Under the Radar

95: Privacy and Responsibility


00:00:00   Welcome to Under the Radar, a show about independent iOS app development.

00:00:04   I'm Mark Warmant.

00:00:05   And I'm David Smith.

00:00:06   Under the Radar is never longer than 30 minutes, so let's get started.

00:00:10   So this week in the news, there was a bit of a kerfuffle over the AccuWeather app embedding

00:00:15   a location tracking ad network in its app.

00:00:19   And it did some things that were, I think, pretty clearly not good.

00:00:25   Pretty clearly not respectful of users, privacy, things like trying to derive the location

00:00:30   with a third party ad firm, even if they denied location access and everything else.

00:00:34   And so we wanted to talk about, not necessarily that specifically, but about the general topic

00:00:39   of as an app developer, what kind of responsibilities or obligations you have on like a moral level

00:00:47   or like a social or even like an app wide environmental level.

00:00:54   And the various pressures that can affect those decisions or that can make these decisions

00:00:59   difficult.

00:01:00   You know, and because like the justification for this particular offense was, well, we

00:01:06   need to know your location for the app to work.

00:01:09   It's a weather app, so we need to know your location to tell you the weather where you

00:01:11   are.

00:01:12   But then once we have your location, are we obligated to only use it for that purpose?

00:01:18   You know, if we pass that along to advertising SDKs in an advertising funded app, we can

00:01:24   have more targeted ads and make more money per user.

00:01:28   And then there's other problems like if you use analytics packages, then they have access

00:01:34   to all this data.

00:01:35   And what are they doing?

00:01:36   And what are they doing with your data once they have it?

00:01:38   What data are they collecting?

00:01:39   And it's a complicated topic in the app world, I think, because these days, you know, as

00:01:46   we've talked about at length on this show, you really can't rule out any method of monetization

00:01:51   for the most part if you want to succeed financially in the app store.

00:01:54   Like you have to be open to trying a lot of different things, including many cases, ads,

00:02:01   and the sale of data in some way.

00:02:03   Lots of apps are funded that way, whether we like it or not.

00:02:07   For some apps, that might be the best way to fund them.

00:02:09   So it's a tricky topic because we can't just say like, oh, everybody should just, you know,

00:02:17   charge a real price and then not be funded by any of these ways.

00:02:19   Because we all know that doesn't work for a lot of things.

00:02:22   For I'd say probably most apps, it doesn't work.

00:02:25   But there's also, I feel like, pretty clear responsibilities that we have either, you

00:02:30   know, ethically or just to make things good and nice or sometimes even by policy from

00:02:37   Apple.

00:02:38   I feel like we have responsibilities that we need to follow on a few different fronts.

00:02:42   >> Yeah.

00:02:43   So I feel like this is a tricky, this is one of the things that I feel like I struggle

00:02:49   with most often in my development.

00:02:52   That a lot of the technical and the design and those sides of the challenges that I face

00:02:57   are like relatively straightforward, relatively easy to understand and unpack.

00:03:02   But these types of questions become much more awkward.

00:03:07   And it's especially awkward because many of them slightly hinge on the existence of

00:03:12   my ability to do all the other work.

00:03:14   That designing and building interesting apps is only something that I can really do if

00:03:20   the business and financial side of it makes sense as well.

00:03:24   And so some of these things get tricky.

00:03:26   And like there is certainly, and a lot of these things, where the awkward place comes

00:03:32   is in the sort of the gray area between, you know, actively doing things to harm your users'

00:03:39   privacy in an active, intentional sort of conscious way.

00:03:45   It certainly feels like not a good thing.

00:03:48   Don't do that.

00:03:49   I'm not going there.

00:03:51   And on the flip side, it certainly is easier, I would probably say, to do things and structure

00:03:57   things such that many of these things are just things you can't think about or worry

00:04:03   about.

00:04:04   So this is the approach in many ways that Apple takes in a lot of their products where,

00:04:10   to their detriment in some ways, they intentionally don't aggregate or keep certain information

00:04:18   on their servers.

