There has been a lot of good coverage of Apple’s new iBeacon software and its privacy implications. Before you read the PR, you should read it straight from the Apple’s mouth here. Then you should consider reading these articles from Wired, Forbes, Techcrunch, Slashgear, and AP. The gist of it is that your new iOS7 iPhone* will automatically broadcast your phone’s presence and proximity to iBeacon transmitters through Bluetooth (Low Energy/4.0), which could include other phones or tablets in addition to small objects placed in physical locations such as retail stores. Here are few key points:
- While your phone broadcasts its presence in proximity to the transmitter, it’s not broadcasting any personal information or intelligence about what apps are on your phone (other than the one sync’d with the iBeacon software), what websites you’ve visited or other device usage information.
- iBeacon does broadcast a UUID and some other minor technical characteristics about your phone and location (mostly just far/near/immediate). In that sense, it acts more like a cookie-ID than just a location ID, since it could easily remember your location from prior visits and how close you came to a transmitter. This can occur irrespective of consenting to an app.
- Transmitters (apparently) can’t push content or ads to a phone that hasn’t established a relationship with the transmitter through an app consent request.
I have no doubt there will be some amazing retail and location-based experiences that will shine through iBeacon, such as the MLB’s proposed use of it to guide stadium visits. In a subsequent post, I’ll get into the massive privacy issues of micro-location tracking and integration with other online/offline data. For now, a good first step is to clarify how privacy is built into the software, and what some of the choice issues that users and app providers should be considering;
- Bluetooth: I’m a big fan of Forbes reporter Kashmir Hill, but I have to rebut this point in her latest post; “The iBeacon relies on low energy Bluetooth signals, so if you want to be invisible, at least to iBeacon, just turn Bluetooth off on your phone.” Yes, this is a very true statement, but it invokes the old adage of trying to hammer a nail with a sledgehammer. Turning off Bluetooth also disables every other BT-connected device, which for me includes my new favorite toy, the Pebble. Of course, there is a way to go into Settings to control which Bluetooth devices you’ve previously accepted to choose not to enable certain ones, but as far as I can tell- iBeacon is not one of these options. So no, Bluetooth is not really a good option for iBeacon choices.
- Location Services: Apple provides a pretty easy menu of choices to consider with Location Services, which is the very first option under the phone’s Privacy settings control. However, when you open the options, you’re presented with a few issues to consider since it not only includes iBeacon, but other Wifi/GPS services. You’ll quickly note that there is no ‘iBeacon’ choice, but rather options associated with each app. In other words, you have to make the judgment call whether each app has the capability of using iBeacon. Runkeeper?-doubt it, Yelp?-likely but I really like it when I do an area search, Apple Store?-for sure. It would be great if the choices included macro vs micro location controls so I could still get the restaurants nearby from Yelp without getting Yelp advertiser spam. Apple does offer ‘System Services’ which includes more micro-privacy controls, including location-based ads, but nothing specifically for ‘iBeacon’.
- App Choices: Ultimately, iBeacon choices will be presented by the app itself, and will require more transparency than just ‘Use Your Location?’. There really is a difference between macro and micro location, and it’s up to the app provider to begin offering those considerations. At first this will likely just be some transparency for the services offered through micro location, but eventually it should provide more granular choices for the types of information and services offered through the app. I may want to get that Yelp micro-location advertiser notification, but perhaps only when I specifically searched for related local area businesses in the prior hour.
- Ad Choices: Kashmir does nail the big issue spot-on in her article when she says “Inevitably, some monster advertising network will develop a one-stop-iBeacon-shop app that will allow it to act as the conduit for lots of different people to ping your phone.” It’s almost time for the Digital Advertising Alliance to consider building micro-location ads into their traditional display ‘Ad Choices’ privacy program since we’re now talking about ‘offline-triggered interest-based digital advertising’. The notification and opt-out choices could be similar for Yelp-style micro-location advertisers as with traditional interest-based ads.
It’s this last point on Ad Choices that is the tricky one. With the introduction of iOS6, Apple created the ‘identifier for advertisers’ (IDFA) which replaced a hard-coded universal device ID (UDID) with a new replaceable ID (IDFA). This is the ID that ad networks use to target an ad on an app or website. However, it appears IDFA is not broadcast during an iBeacon communication, which means the device ID is the permanent one, which is the same as the original concerns with the UDID. Granted, there is an app permission exchange unlike with UDID and ad networks, but if the iBeacon exchange is to include advertising, then perhaps there should be another micr0-location control choice for IDFA in addition to overall services. This could be within the app, or possibly iOS. I assume the only people who would get or use this granular a choice are those reading this post, but it’s worth a consideration.
What do you think the key iBeacon privacy issues are? Comment below or tweet us @privacology
*Apparently Apple is opening up the iBeacon to the Android OS as well.