On-Prem

Personal Tech

Apple sued for promising privacy, failing at it

What's allowed for Cupertino is verboten for everyone else


Apple has again been sued for promising privacy and allegedly failing to provide it.

The complaint [PDF], filed in Northern California District Court on behalf of plaintiff Julie Cima, claims Apple captures iPhone customer data despite device settings declaring a preference that information should not be shared.

"Apple records consumers’ personal information and activity on its consumer mobile devices and applications ('apps'), even after consumers explicitly indicate through Apple’s mobile device settings that they do not want their data and information shared," the complaint, filed this week, says. "This activity amounts to an enormous wealth of data that Apple collects and uses for its financial gain."

The legal filing cites research published last November by a two-person firm developer team called Mysk that claimed Apple collects analytics data even when iPhone users have set a preference disallowing data collection. Those claims led to a similar sueball shortly after they appeared, and to another such case filed earlier this month.

Prior research by boffins from Oxford University, published in April 2022, presents similar allegations. The researchers claim Apple engages in invasive data practices similar to those it forbids among third-parties, in violation of consumer expectation and marketing slogans.

As with the previous privacy lawsuits, Cima's lawsuit argues that Apple makes misleading promises in its marketing and published policies.

The perceived mismatch between marketing and reality is a common theme in litigation against Apple. Those raising legal challenges in the past, for example, have railed about the discrepancy between advertised screen size and actual screen size. They've also taken issue with Apple's assertions about the extent to which its products can resist water damage.

This latest bit of lawyering goes after the alleged hypocrisy in Apple's privacy policy commitment, "At Apple, we respect your ability to know, access, correct, transfer, restrict the processing of, and delete your personal data," and in the company's promise to "disable [the sharing of] Device Analytics altogether" at the touch of an off button.

The complaint cites Apple billboard campaign slogans like "Privacy. That’s iPhone," and "What happens on your iPhone, stays on your iPhone," and "Your iPhone knows a lot about you. But we don't."

The lawsuit then goes on to insist that "Apple does not honor users' requests to restrict data sharing," claiming that the company tracks consumer actions including: how users find apps; the amount of time spent looking at apps in its App Store; App Store searches; and App Store ads displayed and clicked on.

Setting aside the possibility of legal deficiencies that can get such claims tossed, the iPhone maker may choose to defend itself by arguing that ingesting data through its first-party relationship with its customers is not sharing information with a third party.

Apple has not yet responded to the privacy claims made in the similar cases filed in November 11, 2022 (Libman v. Apple) [PDF], and January, 2023 (Serrano v. Apple). In the former case, the company has agreed to file its response by February 17, 2023.

Apple did not immediately respond to a request for comment. ®

Send us news
38 Comments

Apple plugs security hole in its iThings that's already been exploited in iOS

Cupertino kicks off the year with a zero-day

What does it mean to build in security from the ground up?

As if secure design is the only bullet point in a list of software engineering best practices

Google's 7-year slog to improve Chrome extensions still hasn't satisfied developers

Makers of content blockers, privacy add-ons say promises weren't kept

Canvassing apps used by UK political parties riddled with privacy, security issues

Neither Labour, Conservatives, nor the Lib Dems offered a retort to rights org's report

SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon

It's another cousin of Spectre, here to read your email, browsing history, and more

Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker

Fourth time’s the harm?

Amazon sued for allegedly slurping sensitive data via advertising SDK

Harvesting of location data and other personal info without user consent, lawsuit claims

DeepSeek's R1 curiously tells El Reg reader: 'My guidelines are set by OpenAI'

Despite impressive benchmarks, the Chinese-made LLM is not without some interesting issues

Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek

Oh someone's in DeepShi...

'Maybe the problem is you' ... Linus Torvalds wades into Linux kernel Rust driver drama

Open source project chief hits out at 'social media brigading'

Brit competition watchdog takes aim at Google, Apple's mobile ecosystems

CMA flexes its new Strategic Market Status muscles

Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant'

When cloud customers don't clean up after themselves, part 97