00:04:19   You know, a lot of the trickinesses they sometimes have where all your photos are analyzed for

00:04:26   features locally rather than in the cloud, which is good for privacy but can be problematic

00:04:31   in other ways.

00:04:32   But if they, by Apple taking that conscious choice to say, "I'm not going to allow

00:04:37   myself access to this," then I don't have to worry about the appropriate way to treat

00:04:43   that.

00:04:45   But in the middle is where it gets complicated because many of my applications make use of

00:04:54   ad platforms.

00:04:55   That's how I make a substantial part of my income from my apps is by showing ads.

00:04:59   And back in the day when Apple had iAd, I used iAd, and I was glad to use it because

00:05:05   I had a certain amount of confidence that Apple was doing the right things in terms

00:05:12   of user privacy.

00:05:13   And in many ways, that worked out.

00:05:16   It was great for when it was there, but then Apple took it away.

00:05:18   It wasn't viable for Apple to do in the long run.

00:05:21   And so if I want to do advertising now, I'm more in the position of choosing from the

00:05:26   lesser of two evils rather than which one is the good and the bad.

00:05:31   And so I just have to make a guess.

00:05:34   In my case, we've talked about previous episodes, I use Google Ads for my primary monetization

00:05:40   whenever I'm doing advertising now because I figure Google is at least a big company

00:05:45   who is responsible to shareholders, is fairly well analyzed and looked at.

00:05:51   And so if they're doing things that are super sketchy, it'll come to light fairly

00:05:56   quickly, and I'll be able to take steps accordingly.

00:06:01   That's ultimately what I went down with.

00:06:03   But in all these things, some of these things are just going to be impossible to avoid.

00:06:12   Like the fact that in this situation where this platform that was in this weather app

00:06:17   was using, I think it was Wi-Fi information.

00:06:20   So knowing what the various signal strengths of named Wi-Fi hotspots allows them to triangulate

00:06:29   your position to some level of accuracy.

00:06:32   And in an amusing way, this actually goes all the way back to, I think, the first iPhone.

00:06:36   This was the only way location services worked, was this type of stuff where you can triangulate

00:06:41   location based on Wi-Fi hotspots, assuming you're near a Wi-Fi hotspot.

00:06:47   And that's great.

00:06:48   So you could say, well, maybe Apple should lock this down and not make this available,

00:06:52   or add an entitlement to apps so you have to actively ask, would you like this app to

00:06:59   have access to your Wi-Fi information?

00:07:01   And sort of that might help, but at the same time, then I just think, well, any time I

00:07:05   make a web request to an ad network, that web request is coming from an IP address.

00:07:10   And that IP address is, in the same way, somewhat geographically located.

00:07:15   I mean, I know that's not-- it's less precise and less fine-grained, probably, than Wi-Fi,

00:07:22   but it still probably can give you a location to within a zip code, maybe, or similar.

00:07:29   And that information is always going to be available.

00:07:32   And so it starts to become this kind of-- you're chasing your tail a little bit if your

00:07:37   goal is to say, I'm never going to do anything that will allow my user's location to be shared

00:07:43   with a third party.

00:07:44   Like, it's probably not going to happen.

00:07:46   But I don't know.

00:07:47   I struggle a lot with this tension of, I want to be respectful and do things that are in

00:07:53   that sense.

00:07:55   But ultimately, you're always going to have to, at some point, make a choice that says,

00:08:01   either I'm going to have to just say no to this opportunity for monetization or this

00:08:08   opportunity that I might have, or I'm just going to have to try and make the best choice

00:08:13   I can and just live with that and understand that when you do that, you're taking on the

00:08:18   responsibility for that.

00:08:19   Like, I understand that when I include Google's SDK in my app, if Google does something bad,

00:08:26   I'm on the hook for that.

00:08:27   And it's not like I can be like, oh, Google, you did something bad, but I didn't and be

00:08:32   absolved of that.

00:08:33   It's like, I'm still responsible for that.

00:08:35   But ultimately, that's kind of the trade-off that we're going to just have to make, I think.

