👜 Apple’s War for Data Control

Your data is the most valuable asset that companies are competing for. The Apple iOS 15 release this week tells us new details about Apple’s war for data control. Long story short, it’s just as insidious as Facebook’s. Today’s deep dive will show why

Congratulations on investing in your family’s future today. Ai Parenting is a judgment free community moving from screen time to quality time and our motto is don’t sedate, relate to create. Today we’re going to move away from the sedation that’s happening around privacy towards the relating and creating the privacy future we want. 

I am so thankful for the awesome insights from Data Diva Debbie Reynolds when preparing for today. You’ll hear a few of her quotes and titles that she provided with me today, if you want to follow her check out @debbiedatadiva on Instagram, Twitter, and LinkedIn. 

The three topics that we will cover today are:

1. First Party Data
2. Data Caste
3. Data is Control

Data Diva Debbie Reynolds shared how first party data is the data that you share directly with the manufacturer. This week Apple announced a lot more first party data inside Apple Wallet for iOS 15. The goal is not to be a backup to replace your existing wallet and with good reason, it’s annoying to have to carry around so many things with you when you’re traveling. 

I attest to the convenience of being able to use Apple Pay on my watch especially during this past year, even if I forget my wallet it’s still possible to make a quick purchase without needing to touch the card reader and enter a code. 

Now it’s not just your credit card, but your transit pass, hotel key, car keys, house keys, and your passport too. What you’re seeing is not just more convenience it’s the merging of your physical identity with your digital identity. In other words, any time you need to show some form of physical identity such as a license or a passport you can replace it with a digital version. 

The interesting change comes not from the device itself but the fact that Apple has moved beyond convincing consumers to accept digital identity for items such as credit cards, now corporations are starting to accept your digital identity for entry into their buildings, and even governments are starting to accept a digital identity for moving across state lines and even across borders. 

Many of these functions have been available in China for a while through apps like the WeChat Wallet. What originally started as a WhatsApp clone has quickly evolved to include more and more aspects of a person’s digital identity including their Chinese ID and Bank Card. 

Mobile payments is often the only method to pay for many vending machines in China. When I travelled to Guangzhou, I remember the pain of trying to use public transportation without a mobile payment option. I basically had to pay someone to buy me a ticket with their phone. 

So Apple is saying that it keeps your data secure using the Secure Enclave Processor. This relates to my next point.

Privacy is increasingly becoming a luxury available only for the wealthy leading to a Data Caste system and it is the data of the poorest and most vulnernable that is being used to train Ai Systems. 

Low Privacy: In the Coded Bias they used the William Gibson quote “the future is already here, it’s just not evenly distributed.” We used to think that this meant that the rich would get access to new technology before the rest of us, but when it comes to tracking and privacy the exact opposite is true. Joy Boulamwini showed how facial recognition was used to track people going in and out of low income housing. 

Facial recognition used in 1500 police departments is trained on mugshots that police departments share with Clearview AI. Clearview AI integrates their face recognition with body cameras to quickly identify people. The key is that your mugshot is the property of the police departments and your consent is not required for them to use this data on a website for training an Ai.  

Privacy is not an option for our lowest income. They are often the first people to be exposed to new tracking and privacy invasive technologies. Innocent until proven guilty generally does not apply here, when you are suspected of a crime often the first thing that you lose is your privacy.

Middle Privacy: What do you get as an Android user? A Mar 2021 Forbes article revealed how Apple’s App Store required companies to disclose how much data is linked to your ID. They showed an image with 19 categories for Google Chrome, 6 categories for Safari, and 4 categories for Mozilla Firefox. 

Trinity College researchers compared that amount of data sent by a Google Pixel and an Apple iPhone every day. They found that Android phones sent 20x more data (or about 1MB of data in 12 hours) that than Apple iPhone (about 0.05MB in 12 hours). While Google disputes the number, they don’t seem to be disputing that they are tracking far more data than their competitors [4].

I’m not saying that people don’t share a lot of personal data with Apple. Just that the more data is shared is stored in the cloud than on your phone. It is this transfer of personal data into the cloud that increases the risks of a remote attack where your personal information is leaked and you’re not aware of it.

High Privacy: Data Diva Debbie Reynolds explained that since the Apple iPhone is generally considered a luxury product for most, it’s demographic is extremely valuable to companies. A study by the National Bureau of Economic Research found that owning an iPhone was a 69% predictive of having higher income. Beating out the next highest predictor Grey Poupon at 62%. Researchers went so far as to write “across all years in our data, no individual brand is as predictive of being high-income as owning an Apple iPhone.” [2]

This is why Facebook is so pissed that Cross App Tracking was disabled in the latest version of iOS, iPhone users are ideal clients for targeted ads, as they have the means and don’t mind spending more for something premium.  

