iOS 14, macOS Big Sur, Safari to give us ‘No, thanks!’ option for ad tracking – Naked Security | #firefox | #firefoxsecurity

As is typical for Apple’s developer conferences, on Monday it started hyping the privacy and security goodies it’s got in store for us in a few months.

During the pre-taped keynote at Apple’s Worldwide Developers Conference (WWDC), the company promised to pump up data protection even more with gobs of new features in its upcoming iOS 14, macOS Big Sur, and Safari releases.

(Here’s the complete keynote transcript, courtesy of Mac Rumors, if you don’t have a spare 1:48:51 to listen to the opening for Apple’s first-ever, all-online WWDC.)

Pretty please stop the ad tracking

The big ones include the option for users to decline apps’ ad tracking. More specifically, we’ll be given the option to “Allow Tracking” or “Ask App Not to Track.” As Wired’s Lily Hay Newman points out, “asking” sounds a lot more dubious than “blocking.” But Apple makes it decisive in its notes to developers, where it says that the permission is a must-have for developers, not a nice-if-you’re-in-the-mood.

Developers notes on apps’ permission to track. IMAGE: Apple

Katie Skinner, a user privacy software manager at Apple, said during the keynote that this year, the company wants to help users to control ad tracking:

We believe tracking should always be transparent and under your control. So moving forward, App Store policy will require apps to ask before tracking you across apps and websites owned by other companies.

Developers will also be required to cough up data on exactly what third-party software development kits and other modules they’ve incorporated into their apps, what those components do, what data they collect, who they share it with and how it will be used. Think of the charts like nutrition labels, Apple said on Monday: they’re a way for developers to transparently share security and privacy details.

Apple isn’t the first to think about labels that could give us a heads-up about what a chunk of code is up to. Last month, Carnegie Mellon University presented a prototype security and privacy label based on interviews and surveys, the focus of which was the shabby state of security in the Internet of Things (IoT).

IoT devices, App Store apps, fill in the blank: why not label them all? One caveat is that we actually have to trust developers to a) be candid about what they’re up to, rather than b) lying through their teeth. Unfortunately, developers all too often choose option B. For example, sometimes they try to manipulate Google’s security by removing suspicious code before adding it back in to see what trips detection systems, and then we wind up with ad fraud apps hiding in the Play Store.