00:08:39   Yeah, because it's so often not a question of, like, do I want to do the right thing

00:08:46   or not?

00:08:47   I mean, honestly, that should always be a question.

00:08:49   But so often, it's hard to make that decision objectively because the financial or market

00:08:55   pressures are very strong in the other direction.

00:08:58   And in the case of any kind of ad-funded or data-funded app, basically the more creepy

00:09:04   that you are or that you allow someone else to be inside your app, the more creepy you

00:09:09   are, the more money you make.

00:09:12   And that's a sad state of affairs, and that has a massive negative incentive there.

00:09:17   But that is the reality of that kind of business, that the more data you can give a smart ad

00:09:24   network, the more targeted ads they can serve to that person both in your app and also then

00:09:29   in other apps that their network is in.

00:09:31   They track people between apps.

00:09:34   And you're right.

00:09:35   Even if you just make a web request to the server, even if the API inside the app is

00:09:41   doing nothing incredibly creepy and not capturing much more data than just sending a web request,

00:09:45   yeah, if you have an IP address, you can track people between apps and between sites on the

00:09:49   web and everything else, and you can do creepy stuff.

00:09:52   And you can usually identify somebody if you try hard enough.

00:09:56   And so some degree of this is inevitable, but I feel like this is one of the ways in

00:10:05   which it's hard for me to fully know the market forces because I'm fortunate enough to be

00:10:10   in a position where I can make these decisions myself, whereas most developers are in a situation

00:10:17   where it's not their call, how creepy their app is or how creepy their company or their

00:10:22   ad network is, or they might just be in a bad situation where they tried other things

00:10:28   and other things didn't work for them.

00:10:30   And so the only way they could make a living making apps or making a particular type of

00:10:34   app is to put in creepy stuff.

00:10:37   And that's a really sad state of affairs.

00:10:39   And I recognize, again, some people might consider that inevitable or their only choice.

00:10:45   I would challenge that in a lot of cases to say, "Is that really your only choice?"

00:10:49   But the reality is for some people, they're going to say yes, and that might be the case

00:10:53   for them.

00:10:54   And so it's really hard for me to preach this to anyone else to say, "You shouldn't do

00:11:00   creepy stuff."

00:11:01   But there are certainly degrees of what you can do.

00:11:06   When I tried ads in my app for the first time last fall, about a year ago, I did Google

00:11:11   ads for the same reason, what you just said, basically, same reason, which was they were

00:11:16   the biggest ad network by far.

00:11:18   So I knew that they would sell the most inventory and that I trusted that Google probably would

00:11:25   be less creepy than some of the other players in that business and that if Google did anything

00:11:31   bad, we'd hear about it.

00:11:33   And I think that was mostly correct.

00:11:35   But at the time, though, there were all sorts of...

00:11:39   I'm sure there still is.

00:11:41   But I had to choose between all sorts of different networks and there were all these packages

00:11:44   that would roll together multiple networks, aggregate them, and basically serve each ad

00:11:51   to the highest bidder.

00:11:52   And so you'd have to integrate six or seven mobile ad SDKs in your app, run them all,

00:11:58   and then take bids from all of them at request time and do some kind of meta choice thing.

00:12:06   That seemed to be the default choice that most people took at the time, and I'm sure

00:12:10   it still is that way today.

00:12:14   And the reason why you would do that, I had the freedom, really, the authority for my

00:12:19   business to say, "I'm not willing to cross that line to get maybe 20% more money," or

00:12:26   whatever the number would be.

00:12:27   But again, a lot of people don't have that freedom to make that choice.

00:12:31   And so it is the norm to just throw in as many ad SDKs as you possibly can, have something

00:12:38   aggregate them all, and you're giving away every possible bit of data you possibly can

00:12:44   in that process to all these different parties to have them maybe serve you an ad for you

00:12:48   to maybe make 20% more on your relatively low ad revenue.

00:12:53   And that's just really, it's hard for me to reconcile what I want to be true about the

00:12:59   marketplace with what people are actually doing, whether they have to or not.

