How Apple learns about you without identifying you using ‘differential privacy’

Apple's differential privacy won't start until iOS 10 launches, and it will be opt-in

Craig Federighi apple
Everyone wants your data, and they’re getting it — it’s invaluable information that can grow many aspects of a business, from improving the very service offered to expanding the revenue stream. That’s the price of using free services from the likes of Google, Facebook, and a plethora of other companies, including Apple.

But Apple has become the paragon of privacy ever since it stood up to the FBI in the San Bernardino, California, shootings case. And to match its new privacy-first mindset, the iPhone maker is essentially limiting the amount of data it collects on people, while still keeping things anonymous. It’s all thanks to a method it’s implementing in iOS 10 called differential privacy.

Apple is trying to show that gathering user data on mobile devices doesn’t always have to mean sacrificing a user’s privacy.

Craig Federighi, Apple’s senior vice president of software, reminded us that Apple doesn’t build user profiles. And services like iMessage, HomeKit, and FaceTime use end-to-end encryption to protect data, which means law enforcement, criminals, or even Apple can’t access it. Apple has now clarified how differential privacy will work  According to Recode, iOS 10 will be the first time Apple begins to collect differential data. But the key point is that this data collection is opt-in — the user will have to consent.

iOS 10 uses on-device intelligence to accomplish tasks like identifying people, objects, and scenes in Photos, and power suggestions for the keyboard. The image recognition features do not rely on users’ could-stored photos but on other data sets. Apple has not clarified what data it’s using, but it’s definitely not people’s cloud-stored photos.

“When it comes to performing analysis of your data,” Federighi said at the Worldwide Developers Conference keynote. “We’re doing it on your devices, keeping your personal data under your control.”

Data won’t be sent to the cloud, unlike Google’s data analysis. With differential data, Apple is trying to show that gathering user data on mobile devices doesn’t always have to mean sacrificing a user’s privacy.

What is differential privacy and how does it work?

Differential privacy is a mathematical technique that has been studied for several years. It’s a method to gather data on a large group of people while learning as little as possible about individuals in that group.

“Starting with iOS 10, Apple is using technology called differential privacy to help discover the usage patterns of a large number of users without compromising individual privacy,” Apple writes. “In iOS 10, this technology will help improve QuickType and emoji suggestions, Spotlight deep link suggestions, and Lookup Hints in Notes.”

Basically, your data is randomized and then sent to Apple in bulk along with other user data — that way it’s sent securely. The technique gathers popular trends about what people like, want, and do, without ever needing to attach that data to a specific individual. Apple, hackers, or law enforcement won’t be able to tell who this data is coming from, or even if a specific user is part of the data set.

Google actually has been using differential privacy since 2014 in its Chrome browser, but the search giant has opted to name the technique RAPPOR, Randomized Aggregatable Privacy-Preserving Ordinal Response. The people who created RAPPOR describe it best as a technique that allows “the forest of client data to be studied, without permitting the possibility of looking at individual trees.”

“Building on the concept of randomized response, RAPPOR enables learning statistics about the behavior of users’ software while guaranteeing client privacy,” Google writes in a blog post. “The guarantees of differential privacy, which are widely accepted as being the strongest form of privacy, have almost never been used in practice despite intense research in academia. RAPPOR introduces a practical method to achieve those guarantees.”

What parts of iOS 10 use differential privacy?

Apple is bringing this client privacy to the iOS 10 keyboard, Spotlight searches, and Notes. It’s likely that Apple is testing the technique on these services and apps first. If successful, the Cupertino company could extend this data-gathering technique to other services like Maps.

“We believe you should have great features and great privacy,” Federighi said at the keynote. “Differential privacy is a research topic in the areas of statistics and data analytics that uses hashing, subsampling and noise injection to enable … crowdsourced learning while keeping the data of individual users completely private. Apple has been doing some super-important work in this area to enable differential privacy to be deployed at scale.”

“To obscure an individual’s identity, differential privacy adds mathematical noise to a small sample of the individual’s usage pattern.”

This is simplifying it, but hashing turns data into random characters; subsampling means Apple is only taking a small part of the data; and noise injection throws in other data to hide your personal information.

“To obscure an individual’s identity, differential privacy adds mathematical noise to a small sample of the individual’s usage pattern,” the company says in its iOS 10 preview guide. “As more people share the same pattern, general patterns begin to emerge, which can inform and enhance the user experience.”

Throwing more noise into a field of data obscures where the data is coming from, but trends will emerge as more people share the same pattern.

How does it make iOS 10 better?

Differential privacy isn’t just for gathering data though — it can actually help improve services.

“There’s this idea where the more privacy you have, the less useful the data is,” says Aaron Roth, a computer science assistant professor at the University of Pennsylvania, who also wrote the book on differential privacy. “There’s some truth to that, but it’s not quite so simple. Privacy can also increase the usefulness of data by preventing this kind of overfitting.”

ios10 message

In the iOS 10 keyboard, Apple is collecting user data to improve suggestions for QuickType and emojification. Rather than relying on and updating your own personal dictionary on your device, Apple will use differential privacy to pinpoint emoji and language trends across all its users. That way, you may end up seeing what the more popular emojis are, and new slang may pop up before you even type them.

“Of course, one of the important tools in making software more intelligent is to spot patterns in how multiple users are using their devices,” Federighi said. “For instance, you might want to know what new words are trending so you can offer them up more readily in the QuickType keyboard.”

