Tag: apple

Categories
Technology Thoughts

Privacy Nutrition Labels for the Top Apps of 2020

With the release of iOS and iPadOS 14.3, all app updates in the App Store are now required to include Privacy Details, or “nutrition labels”.

App Privacy Labels

At a high level, there are three categories of nutrition label:

  • Data Used to Track You
    • “May be used to track you across apps and websites owned by other companies”
  • Data Linked to You
    • “May be collected and linked to your identity”
  • Data Not Linked to You
    • “May be collected but it is not linked to your identity”

Within each category, there is additional info split into types of data collected and ways data is used.

Types of data an app can collect includes:

  • contact info
  • health & fitness
  • financial info
  • location
  • sensitive info
  • contacts
  • user content
  • browsing history
  • search history
  • identifiers
  • purchases
  • usage data
  • diagnostics
  • other data

Ways data is used include:

  • third-party advertising
  • developer’s advertising or marketing
  • analytics
  • product personalization
  • app functionality
  • other purposes
App Privacy See Details The developer, Zoom, indicated that the app's privacy practices may include handling of data as described below. For more information, see the developer's privacy policy. Data Linked to You The following data may be collected and linked to your identity: Location o Contact Info User Content Identifiers Usage Data Diagnostics Privacy practices may vary, for example, based on the features you use or your age. Learn More
Zoom Privacy Details – apps.apple.com

Putting it all together, when looking at an app in the store, like Zoom for example, you can see the app collects your location, contact info, user content, identifiers, usage data, and diagnostics and links the data to you. If this data was in the “not linked to you” category, the data would still be collected, but done so anonymously.

The top level information tells you what data the app collects, but to see how the data is used, you need to select the “See Details” link at the top right of the App Privacy section.

From the expanded view, you can see that Zoom collects data for advertising & marketing, analytics, and general app functionality. This may look like a lot, but Zoom’s data use is comparatively short. Details for Facebook’s data use scroll for days.

And the distinction between data collection and data use is important. For example, an app may collect your location and use it to tell you the weather nearby. Granting permission to location would make sense if you are downloading a weather app. But an app may also collect your location and use it to tell ad providers all the places you go. In this case, giving access to your location would be sketchy if you were downloading a calculator app.

There is also an inherent level of trust associated with Apple’s new model for privacy details, as for app developers:

“You’re responsible for keeping your responses accurate and up to date.”

This means, to apply these new privacy labels, app developers must self report their data use when submitting updates to the app store. Apple does not read through all the code or monitor network traffic to automatically create an app’s privacy details. 

Apps can change their behavior with any update, but developers are required to update on their own. App reviewers do not flag when the privacy details need an update.

So while the longevity and robustness of the new privacy nutrition labels remains to be seen, we can take a look at how the most popular apps of 2020 report their privacy nutrition details.

Top 2020 Apps

If you have updated to iOS 14.3, it’s interesting to flip through some of the apps you use to see how they report their data collection and use. Although, it’s not exactly easy to compare two apps.

Since Apple recently unveiled the top games and apps of 2020, you can look at all the privacy nutrition label details in search of trends from the apps everyone are using.

So I did. And compiled the Privacy Nutrition Label Data for the Top Apps of 2020.

This starts off with general info regarding what data is collected, then looks at how specific apps and games report data use, and finally lists insights and questions from the investigation. (All the spreadsheets and data are included at the end).