00:13:05   Again, it's hard for me to say that, but it's very hard for me to look at this and say,

00:13:10   "Oh yeah, well, I guess it has to be this way."

00:13:13   There has to be something else to it.

00:13:16   In my app, I made the decision recently, basically this past fall and winter, after doing Google

00:13:25   ads for a little while, they weren't going very well, we talked about it on the show,

00:13:28   so I ditched them and I made my own ad network, basically, where I'm just selling ads for

00:13:32   podcasts, and that works for my app for a few reasons that it probably doesn't work

00:13:35   for really any other apps.

00:13:37   So obviously this is not a generalized solution to this business problem.

00:13:41   But one of the things I decided back then was I'm no longer okay with this.

00:13:44   I did it, I kind of swallowed the bitter pill because I thought I had to, but once I found

00:13:50   a better option, I stopped doing it.

00:13:53   And I hope that more people are able to find those better options and are able to give

00:13:59   themselves the freedom to say, "You know what, I'm willing to decline 15 or 20 percent

00:14:05   of this revenue in order to cut myself from seven ad SDKs down to one that's reasonably

00:14:12   trustworthy."

00:14:14   And unfortunately, just a lot of people are either not able to make that choice or don't

00:14:19   care and are willing to just throw away their users' privacy.

00:14:22   Yeah, because I think ultimately, and it could just be a rationalization, but I think in

00:14:30   the end what I found for myself is I wrestle with these kinds of things.

00:14:35   And part of what brings me to the Apple platform and this ecosystem is, in general, a pervasive

00:14:44   culture of respecting the user in many facets.

00:14:49   This is the privacy and that side of thing is certainly a significant part of it, but

00:14:54   you respect the user in the way you design your user interface and their time and their

00:14:58   attention and those types of things as well.

00:15:00   And it's a fairly user-centric focus.

00:15:03   That attracts me to here, but I understand that some of these things are, yeah, it's

00:15:08   a necessary tradeoff, that I've tried many other forms of monetization if I want to keep

00:15:13   doing this.

00:15:14   If I want to keep providing, my users, I think, don't care about this as much as I do in general.

00:15:22   That's the impression that I get.

00:15:23   And in some ways, that's a good thing.

00:15:27   Probably it's a positive thing for our relationship for me to be more worried about this than

00:15:32   they are.

00:15:33   They shouldn't have to think about this or care about this, that I need to worry about

00:15:37   it more.

00:15:38   And if I continue to do that, then that's probably overall going to bode well.

00:15:42   But I think what I found at least is probably a useful measure for where someone is on this

00:15:48   is, I think it's more a question about your posture towards things like this than necessarily

00:15:56   some of the choices that you'll have to make in those gray areas.

00:15:59   Because in my case anyway, it's like my posture is that I want to do the bare minimum that

00:16:07   I can from exposing my users' data and privacy while still being viable financially.

00:16:17   I'm not trying to maximize the money I can make.

00:16:21   I'm trying to be viable in that.

00:16:24   In general, with moral or questions like that, where there's this line that you don't want

00:16:30   to cross, it's the question of, are you trying to see how close you can get to that line

00:16:36   without crossing it?

00:16:39   Or are you trying to keep as far away from it as you can, being aware that it's still

00:16:43   there?

00:16:44   And I think as long as your posture is still one of trying to distance yourself away, that

00:16:47   yeah, when you're integrating ad platforms, rather than integrating six and trying to

00:16:54   maximize your money that way, maybe just do one.

00:16:57   Maybe minimize your opportunities for doing things or for nefarious things happening.

00:17:02   And honestly, in some ways, limiting your exposure to it.

00:17:04   The impression I got from this AccuWeather situation is that this wasn't the only SDK or ad SDK

00:17:11   that they had in their app.

00:17:12   They just had several.

00:17:13   And in many ways, I kind of feel bad for the developer because my guess is this is a very

00:17:19   good chance.

00:17:20   This is not like they got pinned for something that they weren't necessarily aware of or

00:17:26   wasn't a conscious choice.

