The Washington Post’s privacy story on Apple and how they got it wrong

Written by

The Washington Post ran a sensationalistic story this morning that claimed Apple would have user’s location, unique identifying codes and search terms when using Spotlight in OS X Yosemite and iOS 8.

The function is part of Spotlight search, which was updated with last week’s launch of new Mac computers and Apple’s latest operating system, Yosemite OS X, which also is available for download to owners of older machines. Once Yosemite is installed, users searching for files – even on their own hard drives — have their locations, unique identifying codes and search terms automatically sent to the company, keystroke by keystroke. The same is true for devices using Apple’s latest mobile operating system, iOS 8.

There’s only one problem with the story—it’s not true.

On iOS 8, here’s what Apple actually gets (PDF document):

To make suggestions more relevant to users, Spotlight Suggestions includes user context and search feedback with search query requests sent to Apple.

Context sent with search requests provides Apple with: i) the device’s approximate location; ii) the device type (e.g., Mac, iPhone, iPad, or iPod); iii) the client app, which is either Spotlight or Safari; iv) the device’s default language and region settings; v) the three most recently used apps on the device; and vi) an anonymous session ID. All communication with the server is encrypted via HTTPS.

To help protect user privacy, Spotlight Suggestions never sends exact location, instead blurring the location on the client before sending. The level of blurring is based on estimated population density at the device’s location; for instance, more blurring is used in a rural location versus less blurring in a city center where users will typically be closer together. Further, users can disable the sending of all location information to Apple in Settings, by turning off Location Services for Spotlight Suggestions. If Location Services is disabled, then Apple may use the client’s IP address to infer an approximate location.

The anonymous session ID allows Apple to analyze patterns between queries conducted in a 15-minute period. For instance, if users frequently search for “Café phone number” shortly after searching for “Café,” Apple may learn to make the phone number more available in results. Unlike most search engines, however, Apple’s search service does not use a persistent personal identifier across a user’s search history to tie queries to a user or device; instead, Apple devices use a temporary anonymous session ID for at most a 15-minute period before discarding that ID.

Apple has posted its privacy policies on its Web site, so you can see exactly how they feel about it any time you want.

The fact is, Apple doesn’t collect data about its customers like other companies do, like say, Google. Apple sells products, not advertisements or customer data. By anonymizing the data it receives, Apple is able to make the operating system work better for you, while maintaining your privacy.