Apple has revised its privacy page to focus on the company’s privacy measures for Safari, Maps, Photos, Messages, Siri, News, iCloud, Home, Wallet, Health, the App Store, and the new Sign in with Apple feature. Most helpful are the linked white papers that provide specific details on various privacy topics.
While the page is a nice marketing effort, there are a few issues. As developer Michael Tsai points out, Apple claims that Safari doesn’t have a browser-level sign-in to sync data, which is true but irrelevant, given that Safari relies on a system-level iCloud login to sync its data in an all-or-nothing fashion. And even the Safari white paper doesn’t mention Apple’s partnership with Chinese firm Tencent for implementing its Safe Browsing feature for Chinese users.
To make matters worse, on the same day Apple published its revised privacy page, IT specialist Bob Gendler revealed that macOS stores encrypted messages from Mail in an unencrypted database for use with Siri, even when Siri is disabled. It’s a sloppy design, albeit not a serious vulnerability given the requirement for local access. Apple has now told The Verge that it’s aware of the problem and will fix it in a future update.
It’s good that Apple is being mostly open about its privacy efforts, but flubs like this call into question how complete they are. We certainly hope Apple devotes some development resources to eliminating this inadvertent exposure of potentially confidential information.