00:17:27   But if you just go for the maximization strategy, include dozens and dozens of SDKs, fill your

00:17:34   app with them, and then hope for the best and have your goal be to maximize things.

00:17:39   And stuff like this is inevitably going to happen because there's just so many different

00:17:43   avenues for problems.

00:17:45   And I will say, and it's certainly something that's relevant for this audience and the

00:17:49   show is it is something that is one of the wonderful benefits of being an independent

00:17:55   developer, I think, is being able to make that choice in a way that you think, like

00:18:01   you were just saying, sometimes you just wouldn't have the opportunity to make that choice.

00:18:05   That if your organization says we need to maximize doing this, then that's great.

00:18:12   And then also, yeah, just keep in mind that whenever I talk to these types of topics with

00:18:19   non-developers, I'm always struck by how in general most people just don't mind about

00:18:26   it and they don't really think about it or care about it.

00:18:28   And I mean, if you think about how many people post pictures to social networks, to Facebook,

00:18:34   to Instagram, to Twitter, to places like that, every one of those pictures, if it's taken

00:18:40   with a phone, will have precise GPS coordinates in it that almost certainly those social networks

00:18:46   can use to determine where you are and how you move around.

00:18:51   And most of those social networks are powered by advertising, so they have this data anyway.

00:18:56   But at the same time, I think most people would say, well, I'm not going to not post

00:19:00   pictures to social networks, even though every time I do that, I'm giving very precise location

00:19:05   information to all my social networks.

00:19:08   And so it's probably not as big of a deal as we make it out to be as developers, but

00:19:14   I think it's important to have a thoughtful, conscious posture towards it and then just

00:19:19   accept that this might just be some of the realities of where we are.

00:19:24   I would also say, too, it's worth, you know, I did say that a lot of times you aren't in

00:19:30   the position to make this choice, but you are usually in the position to choose the

00:19:37   kind of job that you do and the kind of company you work for.

00:19:41   And yeah, you know, certain times the market's harder than others, certain places the market's

00:19:44   harder than others, but people often go to the excuse, you know, oh, I can't leave this

00:19:49   job that ethically does questionable things because I can't get a job anywhere else or

00:19:54   it's not so easy to quit your job.

00:19:55   And that's true.

00:19:56   It isn't so easy to quit your job and go somewhere else.

00:19:58   But that is within your control.

00:20:01   And a lot of people assume that there's nothing else out there for them when they actually

00:20:06   don't know that, you know, they haven't actually tested that or looked or tried to get other

00:20:11   jobs.

00:20:12   So doing bad things or things that you consider ethically problematic at your job, you can't

00:20:19   just say, well, that was my job to do it.

00:20:20   You know, like I was just doing my job.

00:20:22   Like that does not excuse you from that.

00:20:25   And you know, there are other options out there.

00:20:27   There is work out there to be had that does not require you to compromise your ethics

00:20:32   or do creepy things.

00:20:33   And I highly encourage you, if you're in a bad situation, to look at those options.

00:20:38   Seriously consider them.

00:20:39   Just brush off the idea that, oh, well, those jobs aren't around me or I can't get those

00:20:45   jobs or there aren't enough of those jobs.

00:20:46   No, those jobs exist everywhere.

00:20:48   Anyway, we are sponsored this week by Linode.

00:20:51   Linode helps you get your servers up in seconds with fast, powerful web hosting.

00:20:56   And Linode plans now start at just five dollars a month for a full Linux server with one gig

00:21:00   of RAM in the Linode cloud.

00:21:03   Linode has over 400,000 customers, including David and me, who are all serviced by their

00:21:07   friendly 24/7 support team if you need it.

00:21:10   You can email, call, or even chat over IRC.

00:21:12   If you need help with anything about your servers, Linode is there for you.

00:21:16   The control panel is beautifully designed with a focus on ease and simplicity.

00:21:20   It allows you to deploy, boot, resize, and clone your VPSs in just a few clicks.

00:21:25   And they have comprehensive guides and support documentation to teach you everything you

00:21:29   need to know for setting up and managing virtual servers.

