Your iPhone (like most smartphones) knows when it is picked up, what you do with it, who you call, where you go, who you know – and a bunch more personal information, too.

The snag with your device knowing all this information is that once the data is understood, that information can be shared or even used against you.

Information is power

Jane Horvath, Apple's senior director for global privacy, appeared at CES 2020 this week to discuss the company’s approach to smartphone security. She stressed the company’s opposition to the creation of software backdoors into devices, and also said:

“Our phones are relatively small and they get lost and stolen. If we're going to be able to rely on our health data and finance data on our devices, we need to make sure that if you misplace that device, you're not losing your sensitive data.”

Privacy should not be a leaking bucket

Her approach is correct, of course. After all, once you create a security backdoor for one government, you’ll be forced to share it with every government. Once that happens, it’s only a matter of time before that information leaks into the hands of bad actors, with the result that no one’s data is safe.

Enterprise data will also become less safe, which threatens the security of connected infrastructure across the board.

Think of a security backdoor as being a hole in a bucket that only gets larger over time. Eventually the bucket stops working, water gets everywhere and all your secrets slip.

How Apple sees things

Apple’s approach to security:

It tries to minimize the amount of personal information it gathers about its users, and tries to disconnect that data from a person’s identity. It aims to create services that require minimal personal data while using on-device AI to personalize user experiences – that way the data is never seen or used by the company. Differential privacy, CoreML, and assigning Siri and Maps requests to a random number rather than using a person’s Apple ID form part of this effort. It offers iCloud as a secured space in which customers can store their documents, images and other information. It attempts to empower users with tools with which to control their privacy.

What’s important to understand with this model is that while much of the information your device gathers is protected (unless you grant permission to specific apps to access it), data held in iCloud is not subject to the same protection and can be made available subject to warrant.

At the same time, Apple’s privacy protections can be confusing; the company's recent decision to make it possible for people to opt out of sharing Siri recordings for "grading" was welcome, but the tools are still rather opaque.

iCloud thinks different

This is why Apple has teams whose job it is to help law enforcement with criminal/security queries. The information on your device is impossible to access, while data held in iCloud is accessible once a warrant is presented and accepted.

Not only can a great deal of information concerning location also be gathered by a request from cellular providers, but some of the most incriminating information is almost certainly available in the less-secured iCloud account.

Horvath referred to this during her CES appearance when she confirmed the company uses a set of tools to scan iCloud Photo libraries for child pornography.

To me, it seems reasonable to assume that those aren’t the only egregious acts Apple might monitor accounts for. That Apple actively already works to protect the public rather undermines the argument that even more access to personal data is required.

Privacy is a confusing mess

On an industry-wide basis, there’s still too much confusion. Internet services have been offering convenience in exchange for personal information for so long that many people have become accustomed to sharing data.

Added to that, the lack of a consistent set of principle or access protocols regarding user privacy makes for a lack of a core set of consumer privacy standards.

Apple seems to believe government regulation is required in order to help promote a more consistent approach to privacy.

"We should consider a strong privacy law that is consistent across all 50 states that provides all consumers, regardless of where they live, the same protections," said Horvath.

We’ve some way to go, as continued attempts to force tech firms to create those security backdoors in their products prove some in government don’t grasp the challenge of privacy in a digital age. (Though some do get it.)

While we wait for the industry and government to figure out a consistent approach, here are some guides to help iOS users manage their privacy using the tools Apple provides:

Finally, I currently recommend iPhone users take a look at the incredibly useful Jumbo app. This provides a range of privacy management and monitoring tools designed to easily put you in charge of what entities such as Apple, Facebook, Google or others are doing with your information.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.