By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Spencer Dailey:
Amid Apple pushing mandatory privacy labels, Google is stalling on releasing updates for its iOS apps. Yet Google itself is now telling users that their own apps are out of date. […]
About an hour ago, I opened my Gmail app to find that some of my accounts had been logged out. When I tried logging back in, Google informed me that “This app is out of date.” Indeed!
After saying “This app is out of date”, its warning goes on to say “You should update this app.” We can’t. “The version you’re using doesn’t include the latest security features to keep you protected. Only continue if you understand the risks.”
I followed Dailey’s instructions with a fresh install of the Gmail app, and got the same message. Seems like Google’s handling of this Privacy Nutrition Labels change at the App Store is utter chaos. [Update: A few hours and seems like Google has pushed a server-side change to suppress these warnings. But the apps themselves were not updated, and Google still hasn’t supplied privacy nutrition labels.]
I posted about this saga two weeks ago, and nothing has changed since. Still no updates to Google’s major iOS apps, still no privacy nutrition label information for them, either. Yet Google was confident back on January 5 they’d soon start rolling out labels for all their apps.
My utterly uninformed theory is that Google somehow didn’t understand the magnitude of what these iOS privacy changes entailed. It’s not just about a single device identifier used for targeted advertising. As Allen Pike speculated this week, full compliance with Apple’s new privacy rules may well rule out all sorts of “analytics” in apps that show targeted ads. And Google’s apps all collect massive amounts of analytics and all show targeted ads. Aren’t “analytics” and “tracking” two words for the same set of practices? Maybe Google is like, We’re not doing tracking. We’re just collecting analytics, and Apple is like, That’s the same fucking thing.
My only other theory is that Google thinks they can wait Apple out — that public pressure from iPhone owners who use Google apps will result in Apple conceding to better terms for what Google needs to admit to in its nutrition labels. I don’t see that working.
The question is why Google doesn’t just do what Facebook did, and cop to all of it, even if it’s a bad look to have a privacy nutrition label as long as an unspooled roll of toilet paper. Facebook’s nutrition labels being very long, but published on time, seemingly confirmed what we all suspected: that Facebook collects a breathtaking amount of data about the users of its apps. The way Google is handling this makes it look like (a) they have something to hide, (b) they were caught unprepared despite the fact Apple announced this policy back in June, or (c) both.
Charlie Warzel and Stuart A. Thompson, reporting for The New York Times:
A source has provided another data set, this time following the smartphones of thousands of Trump supporters, rioters and passers-by in Washington, D.C., on January 6, as Donald Trump’s political rally turned into a violent insurrection. At least five people died because of the riot at the Capitol. Key to bringing the mob to justice has been the event’s digital detritus: location data, geotagged photos, facial recognition, surveillance cameras and crowdsourcing. […]
While there were no names or phone numbers in the data, we were once again able to connect dozens of devices to their owners, tying anonymous locations back to names, home addresses, social networks and phone numbers of people in attendance. In one instance, three members of a single family were tracked in the data.
The source shared this information, in part, because the individual was outraged by the events of Jan. 6. The source wanted answers, accountability, justice. The person was also deeply concerned about the privacy implications of this surreptitious data collection. Not just that it happens, but also that most consumers don’t know it is being collected and it is insecure and vulnerable to law enforcement as well as bad actors — or an online mob — who might use it to inflict harm on innocent people. (The source asked to remain anonymous because the person was not authorized to share the data and could face severe penalties for doing so.)
I understand why the source asked to remain anonymous, but it sure would be interesting to know which apps were supplying this data. My best guess is that it come from a mobile ad network. But that’s just a guess. And if the data did come from just one ad network, how much data is being collected in the aggregate by all ad networks?
It’s really just flabbergasting what Warzel and Thompson were able to do with this.