00:21:32   So whether you're just getting started with one server or you have a complex system that

00:21:36   you're deploying, I mean, I have, I think, 20 servers at Linode.

00:21:40   And I was there for years with just one.

00:21:43   And I've seen everything in between.

00:21:44   And it scales up, up and down.

00:21:46   It's wonderful.

00:21:47   I love Linode.

00:21:48   I put all my stuff there, and I highly recommend it.

00:21:51   So check it out.

00:21:52   They have fantastic pricing available.

00:21:53   Again, a server with one gig of RAM is just five bucks a month.

00:21:57   You can scale it up to 16 gigs of RAM for just 60 bucks a month.

00:22:00   They are offering twice as much RAM that you will get elsewhere for the same price.

00:22:05   As a listener of this show, if you sign up at linode.com/radar, you will support us and

00:22:09   you will get $20 towards any Linode plan.

00:22:12   And with a seven-day money-back guarantee, there's nothing to lose.

00:22:15   So go to linode.com/radar.

00:22:17   To learn more, sign up and take advantage of that $20 credit or use promo code radar2017

00:22:23   at checkout.

00:22:24   Thank you so much to Linode for supporting this show.

00:22:28   So I wanted to kind of bring around a little bit too, in addition to like ad networks and

00:22:32   stuff, the larger topic of just what we shove into our apps on someone else's behalf, I

00:22:41   really think this deserves a lot of scrutiny.

00:22:44   And I'm not saying no one should ever embed third-party code.

00:22:49   I decided for myself I will no longer embed third-party closed source code.

00:22:53   And I actually use very little third-party code at all anyway, but that's just a coding

00:22:56   preference.

00:22:57   But like there are features in my app that I could add, like I could add Chromecast audio

00:23:01   support.

00:23:03   But embedding Chromecast requires a closed source Google SDK to be added to my app, and

00:23:08   I'm no longer okay with that, so I don't offer that feature.

00:23:12   And I have to just be okay with not having that feature, even if it hurts me competitively

00:23:15   in some ways.

00:23:16   But there are also certain things, like I decided I didn't want third-party analytics

00:23:20   anymore because analytics companies, even the big fancy ones like Fabric and Google

00:23:28   and stuff like that, actually that is now Google, isn't it?

00:23:33   That's a lot of data you're sending them.

00:23:35   And a closed source package collecting all that data from all these people for the purpose

00:23:40   of an advertising company to benefit from it, and you get these things for free, allegedly.

00:23:45   That's creepy.

00:23:46   And that is not doing anybody any favors, really, except you're saving some money

00:23:50   on analytics.

00:23:53   When you're faced with the decision of adding these, again, I just encourage you to give

00:23:57   them a lot of scrutiny, to think, "Do I really need this thing?

00:24:01   Do I really need to embed this?

00:24:03   Or am I giving away the farm to get some minor benefit to me?"

00:24:09   There's a trade-off there.

00:24:11   There's a balance there.

00:24:12   And I think if you're going to be putting yourself in the position of giving away lots

00:24:17   of your users' data to some other company that the users are not expecting or that they

00:24:21   might not even know about as they're using your app, I feel like you have a responsibility

00:24:25   to not only try to avoid that at all costs, but also if you do have to do it, to really

00:24:30   make sure that there's a really good reason for why you have to do that.

00:24:34   Things like your app has to do that to survive financially.

00:24:39   That's a good reason if you can make the other things work out or if it's not being

00:24:43   too creepy.

00:24:44   But if it's like, "It'll be a little more convenient for me to embed this one SDK

00:24:48   or to use this one service or to get these types of analytics if I give away all of my

00:24:53   users' data to this other company to do God knows what with," that's not a good

00:24:57   trade-off.

00:24:58   And that's the kind of thing that I think a responsible developer needs to avoid.

00:25:01   >> Justin: Yeah.

00:25:02   And I think even just there's practical reasons, too.

00:25:06   If I look in a lot of my crash logs, at this point, the only crashes that exist in my apps

00:25:15   are from the ad frameworks that I have to include in my apps to show ads.

