Apple Defeats Privacy Law Claims in California Data Tracking Suit

[MacRumors]

Apple has beaten a class action's claims alleging that it records users' mobile activity without their consent despite the company's privacy assurances, reports Bloomberg Law.

Filed in November 2022, the lawsuit accused Apple of "utterly false" assurances that users are in control of what information they share when they use stock ‌iPhone‌ apps like the App Store and Apple Music.

Specifically, it claimed that Apple's mobile device options to disable the sharing of device analytics and opting out of settings such as "Allow Apps to Request to Track" do nothing to stop Apple from continuing to collect data relating to users' browsing and activity for monetization purposes.

From the Bloomberg report:

Judge Edward J. Davila on Tuesday granted Apple's motion to dismiss parts of the class action that alleged violations of California's Invasion of Privacy Act, the California Constitution, the state's unfair competition law, breach of implied contract, and the Pennsylvania Wiretapping and Electronic Surveillance Control Act.

Davila, who sits on the US District Court for the Northern District of California, said he would give the plaintiffs one final opportunity to amend and refile their complaint "out of an abundance of caution."

"It is doubtful whether Plaintiffs can sufficiently plead their dismissed claims given the deficiencies addressed in this Order," he said.

This week's ruling only dismissed the California-specific privacy claims. Several other claims in the lawsuit already survived an earlier ruling in September 2024 and remain active.

Those claims – based on the "Share Device Analytics" setting – include breach of contract, unjust enrichment, and violations of consumer protection laws in Illinois, New Jersey, and New York. Judge Davila found that the plaintiffs had sufficiently argued they withdrew consent to data collection by turning off that setting.

Article Link: Apple Defeats Privacy Law Claims in California Data Tracking Suit

 

[DEMinSoCAL]

So, does Apple "collect data relating to users' browsing and activity for monetization purposes" or not?

 

[harmonthe3rd]

So, does Apple "collect data relating to users' browsing and activity for monetization purposes" or not?

I would wager not seeing though they built everything around privacy. We will see though.

 

[zarmanto]

I would wager not seeing though they built everything around privacy. We will see though.

I believe the plaintiff's entire case rests upon the flimsy premise that we can't see what Apple collects. Outside of scouring through all of Apple's source code, it seems like it would be quite impossible for plaintiff to prove their case -- and that level of in-depth discovery seems unlikely to be approved by this or any other court.

 

[phuklok1]

why can't we block wifi access for apps like we can cellular data? very strange decision. also while i appreciate the app privacy report feature, I can't really do anything with the information other than delete the app. if i see it going to an unknown address, why don't i have the option of blocking that address? since the phone is now the central computing device for most, i think it's time for IOS to have customizable firewall settings.

 

[turbineseaplane]

Can someone with an understanding of this explain it to me like I'm 5?

 

[zarmanto]

Can someone with an understanding of this explain it to me like I'm 5?

Obligatory IANAL, but I'll give it a shot.

Some idiots sued Apple, because they think Apple is collecting their data without permission, even though Apple says otherwise -- but they know full well that there is no way to prove it, so they were hoping the court would just somehow force Apple to fess up. Since Apple instead demonstrated that the idiots' claims are full of holes, the court told the idiots that most of their claims are stupid, and that their court filing -- with the few remaining potentially not stupid claims -- need to be rewritten to exclude the stupid claims. Trouble is, without the stupid claims, the idiots barely have a case... so this charade isn't likely to go much further.

 

[justanotherdave]

I believe the plaintiff's entire case rests upon the flimsy premise that we can't see what Apple collects. Outside of scouring through all of Apple's source code, it seems like it would be quite impossible for plaintiff to prove their case -- and that level of in-depth discovery seems unlikely to be approved by this or any other court.