Nutrition Label Data

General statistics
  • 80 total apps
    • 20 free apps
    • 20 paid apps
    • 20 free games
    • 20 paid games
  • 51 updated to report privacy data
    • 32 apps
    • 19 games
  • Top collected data types across all three categories
    • identifiers (70)
    • usage data (70)
    • diagnostics (59)
    • purchases (46)
    • location (42)
    • user content (36)
    • contact info (35)
    • other data (21)
    • search history (16)
    • contacts (14)
    • financial info (12)
    • browsing history (11)
    • sensitive info (7)
    • health and fitness (6)
  • Top collected data types (used to track you)
    • identifiers (27)
    • usage data (23)
    • purchases (12)
    • contact info (10)
    • diagnostics (10)
    • location (10)
    • other data (8)
    • user content (4)
    • browsing history (3)
    • contacts (1)
    • financial info (1)
    • health and fitness (1)
    • search history (1)
    • sensitive info (1)
  • Top collected data types (linked to you)
    • usage data (30)
    • identifiers (28)
    • diagnostics (26)
    • user content (24)
    • purchases (23)
    • location (22)
    • contact info (22)
    • search history (13)
    • contacts (12)
    • other data (11)
    • financial info (10)
    • browsing history (7)
    • health and fitness (4)
    • sensitive info (4)
  • Top collected data types (not linked to you)
    • diagnostics (23)
    • usage data (17)
    • identifiers (15)
    • purchases (11)
    • location (10)
    • user content (8)
    • contact info (3)
    • sensitive info (2)
    • search history (2)
    • other data (2)
    • health and fitness (1)
    • financial info (1)
    • contacts (1)
    • browsing history (1)
By Apps and Games
  • Most types of data collection (17)
    • Facebook
    • Instagram
    • Spotify
    • Twitter
  • No data collection (* these are all paid apps/games)
    • HotSchedules
    • AutoSleep Track Sleep on Watch
    • Shadowrocket
    • EpocCam Webcamera for Computer
    • Arcadia – Arcade Watch Games
  • Only collects data not linked to you
    • Widgetsmith
    • Among Us!
  • Most data types used to track you
    • Twitter (7)
    • Subway Surfers (6)
    • Spotify (5)
Free vs Paid
  • Average types of data collected (overall)
    • Free (10.5)
    • Paid (3.6)
  • Median types of data collected (overall)
    • Free (10)
    • Paid (4)
  • Average types of data (used to track you)
    • Free (2.9)
    • Paid (0.3)
  • Average types of data (linked to you)
    • Free (6.3)
    • Paid (1.1)
  • Average types of data (not linked to you)
    • Free (1.3)
    • Paid (2.2)

Insights and Questions

Many of these points stem from the descriptions of Types of data and Data use sections of Apple’s privacy details page.

Free apps
On Apple’s categories:
  • “Identifiers” is a vague name, but it’s related to device and user IDs. These types of IDs are often static and used to link your information across apps and services
  • “User content” from apps not creating user content is interesting (Disney Plus and Netflix). Guessing these are related to the “Customer Support” category.
    • And how does an app have “User Content” not linked to you?
  • “Purchases” is not included by Netflix (as you can’t subscribe in the app)
On companies:
  • Google hasn’t updated info for any of their apps yet
  • Widgetsmith was a breakout iOS 14 app of the year. It only collects anonymous purchase and diagnostic data.
  • WhatsApp is Facebook’s least offensive app.
  • What is Spotify doing with browsing history?
  • Twitter is doing a lot of tracking
On trends:
  • “Data linked to you” is largest category and shows most first party data use
    • “Data used to track you” is “owned by other companies”
  • Companies should move usage data and diagnostics collection from “linked” to “not linked” categories
    • Free games do a somewhat better job collecting anonymous data (but also use the same data types to track you)
  • Top free apps do less data sharing (tracking) than expected

Overall, rules are new, so companies are still getting used to the categories. Guessing they’ve over-reported as it is easier to move to a more private usage category. Companies may interpret rules differently (Twitter vs Facebook vs TikTok, why so different?)

Free games
Paid apps
  • Top paid apps do less tracking and data collection overall
    • Also have most non-updated apps in the top 2020 list
  • “Data Not Collected” is a tag (took going through a lot of apps to find that out…)
App Privacy The developer, HotSchedules, indicated that the app's privacy practices may include handling of data as described below. For more information, see the developer's privacy policy. Data Not Collected The developer does not collect any data from this app. Privacy practices may vary, for example, based on the features you use or your age. Learn More
Paid games
  • Very few top games have updated
  • Seems Facebook SDK could require Identifiers, location, usage data, diagnostics
Overall
  • Apple, what’s up with the random ordering of data types? Seems to be consistent by count, but not across all apps
  • Health and fitness apps were not very popular this year
  • How do changes to data collection and use get reported? Is there a notification added to the nutrition label?

Wrap up

Probably can do a lot more analysis on all this data, but it’s the holidays and everyone is asking me why I’m working. So I’ll leave it at that. As more apps update with their privacy nutrition details, we can expect to learn more about about how the apps we use use our data, and how Apple’s new system changes with time.