00:25:22   And those are just crashes that I'm just going to have to accept the fact that I can

00:25:28   never fix, that those are just going to be there.

00:25:30   And so minimizing those opportunities is probably good.

00:25:33   And similarly, there's the size side of this, that every framework you add to your

00:25:38   app makes your app bigger.

00:25:40   And this can get kind of silly if the majority of the size of the download of your application

00:25:47   is from third-party frameworks.

00:25:50   That's probably not good.

00:25:51   I mean, both from the—that's wasteful of bandwidth and so on.

00:25:56   But it's also probably hurting your app in other ways as well.

00:26:01   Even if your app is still below the cellular download level and so on, the number of times

00:26:07   someone will download an app from the app store and never open it is not substantial.

00:26:12   And it wouldn't surprise me if the time between hitting download and being able to

00:26:17   hit open as that increases, I would be not at all surprised if the number of—the abandonment

00:26:24   rate, I guess you would call it, increases as well.

00:26:27   And so keeping your app size small has benefits for you in other ways.

00:26:30   But yeah, it's like you want to be very mindful of any of these things when you're

00:26:35   pulling them in because you are making so many of these tradeoffs for stability, for

00:26:39   size, for privacy, and you just have to live with whatever is going in there as a result.

00:26:45   Yeah, like ultimately it's your responsibility as a developer.

00:26:50   Like this all falls on you.

00:26:53   Even if you put something in your app that doesn't even keep you that you don't know

00:26:56   about, that's still on you.

00:26:58   It's your responsibility to know what you're putting in your app.

00:27:01   And you know, like the incident we're talking about with AccuWeather, like they kind of said

00:27:05   at the beginning that like, "Oh, they didn't know this was happening."

00:27:07   It was something like that.

00:27:08   But like that's still their fault.

00:27:10   That's still their responsibility.

00:27:11   And it's absolutely their problem.

00:27:14   Like anything you embed in your app, any data you give away, you are the one responsible

00:27:19   for that.

00:27:20   You are the one doing that.

00:27:21   You can't shirk that responsibility.

00:27:24   You can't say, "Oh, well, how did you embed this thing?"

00:27:26   No, that's -- your users don't care.

00:27:28   Apple won't care.

00:27:29   Lawyers won't care.

00:27:30   No one will care the reason you embedded that.

00:27:33   All they'll care about is that your app did that.

00:27:36   And so you have to use the utmost care for just social responsibility as well as your

00:27:42   own liability to really minimize the ways in which you are letting other people run

00:27:49   code in your app that you might not be able to see or that you might not know about or

00:27:53   where there is a clear incentive for them to be creepy and abusive.

00:27:58   >> Yeah.

00:27:59   And it's one of the things that I will say that I love -- I'm always very glad when I

00:28:05   see Apple adding new system-level protections for most of these things because it eliminates

00:28:12   something that I need to worry about.

00:28:15   That like -- I mean, it's still kind of remarkable to me that back in the original days of the

00:28:19   iPhone OS SDK, apps could scan your address book without the user being aware of it.

00:28:28   And like it's kind of -- when they finally fix this, but the reality is previous to that,

00:28:34   any time you included a third-party SDK into your app, it was entirely possible they were

00:28:40   taking that user's entire contact book and uploading it.

00:28:44   You would have no way to know that that was happening.

00:28:47   And so like I always love it when Apple goes -- like they solve some of the problems in

00:28:51   ways that I can't by when they introduce their protections.

00:28:54   And like I would not be surprised if Apple introduces some kind of, you know, privacy

00:28:59   protection around Wi-Fi state and Wi-Fi information as a result of this sort of news article cycle.

00:29:06   And if they do, that's awesome.

00:29:07   Like any time that they do those types of things, I love it because it makes my life

00:29:11   easier and it's one less thing that I need to worry about as a result.

00:29:16   >> Exactly.

00:29:17   All right, thanks for listening everybody.

00:29:19   I'm going to talk to you next week.

00:29:21   >> Bye.

00:29:22   [BLANK_AUDIO]