Spotlight search also benefits from differential privacy. Currently, if you search “Finding Dory,” you’ll get links to articles from the News app and web content, as well as methods to purchase tickets if you have apps like Fandango installed. That’s thanks to deep linking, a feature introduced last year in iOS 9.

But how are these search results ranked? Why does the Apple News article show up first before Fandango’s results? There are also a lot of irrelevant results that plague the search results, and differential privacy helps by giving you the most popular deep links. So if everyone ignored the article from Apple News and went to Fandango’s result — that’s what will show up first.

Notes is, as of right now, the only other service that will use differential privacy. Notes is getting a little smarter in iOS 10 — apart from being able to use it with multiple people, the app will also let you interact with text to perform other functions. For example, if you write a name and number in Notes, the app would suggest creating a new contact. These suggestions aren’t random, though. Differential privacy helps Apple know what kind of notes people are making, and it will suggest whatever’s relevant to you.

Do you want smarter devices or private devices?

Roth, the most prominent mind on differential privacy, said Apple’s work is “groundbreaking.” Apple is showing us that you can indeed have smart features while still protecting a user’s privacy — and the company said at the keynote that it’s even collecting less data.

Contrast that with Google’s upcoming messaging app, Allo. The search giant hasn’t enabled end-to-end encryption app-wide, as it wouldn’t be able to offer its special Assistant features within messaging threads. Allo has an Incognito Mode, like Chrome, that will use end-to-end encryption — but this is clearly a compromise. It’s a way to offer some privacy, while still keeping all the smart AI features. Facebook is even reportedly considering a “mode” to enable end-to-end encryption in its Messenger app.

Apple wants to offer smart features and needs your data, too, but the company doesn’t want to compromise its existing end-to-end encryption. So on-device intelligence and differential privacy is its way of addressing that. Surely, this will prompt other major tech companies to re-evaluate the amount of data they collect, and the manner in which they collect it.

In the meantime, we’ll have to wait and see just how “smart” these iOS features will be when compared to what the likes of Google and Facebook can do, and we’ll likely see more information related to how differential privacy works in the new version as the fall approaches.

Updates:

Updated on 06-24-2016 by Julian Chokkattu: Added in clarification from Apple on when differential data collection will begin, and that it is opt-in.

Business

Apple banned from distributing some iPhone models in Germany

Apple is following the FTC's lead and has sued Qualcomm for a massive $1 billion in the U.S., $145 million in China, and also in the U.K., claiming the company charged onerous royalties for its patented tech.
Home Theater

Everything to know about Sling TV: Channels, pricing, and more

Sling TV has grown a great deal since its launch. Now there are more channels and more packages to chose from, with prices to match, and more is being added all the time. Everything you need to know is right here.
Wearables

10 top features you should be using on your Apple Watch

The Apple Watch can do more than just tell you the time, but you may not be aware of all the different functions it has. Our list of the 10 most often used functions and features will help you understand what it can really do.
Wearables

Check out the four cool Swatch watches you can use for mobile payments

Swatch has announced its Swatchpay technology is now available in Switzerland, enabling mobile payments from your Swatch watch. It works in a similar way to Apple Pay and Google Pay. Here's everything about it.
Smart Home

Starbucks coffee delivery lands in 6 more cities via Uber Eats

Starbucks is in the process of expanding its coffee delivery service far beyond Miami. Available via the Uber Eats app, the service has just launched in San Francisco, with five additional cities joining in the coming weeks.
Mobile

How to make a contact group on an iPhone

There's no obvious way to crate contact groups on your iPhone, but you can do it through iCloud or you can install a third-party app to help. We explain both methods as we explore how to make a contact group on an iPhone.
Mobile

Xiaomi shows how its folding smartphone will look, and you’re going to love it

Xiaomi is the latest manufacturer to show off a folding smartphone prototype. The unnamed phone has a different design than others we've seen, adopting a double fold where the sides of the screen fold over the back of the device.
Mobile

These patent images may show the new Moto Razr folding phone

The Motorola Razr V3 is one of the world's most iconic phones, and it could be making a stylistic return in the form of a foldable Motorola smartphone -- but it may cost around $1,500. Is the nostalgia worth it?
Mobile

HMD Global confirms which Nokia phones will definitely receive Android Pie

Android 9.0 Pie has been released. But is your phone getting Android 9.0 Pie, and if so, when? We've done the hard work and asked every device manufacturer to see when their devices would be getting the update.
Mobile

AT&T and Rush System are using 5G to create the 'hospital of the future'

Ready to experience a radical transformation in mobile communication? AT&T is launching mobile 5G in cities across the country over the next few months. Here's everything you need to know about the AT&T 5G rollout.
Mobile

Here's how (and why) to use safe mode with an Android phone

When you have an issue with your phone, safe mode can help you determine whether a third-party app is to blame. If you’re wondering how to access it, or how to turn the feature off in Android, then you have come to the right place.
Music

Here's our head-to-head comparison of Pandora and Spotify

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.
Mobile

The Meizu Zero punctures tradition by eliminating nearly all its holes

The Meizu Zero has cut as many holes as possible to create an almost completely seamless device. There's no speaker, no headphone jack, not even a charging port. Here's everything you need to know.
Mobile

LG teases air-gesture technology in LG G8's MWC 2019 event invite

LG is expected to release a successor to the LG G7 ThinQ, possibly called the LG G8 ThinQ, this year and rumors about it are already spreading. Here's everything we know about it so far.