Charts and Graphs

Here is all the raw data if you want to compare: Top 2020 Apps – Privacy Summary

☃️ 🛷 ❄️

Categories
News Feed

Rent-seeking

The Exponent podcast is back! And there’s a lot of news regarding pressure to change existing App Store pricing models.

it seems incredibly worrisome to me anytime any company predicates its growth story on rent-seeking: it’s not that the growth isn’t real, but rather that the pursuit is corrosive on whatever it was that made the company great in the first place. That is a particularly large concern for Apple: the company has always succeeded by being the best; how does the company maintain that edge when its executives are more concerned with harvesting profits from other companies’ innovations?

via Stratechery and Exponent

Plus, after shipping Fortnite outside of the Google Play Store, Epic Games is moving in on Steam with a new game store and taking a smaller cut of sales.

Developers receive 88% of revenue. There are no tiers or thresholds. Epic takes 12%. And if you’re using Unreal Engine, Epic will cover the 5% engine royalty for sales on the Epic Games store, out of Epic’s 12%.

via Unreal Engine Blog

Categories
News Feed Technology

Sunday Reading: Thoughts on The Tech Industry’s War on Kids

Person sitting at a table reading a book with a bowl of cereal and cup of tea

Reflecting on The Tech Industry’s War on Kids: How psychology is being used as a weapon against children

Richard Freed is a child psychologist who focuses on helping families work through “extreme overuse of phones, video games, and social media.”

Preteen and teen girls refuse to get off their phones, even though it’s remarkably clear that the devices are making them miserable. I also see far too many boys whose gaming obsessions lead them to forgo interest in school, extracurricular activities, and anything else productive. Some of these boys, as they reach their later teens, use their large bodies to terrorize parents who attempt to set gaming limits. A common thread running through many of these cases is parent guilt, as so many are certain they did something to put their kids on a destructive path.

Kids might be struggling with technology, but adults may also act like children if older folks had to go a day without technology. Maybe we should all take a digital detox.

Captology

BJ Fogg directs the Stanford Persuasive Technology Lab. There is tons of research and design practices used by today’s most popular apps, websites, and games, but we can still use this newfound power for good. Although, whether good or bad, the techniques are still shaping human behavior without consent.

Fogg’s website also has lately undergone a substantial makeover, as he now seems to go out of his way to suggest his work has benevolent aims, commenting, “I teach good people how behavior works so they can create products & services that benefit everyday people around the world.” Likewise, the Stanford Persuasive Technology Lab website optimistically claims, “Persuasive technologies can bring about positive changes in many domains, including health, business, safety, and education. We also believe that new advances in technology can help promote world peace in 30 years.”

Why don’t we make it easy for kids and adults to spend their time doing the things society deems productive. Part of the challenge is exposing kids to new opportunities and experiences to help them understand their real world potential, even at their age.

While persuasion techniques work well on adults, they are particularly effective at influencing the still-maturing child and teen brain. “Video games, better than anything else in our culture, deliver rewards to people, especially teenage boys,” says Fogg. “Teenage boys are wired to seek competency. To master our world and get better at stuff. Video games, in dishing out rewards, can convey to people that their competency is growing, you can get better at something second by second.” And it’s persuasive design that’s helped convince this generation of boys they are gaining “competency” by spending countless hours on game sites, when the sad reality is they are locked away in their rooms gaming, ignoring school, and not developing the real-world competencies that colleges and employers demand.

Motivation/inspiration, Ability/capability, Trigger/feedback

According to B.J. Fogg, the “Fogg Behavior Model” is a well-tested method to change behavior and, in its simplified form, involves three primary factors: motivation, ability, and triggers. Describing how his formula is effective at getting people to use a social network, the psychologist says in an academic paper that a key motivator is users’ desire for “social acceptance,” although he says an even more powerful motivator is the desire “to avoid being socially rejected.” Regarding ability, Fogg suggests that digital products should be made so that users don’t have to “think hard.” Hence, social networks are designed for ease of use. Finally, Fogg says that potential users need to be triggered to use a site. This is accomplished by a myriad of digital tricks, including the sending of incessant notifications urging users to view friends’ pictures, telling them they are missing out while not on the social network, or suggesting that they check — yet again — to see if anyone liked their post or photo.

It seems we should be able to reframe the three motivation, ability, and triggers behavioral factors into a more productive framing of inspiration, capability, and reinforcement. For example, a kid who enjoys watching YouTube creators may be inspired to make a channel of their own. YouTube, influencers, or another service, can help kids build their movie making capabilities. Feedback on work can help reinforce learning and growth. In the end, kids are still spending time where they want to, but the behavioral model focuses on a healthy balance of creation and consumption leading to development in modern day, “real world capabilities”.