Disabling Cross App Tracking is part of a much larger privacy and data strategy that already includes blocking cookie tracking by default.

Here’s three reasons why you should care if companies want to track your data and save it to the phone or send it over the Internet.

Long range: Information shared over the Internet doesn’t stay private forever, companies have data leaks all the time for example, reports that over half a billion Facebook users personal information including names, phone numbers, and email addresses was leaked was shown in April 2021. 

Companies can also be obligated by governments to reveal this personal information in the name of national security. When this information is given to the government often you as a user are not aware of what is happening.

Whistleblower Edward Snowden popped the lid on how cell phone locations are tracked and shared with Governments. Even years after this revelation they haven’t stopped creeping our locations. 

Short Range: Short range communications technology like NFC is used for payment systems, and Apple shared that it uses Ultra Wide Band for unlocking cars, hotel rooms, and homes. Ultra Wide Band has an effective range of around 25 meters, that’s convenient both for you and for hackers. 

In the UK the vehicle recovery company Tracker reported that 92 percent of all vehicles stolen and recovered were taken without using the owner’s keys. Attackers have been using a two person relay attack to enter cars. One person follows you while the other person stays near your car the signal from your car is sent to the person close to you, your phone or key fob thinks that you are close to the car so it unlocks the doors for you. Then it’s pretty easy to enter the vehicle and steal stuff inside, close the door without leaving any evidence of forced entry [7].

There are portable faraday pouches like the silent pocket that can block these signals but then you would also lose the convenience of receiving text messages or calls on your phone.  

No Range: One of the key messages regarding the changes to Apple Wallet was that this data would be encrypted and accessible only through the Secure Enclave Processor which is similar to the secure element available in Snapdragon 845 and above Android phones [3].

Under the hood, the Secure Enclave or Secure Element manages encryption keys and is isolated from the main processor. Any highly sensitive data that users want to keep private, such as face scans, fingerprints, and credit cards is encrypted. This isolation means that it’s capable of maintaining the encryption of sensitive data even if the device has been jailbreaked [8].

The risk is that if a hack is discovered in Secure Element or Secure Enclave then it will be impossible to patch. This was the case with the exploit for Intel chips and in July 2020 security researchers at Pangu demonstrated an exploit of the Secure Enclave Processor that they claimed was unpatchable. This potentially means that all older iPhones would be vulnerable to the same exploit and there’s no software patch that can fix the issue [9].

Impact on Society: If Apple and others truly succeed in replacing your existing wallet this introduces another risk to our society as a whole. Imagine if the government only issued an electronic drivers license and passport to your phone. Then you’re only one hack away from full on identity theft. They could pretend to be you in every sense of the word. 

The second risk is one of concentrated power, your phone manufacturer could shut down your account at any time and they would not have any obligation to restore your accounts even if you had life saving medication in your car or couldn’t get into your own house because you left your keys at home. 

It’s always good to have a backup just in case the electronics don’t work. I keep my cards and cash in an RFID blocking minimalist wallet in my pocket at all times just in case and I don’t leave home without it. Having a spare key doesn’t hurt either.

If you want to know more ways to protect your family online become an Ai Parenting insider which will give you a free copy of our screen time to quality time chart just for signing up. 

Thank you again we will see you next week.

References

1. Apple Wallet Changes from CNBC https://youtu.be/OAywkPxRjTw
2. Clearview AI chasing every mugshot in US https://www.theregister.com/2020/03/09/ai_roundup_march6/
3. iPhone owners incomes and spending are higher https://www.deseret.com/2018/7/11/20648686/do-you-own-an-iphone-new-study-says-you-re-probably-rich
4. Chrome tracks more data https://www.forbes.com/sites/zakdoffman/2021/03/20/stop-using-google-chrome-on-apple-iphone-12-pro-max-ipad-and-macbook-pro/?sh=167e4ba74d08
5. Android sends 20x the data of iPhones https://arstechnica.com/gadgets/2021/03/android-sends-20x-more-data-to-google-than-ios-sends-to-apple-study-says/
6. Facebook Data Leak https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4
7. Ultra Wide Band is susceptible to relay attacks – https://www.securityindustry.org/2020/11/17/applying-ultra-wideband-wireless-technology-for-security-and-automation/
8. Secure Element on Android phones https://9to5mac.com/2020/02/12/apples-secure-enclave/
9. Secure Enclave Processor is Hacked by Pangu at Mosec 2020 Jul 24  https://twitter.com/sparkzheng/status/1286599007834271744?s=21