from your IP address (unless you are using a VPN) since Apple's Private Relay feature only works in Safari and Mail, not in third party apps.
I would love the ability require apps to ask permission to access the internet, or even better, a way to limit connections to specific domains like Little Snitch can do on macOS.
Many apps don't have a legitimate need to access the internet such as a photo editing app or a single player game.
The OS is just part of what enables tracking; the cell company can track you just as easily regardless of OS. Apple's privacy claims are sheer marketing; their business is not so directly tied to mass surveillance like Google's, so they play the marketing game that the circumstances allow for.
This is a common false dichotomy. Border agents and random highway stops are done by state actors. Vanishingly small slice of them are james bond-esque high stakes games.
you’re fine with state actors being able to precisely target propaganda / inciting calls to violence based on psychological profiles etc, including your neighbors
state actors are much more prescient than that. From every tail light ticket to rain water collection law, the state bears every law on the threat of murder. That's the price for the social contract.
The iOS location request prompt uses very clear language while allowing for granular access, and the granted permissions are easily reviewed in Settings.
The App Store requires data usage disclosures, which are presented about as succinctly as possible.
They could mandate that apps share absolutely no location data with any third party, but that would break all sorts of things (external mapping APIs, for example), and it’d basically be impossible to police.
Are there mitigations they could provide that I’m missing?