Yup. It seems to be a case of “prove me wrong, bro”. The Burden of Proof logical fallacy.

edited: redundant

 

[DeLaSoul]

The real problem that Apple can't fix is that Apple is a US company, which operates under US law including the CLOUD Act, that is far reaching in such way that Apple must comply to requests to user data. Even when the data is in Asian or European servers, on non US soil. This data can be extremely personal, such as health metrics and analysis, family pictures of children, private communications, metadata on locations. You are carrying the ultimate tracking device in your pocket, around your wrist, even in your ears. The pile of data being gathered each day is staggering. Which on one hand is great, for big data analysis which can help researches come up with better medicines, but on the other hand is an extremely dangerous privacy concern. Privacy = safety, so data minimization and data anonymization are key. Apple is maybe the least worst of the worst (Meta and Alphabet business is about selling your data) by doing on-device processing and storage. But given current geopolitical turmoil and how digital services are being abused to coerce countries and organizations (by shutting them down, or stealing data) I would be absolutely cautious.

 

[roklanhavok]

I think one way or another Apple is probably the company that protects our privacy the most, while still not being perfect.

 

[abowlby]

So, does Apple "collect data relating to users' browsing and activity for monetization purposes" or not?

I'm sure a third party audit will confirm this. Oh wait.

 

[canadianreader]

Can someone with an understanding of this explain it to me like I'm 5?

This is about Apple itself collecting users' data.
I don't know if you remember the OCSP issue back in 2020 when Big Sur was released

Apple Addresses Privacy Concerns Surrounding App Authentication in macOS

Following the release of macOS Big Sur on Thursday, Mac users began to experience issues with opening apps while connected to the internet. Apple's system status page attributed the situation to issues with its Developer ID notary service, with developer Jeff Johnson specifying that there were...

www.macrumors.com

Apple's own system apps also attempted to bypass VPNs and firewalls in Big Sur

MacOS Big Sur reveals Apple secretly hates your VPN and firewall

Apple apps in the latest release of macOS can bypass firewalls and VPNs

www.techradar.com

Since then Apple implemented OCSP2 even more phoning home. The problem is macOS is closed source system we don't know what kinda data Apple is collecting through these protocols. I'd say use LS and block all these processes.

More about OCSP

Does Apple Track Every Mac App You Run? OCSP Explained

Does your Mac really send a log of each app you open to Apple? It's complicated. We'll explain it all.

www.howtogeek.com

 

[justanotherdave]

Since then Apple implemented OCSP2 even more phoning home. The problem is macOS is closed source system we don't know what kinda data Apple is collecting through these protocols. I'd say use LS and block all these processes.

More about OCSP

Does Apple Track Every Mac App You Run? OCSP Explained

Does your Mac really send a log of each app you open to Apple? It's complicated. We'll explain it all.

www.howtogeek.com

Uh, Windows is closed source and so is Android. Not sure what your point is.

 

[justanotherdave]

Specifically, it claimed that Apple's mobile device options to disable the sharing of device analytics and opting out of settings such as "Allow Apps to Request to Track" do nothing to stop Apple from continuing to collect data relating to users' browsing and activity for monetization purposes.

This is going to be impossible to prove. While Apple does collect data about you (it's impossible to provide any service without some form of data collection), Apple doesn't cross track. This is easy to test yourself. I can read reviews of Apps in Safari and then go to The App Store and I won't see ads for those Apps suddenly appear. Unlike, for example, using Chrome or Edge to browse for a product and then seeing ads for that product in Facebook.

And since their case seems to hinge on the idea Apple is monetizing user data I believe Apple will prevail.

 

[AusMness]

TL;DR:
Apple: “we do privacy”
Lawsuit: “Nuh uh”
Apple: “Yuh huh”

 

[canadianreader]

Uh, Windows is closed source and so is Android. Not sure what your point is.

Android is open source and I don't use Windows. The point is we don't know what kind of data is sent to Apple and how or for how long is it stored. I generally distrust big corporations and my distrust of Apple started when they tried to bypass firewalls and network filters in Big Sur.

https://twitter.com/x/status/1327726496203476992

 

[justanotherdave]

Android is open source and I don't use Windows. The point is we don't know what kind of data is sent to Apple and how or for how long is it stored. I generally distrust big corporations and my distrust of Apple started when they tried to bypass firewalls and network filters in Big Sur.

https://twitter.com/x/status/1327726496203476992

The basic core of Android is open source. Everything that runs on top of it that makes Android “Android” is 100% closed source and controlled by Google. Further, OEMs can modify Android code for their specific devices.

