AppleInsider may earn an affiliate commission on purchases made through links on our site.
In the wake of a report about the collection of App Store data by Apple, a lawsuit has emerged alleging that the company intentionally violates user privacy and monetizes user data without permission.
Plaintiff Elliot Lippmann has filed what he hopes will become a class action lawsuit against Apple. The lawsuit alleges that because Apple has some knowledge of what a user is browsing on the App Store, it violates the user’s right to privacy.
The lawsuit alleges that research published in November exposed Apple as “recording, tracking, collecting and monetizing analytics data – including browsing history and activity information – regardless of the safeguards or ‘privacy settings’ consumers have to protect their privacy.” “
Specifically, the lawsuit cites the “Allow apps to request tracking” and “Share analytics” settings as the main issues they have with Apple.
“Apple’s practices violate consumers’ privacy; willfully deceive consumers; give Apple and its employees the ability to learn intimate details about individuals’ lives, interests, and apps use; and make Apple a potential target for “mass shopping” by any government, private or criminal actor who wants to undermine individuals’ privacy or their security or their freedom. Through its extensive and illegal tracking and data-collection activity, Apple knows even the most intimate and embarrassing aspects of a user’s use of an app—regardless of whether the user accepts Apple’s fictitious offer to keep such activities private.”
The lawyers we spoke to Friday evening believe the blogger has a tough hill to climb to win the case. It is not clear whether the complainant or the attorneys who brought the lawsuit understand the difference between server-side data collection, and how the basic settings in the lawsuit work.
This data cited in the lawsuit is also likely to be collected from the server side. For example, the Netflix viewing history of a video streaming program is stored on the server side and associated with an account, and collected on the server, where the Do Not Track setting is applied.
In the case of server-side data, the “Allow apps to request tracking” and “Share analytics” settings are irrelevant. It’s also possible that the Sharing Analytics part isn’t relevant on its own, because the app’s browsing history is user behavior, and isn’t related to device analytics that are used to determine the state of a device and its Internet service when a problem occurs.
And there is precedent that “app developers” and the App Store hosting company, in this case, Apple, are not the same thing, even though the App Store is an app.
The research by Mysk that inspired the lawsuit says that under iOS 14.6 “detailed usage data is sent to Apple” from the App Store, Apple Music, Apple TV and Books. The researchers claim that Stocks sent less specific information than other apps.
The transmitted data is said to be associated with an identifier that can identify the user. The behavior reportedly persisted in iOS 16, but the researchers were unable to examine the data that was sent because it was all sent encrypted.
The researchers told Gizmodo That such data was not sent from Health and Wallet with any combination of privacy settings. All data is sent to servers different from the iCloud pool.
The lawsuit says there is a monetary value to consumers’ personal information. The study cited in the lawsuit is based on data sales, some of which was collected via hacking and data theft. Apple says it does not sell user data, and there is no evidence of this.
Apple is also vocal about how it uses data in its ad platforms. The company has stated in the records that its advertising system does not associate user or device data with that data collected from third parties for targeted advertising. They also say that they do not share a user’s device or device identification with data collection companies.
The lawsuit alleges that Apple “invaded a privacy area protected by the Fourth Amendment” and “violated dozens of state criminal laws regarding wiretapping and privacy violation.” The Fourth Amendment does not appear to apply here.
It’s not clear why data collection by your company and consent to data collection is in the product’s terms of service, in which case both the App Store and the iPhone itself are a violation of wiretapping laws, especially if Apple anonymizes or aggregates any Data collected by the App Store.
He goes on to cite “extremely aggressive” behavior as it relates to “deliberate intrusion” into Internet communications and “covert monitoring of private application browsing”. For Apple or any app store to provide online data to a customer as it relates to App Store browsing and purchasing requires, at some level, that the company knows what is being browsed and what has been purchased by any given user.
A lot of this is down to what users of tech companies or the internet trust. Apple technology, for example, prevented the file’s Internet service provider or wireless carrier from knowing what they were browsing.
Identifiable user data is required not only for the internet to work but for paid services such as the App Store, books, music for authentication and functionality, and the support that must be provided for said services. Listed clearly does not trust Apple in this regard, based on the “extremely offensive” tone about Apple’s behavior in the filing.
As always, the lawsuit seeks “restitution and all forms of equitable monetary compensation,” and injunctive relief as the court deems appropriate. A jury trial is required.
It is not clear when or whether the case will be heard.
Libman v. Apple, Inc is Case No. 5: 2022cv07069 in the US District Court for the Northern District of California. Fisher and Fisher of northeastern Pennsylvania filed the lawsuit.