Mostly terrifying

the startup Dopamine Labs boasts about its use of persuasive techniques to increase profits: “Connect your app to our Persuasive AI [Artificial Intelligence] and lift your engagement and revenue up to 30% by giving your users our perfect bursts of dopamine,” and “A burst of Dopamine doesn’t just feel good: it’s proven to re-wire user behavior and habits.”

Ramsay Brown, the founder of Dopamine Labs, says in a KQED Science article, “We have now developed a rigorous technology of the human mind, and that is both exciting and terrifying. We have the ability to twiddle some knobs in a machine learning dashboard we build, and around the world hundreds of thousands of people are going to quietly change their behavior in ways that, unbeknownst to them, feel second-nature but are really by design.”

Facebook Messenger Kids

How has the consumer tech industry responded to these calls for change? By going even lower. Facebook recently launched Messenger Kids, a social media app that will reach kids as young as five years old. Suggestive that harmful persuasive design is now honing in on very young children is the declaration of Messenger Kids Art Director, Shiu Pei Luu, “We want to help foster communication [on Facebook] and make that the most exciting thing you want to be doing.”

Facebook’s narrow-minded vision of childhood is reflective of how out of touch the social network and other consumer tech companies are with the needs of an increasingly troubled generation. The most “exciting thing” for young children should be spending time with family, playing outside, engaging in creative play, and other vital developmental experiences — not being drawn into the social media vortex on phones or tablets. Moreover, Facebook Messenger Kids is giving an early start to the wired life on social media that we know poses risks of depression and suicide-related behavior for older children.

In response to the release of Facebook’s Messenger Kids, the Campaign for a Commercial-Free Childhood (CCFC) sent Facebook a letter signed by numerous health advocates calling on the company to pull the plug on the app. Facebook has yet to respond to the letter and instead continues to aggressively market Messenger Kids for young children.

Conscious workflows vs impulsive habits

President John F. Kennedy’s prescient guidance: He said that technology “has no conscience of its own. Whether it will become a force for good or ill depends on man.”

From Cal Newport:

Workflows are arguably more important than your high-level habits when it comes to impacting how effectively you produce valuable things (my preferred definition of “productivity”), but they’re a topic that’s often ignored.

Indeed, for most people, the workflows that drive their professional life are processes that haphazardly arose without much intention or consideration.

This fall, in other words, consider spending some serious time evaluating your workflows before turning your attention to the habits that help you deal with the obligations these flows generate.

Technology gives us the tools to do more. It’s up to us to decide how we leverage our new powers.

The best analogy I’ve ever heard is Scientific American, I think it was, did a study in the early 70s on the efficiency of locomotion, and what they did was for all different species of things in the planet, birds and cats and dogs and fish and goats and stuff, they measured how much energy does it take for a goat to get from here to there. Kilocalories per kilometer or something, I don’t know what they measured. And they ranked them, they published the list, and the Condor won. The Condor took the least amount of energy to get from here to there. Man was didn’t do so well, came in with a rather unimpressive showing about a third of the way down the list.

But fortunately someone at Scientific American was insightful enough to test a man with a bicycle, and man with a bicycle won. Twice as good as the Condor, all the way off the list. And what it showed was that man is a toolmaker, has the ability to make a tool to amplify an inherent ability that he has. And that’s exactly what we’re doing here.

Additional reading

BJ Fogg commented on the article and provided a list of his works to raise awareness about the ethics of persuasive tech.

A recent Atlantic article, “Have Smartphones Destroyed a Generation?,” by Dr. Jean Twenge

Stratechery article on Tech’s Two Philosophies: Some problems are best solved by human ingenuity; others by collective action

Categories
Thoughts

Short Codes (aka Messages & Two Factor Authentication from Random Five to Six Digit Numbers)

There are some cool new security features in the latest versions of iOS and Android to help you keep your accounts secure. Android’s updated Messages app and iMessage in iOS 12 both bring simplified one-time passcodes and two factor authentication (2FA) management.

iMessage – iOS 12

iMessage Security code AutoFill
Security code AutoFill. SMS one-time passcodes will appear automatically as AutoFill suggestions, so you never have to worry about memorizing them or typing them again.