Therefore it’s impossible to audit Android to see what it’s doing because large portions are controlled by Google. For all intents & purposes of this discussion (determine what data is being sent) Android is absolutely closed source since we can’t access Google proprietary code to see what it’s doing. Same as Apple or Microsoft.

The only thing we can do is look at the business model of the company and their past behaviors. In that regard Google is orders of magnitude worse than Apple (who isn’t perfect, but is easily the best).


Saying “we don’t know” is a terrible way of looking at life. “I don’t know if my wife is having an affair, and since I can’t prove it then she probably is”.

 

[zarmanto]

... my distrust of Apple started when they tried to bypass firewalls and network filters in Big Sur.

https://twitter.com/x/status/1327726496203476992

With all due respect, you're quoting this thread out of context and leaving out the portion of the conversation that doesn't support your assertions. Further along in the thread you linked, you can easily find a reference to the resolution:

https://twitter.com/x/status/1461344730579492868

And immediately below that, Wardle acknowledges that the issue has indeed been resolved to his satisfaction.

 

[Genelec8341]

Obligatory IANAL, but I'll give it a shot.

Some idiots sued Apple, because they think Apple is collecting their data without permission, even though Apple says otherwise -- but they know full well that there is no way to prove it, so they were hoping the court would just somehow force Apple to fess up. Since Apple instead demonstrated that the idiots' claims are full of holes, the court told the idiots that most of their claims are stupid, and that their court filing -- with the few remaining potentially not stupid claims -- need to be rewritten to exclude the stupid claims. Trouble is, without the stupid claims, the idiots barely have a case... so this charade isn't likely to go much further.

That's my interpretation as well. Frivolous lawsuit.

 

[platinumaqua]

All I can observe is I have turned off Analytics and Personalized Recommendations, but my pihole logs still show that Apple's own apps are chatty to Apple servers.

Maps/Music/News/Books/Weather also have tracking identifiers that can't be disabled (though some apps allow them to be reset).

 

[canadianreader]

Saying “we don’t know” is a terrible way of looking at life. “I don’t know if my wife is having an affair, and since I can’t prove it then she probably is”.

We don’t know what they’re collecting for how long it’s stored and for what purpose other what’s been said in their press releases. It’s a multi-layered corporation not an individual. We’re allowed to doubt big corpos now more than ever.

 

[canadianreader]

With all due respect, you're quoting this thread out of context and leaving out the portion of the conversation that doesn't support your assertions. Further along in the thread you linked, you can easily find a reference to the resolution:

https://twitter.com/x/status/1461344730579492868

And immediately below that, Wardle acknowledges that the issue has indeed been resolved to his satisfaction.

Later Apple in a update to Big Sur they reversed course and removed the firewall and content filtering bypass. But the damage was already done.

 

[Graphate]

Can someone with an understanding of this explain it to me like I'm 5?

Fortunately or unfortunately the order is already a pretty good summary. In essence the Plaintiffs didn’t plead in a manner that could plausibly result in liability for Apple. Some of that is because they failed to plead a cause in the alternative, others because the Plaintiffs don’t have standing, and some because they didn’t amend their complaint to include allegation missing the first time around.

This is of course an overgeneralized summary and only a generalization of the opinion of a single judge. There is lot more to be revealed by the pleadings.

See 5:22-cv-7069-EJD, ECF 161.

 

[jayducharme]

At first glance I thought that photo read, "Pricey. That's Apple."

 

[macfacts]

So, does Apple "collect data relating to users' browsing and activity for monetization purposes" or not?

apple "technically" doesn't sell your data to Spotify but apple has its own music streaming service and shares that data amount its own services. that s the issue with vertically integrated companies.