 

Android Messages

Copy one-time passwords with one tap
Copy one-time passwords with one tap
Now, when you receive a message with a one-time password or code from a secure site—such as your bank—you can save time by copying that password directly from the message with a tap.

 

With both Apple and Google updating their messaging apps to ease use of text message (SMS) based two factor authentication, I’ve been thinking about why copying a verification code is the feature we need to bring more people to use 2FA. While cutting down steps required to use 2FA will make for a more streamlined experience, there seems to be an opportunity elsewhere to improve general usability of SMS based 2FA.

Understand there has been plenty of discussion regarding the security risks of these features, but putting aside discussion of the entire 2FA ecosystem and the shortcomings of SMS based 2FA, let’s look at a quirk of how people experience 2FA on their phones.

An example

Android Messages two factor authentication shortcut

Take the Capitol One notification from this article discussing the “copy 2FA code” feature in Android Messages. The message from number 227898 says “From Capitol One” and provides a code: 939966. There are two things we need to figure out here. One, that this is in fact the message from Capitol One, and two, this message contains the 2FA one-time passcode we need to complete the log on process.

First off, while the message says it’s from Capitol One, we know from our phishing lessons that we shouldn’t use the content of a message to influence our trust decision making process. The timing of getting this message in relation to attempting to log in to a bank account would make it seem like the message is legitimately from Capitol One, but how can we be sure? What is that 227898 number? Can we look it up like a phone number to verify it is registered to Capitol One?

The second bit of confusion is recognizing the 2FA verification code is 939966 not the big bold 227898 number at the top of the message. Usually the distinction between sender and message is clear with a regular 10 digit phone number or a message from someone in your contact list, but when you are sent a six digit code from a six digit number you need to do more mental processing choose the right number. Google has partially resolved the issue by giving an explicit action to copy the 2FA code, but it feels a little strange not being able to see the actual code in the message.

An aside

Slightly off topic, but while researching YubiKeys (after listening to Scott Hanselman’s podcast with Sarah Squire), I came across Two Factor Auth which maintains a list of sites that support, well, two factor auth. Exploring the various service, I noticed very few banks support usb hardware tokens. Wells Fargo seemed the only big bank with support. Clicking though the WF link from the Two Factor Auth chart, I ended up on the Advanced Access page trying figure out how WF does U2F. It turns out they use RSA SecurID (not usb U2F) which was uninteresting, but the footnote caught my attention:

We always send our text messages from 93557. Incoming calls with an Advanced Access code will come from 1-800-956-4442. We recommend adding these numbers to your phone’s address book so you can easily identify our incoming text messages and calls.

via Wells Fargo Advanced Access

Is this really the case? Every Wells Fargo communication and two factor authentication message comes from 93557? What’s the significance of 93557? And does every company always use the same number?

If so, this is a fantastic piece of advice buried in a random support page

We recommend adding these numbers to your phone’s address book so you can easily identify our incoming text messages and calls.

Why doesn’t every company and service mention this?

An investigation

To figure that out, I first needed to learn what that 5 digit non-phone number is really called. Naturally, I went online and searched “what is the number for two factor sms?”

This article from The Verge was at the top: Facebook admits SMS notifications sent using two-factor number was caused by bug

Not what I was looking for, but at least a clue.

Facebook uses the automated number 362-65, or “FBOOK,” as its two-factor authentication number

So these numbers have some T9 significance (remember landlines and flip phones?).

I figured that if facebook’s number is known, maybe there are some resources that include more of these numbers, so I quickly searched 362-65 and got 297. 😑

After getting rid of the minus sign, there was this Facebook Support link with people confused after receiving a random text seemingly from Facebook with a link to “fb.com”, a non-“facebook.com” website (here’s another example).

They are right to be concerned.

A little more searching, and boom: short codes

Short Codes

Is this a name people knew about? It’s the first time I came across the phrase “short code” even though I have been using the things for some time now.

It turns out there is an official US Short Code registrar run by CTIA and icontectiv:

Short Code Registry

Short Codes offer marketers unique opportunities to engage their audiences via text messaging. Short Codes are five- or six-digit codes that may be personalized to spell out a company, organization or a related word. Many organizations may choose to use Short Codes to send premium messages, which may charge subscribers additional fees for informative or promotional services such as coupons or news updates.

The Short Code Registry maintains a single database of available, reserved and registered short codes. CTIA administers the Common Short Code program, and iconectiv became the official U.S. Short Code Registry service provider in January, 2016.

For more information, please see the Short Code Registry’s Best Practices and the Short Code Monitoring Handbook.

The iconectiv site routes to https://usshortcodes.com/ where you can learn all about registering, case studies, and best practices. But I still want to know how to verify the sender of that 2FA message.

This is where US Short Code Directory comes in.

The U.S. Short Code Directory and the team at Tatango has assumed responsibility for the indexing of these unique phone numbers, creating the industry’s only public address book.

via https://usshortcodedirectory.com/about/

What do you know, the first code in the directory: Facebook, 32665. But wait, that’s not what’s listed in the Verge article… That’s 32665 vs 36265. Not sure what the deal is there, but may be a typo by The Verge (3-F, 2-B, 6-O, 6-O, 5-K in T9).

Just for a sanity check, does the Wells Fargo short code match their Advanced Access list? Yep! And so does the Capitol One code.

Cool! We figured out a way to verify the sender of SMS based 2FA! Remember though, this does not only apply to 2FA, but also other SMS based communication from the company.

Short Codes in the Wild

Check out this recent Wells Fargo ad on YouTube.

Wells Fargo account alert text message from YouTube ad

At the 17 second mark the narrator mentions “alerting you to certain card activity we find suspicious“. How do they do this? By SMS of course. And what number is the alert from? 93733!? NOOOOO! That’s not 93557.  WF was so close. Missed an opportunity to tie everything back to that random support page. The ad has a caveat “Screen images simulated”, so ¯\_(ツ)_/¯. For what it’s worth the phone number to call is in fact for WF Customer Service.

Questions, Concerns & Opportunities

This feels like the tip of the short code iceberg and I still have a lot of questions. How long do short codes last? Do companies change numbers? Can short code be reused? Can I trust that the next time I receive a message from a short code number that it is from the same company as last time? Can messaging apps label the code like caller id?

I don’t have all the answers, but there are definitely more things to be done to help fight the next generation of phishing. As more companies continue to recommend 2FA and send updates over SMS, we need tools in place to ensure we can trust the messages we receive.

Wells Fargo’s advice to add their numbers to your address book is good, as long as the short code (and normal telephone) numbers do not change over time. While it may be uncommon, it is possible for companies switch numbers, and (possibly more common) previously used numbers can become available for a different company to re-register. In the former, people will see an unknown number seemingly masquerading as a service they do use, which should be a cause for suspicion (although benign). For the latter, people will assume trust in the content from number they recognize (creating a phishing opportunity). While instances of these issues may be unsubstantiated (there’s very little info on how short code numbers change hands and “Best Practices” are all about marketing), this is a reason to have service driven trust management keeping track of ownership and identity.

There is an opportunity for services like US Short Code Directory and tatango to provide access to their index of short codes, so companies like Apple and Google can continue to improve their messaging services. If the Short Code Directory had a public API to query and verify short codes, messaging apps could implement a new style of caller id (essentially a DNS for SMS, but not this) to let you know the message from 227898 that says its “From Capitol One”, is legitimately from Capitol One.

At the end of the day, it should be easier to stay safe online, even if improving short codes are just an obscure part of the solution. Now to see if I can get Wells Fargo and The Verge to fix their typos.

Popular Company Short Codes

Disclaimer, I have not received messages from all of these numbers, so I cannot verify their legitimacy nor comprehensiveness. Given the issues noted above, these numbers may change or companies may start using additional numbers for SMS communication (Google already has at least 5. They may consolidate or add another).

Facebook: 32665 and 3266

Twitter: 40404

Google: 22000, 23333 and others

Apple: 272273 and others

Microsoft: 365365, 51789 and others

Amazon: 262966, 58988 and others

Capital One: 227898 and others

Chase: 28107,  24273 and others

Wells Fargo: 93557 and others

Bank of America: 73981 and others

American Express: 25684 and others

Intuit: 75341 and others

Discover: 347268 and others

PayPal: 729725777539

Venmo: 86753

AT&T: 88170, 883773 and others

Verizon: 27589 and others

T-Mobile: 37981

FedEx: 37473 and others

USPS: 28777 and others

Walmart: 40303 and others

Twilio: 22395 and others

Uber: 82722289203

Additional Reading

Categories
Technology Thoughts

Screen Time with iOS 12

Screen Time is Apple’s take on the growing trend of operating system level features that help you discover how you are really spending your time with your digital devices. These features and metrics provide you the baseline information to understand where your time is going, and give you the power to make changes to your habits. You are in control of how you use your device, and Screen Time, like Android’s Digital Wellbeing, will not inherently force you to act in a certain way. The tools can shape your behavior, but it is not Apple or Google prescribing how you should use your time. You are still the one making the choice to eat your vegetables.

So how does it work?

There are four main features (and one minor) under the “Screen Time” setting: Device Screen Time, App Limits, Downtime, Content Restrictions, and Bedtime.

Device Screen Time

Device screen time gives a detailed look at where you spend all your time on your Apple devices. You can see your daily and weekly usage trends, your most used apps, how often you pick up your device, and how many notifications you get.

In the last week, I’ve used my iPad for 10 hours and 45 minutes, with over and hour of that time coming during my defined device downtime. You can tell I spent some time organizing my calendar last weekend.

The average length of time per device “pickup” isn’t displayed (nor is most common amount of time), but a quick calculation given the weekly time spent and total pickups shows roughly 2 minutes and 45 seconds per interaction with my iPad. I’m wondering how this compares with others, and how many meaningful interaction people have with their devices in a day. Lowering the number of times we glance at the time or check for notifications could increase the average time, but is session length is not necessarily an indicator of time well spent.

It’s fun to see all this data, but there are no recommendations of how to use your device more intentionally. Apple lets you do all the analysis and any subsequent action you decide to take is entirely your decision.

App Limits

Once you’ve decided you need to take action, App Limits let you reign in your usage of certain apps.

You can set limits for individual apps or categories of apps.

Apps will act the same way whether or not you have screen time limits enabled. While you have time remaining, you can keep using the app, but once time runs out, that’s it. No more for today. You can always go through the block, but Apple tallies up all the times you were bad.

Interestingly, because my time on Twitter and Outlook is a scarce resource, I now find myself using the entire time limit every day. Previously, I would only go on Twitter once or twice a week, but when I did, I found myself engrossed in the content for a while. I figured Twitter would be a prime candidate for trying the new app limits. I wasn’t wrong, but now, since I know I’ll only be there for at most five minutes, I find myself spending time on Twitter every day.

Downtime and Always Allowed Apps

Downtime is the more interesting feature. While screen time limits are opt in for certain apps you think you use too much, Downtime is default opt out for every app on your device. Enable Downtime and you will be locked out of all your apps from the start to end time.

You can individually toggle on apps you want to use an app during downtime. This is a two part set up, first by enabling the Downtime setting, then returning to the Screen Time menu and selecting Always Allowed apps to select the apps available during Downtime.

This feature triggered the most significant, and positive, behavioral shift for me. I start Downtime a little while before I generally go to sleep, and end it a little after I generally wake up. I only enable apps where I most intentionally create and consume content. For me, this means I can read the articles I set aside for myself earlier in the day, and can write what’s on my mind. That’s it. (Phone, Messages, and FaceTime are also enabled by default). Since I installed the iOS 12 beta on my iPad, I’ve stopped watching YouTube hours on end before going to sleep, and I’ve stopped immediately checking notifications right after waking up.

Parental Controls to Block content and set a Screen Time passcode


These are also under the Screen Time setting, but it feels like they were just moved here because they make sense in relation to the other settings . Nothing too interesting, but you can set a Screen Time passcode for your self if you really want to lock your self out of some apps.

Expanded “Do Not Disturb” settings with Bedtime mode


You should really create your own Bedtime mode using Downtime as I described above. The new Bedtime mode toggle under the Do Not Disturb Setting will dim the lock screen, silence calls, and send all notifications to notification center. It’s really only an extension on the existing Do Not Disturb mode. Nice to have, but not a major improvement compared to the other Screen Time features.

Not so final thoughts

Apple’s Screen Time features are available now in the iOS 12 public beta but you may just want to wait for the general release this fall before trying everything out (it’s telling I accidentally typed “bug” while trying to write “public” just then). Betas allow developers to fix issues in software before the official release, and running beta software can cause some headache when your main device does not work as expected.

Categories
Articles Thoughts

The Apple Experience

iPhone X innards with batteries showing

At this point, people don’t need to upgrade their phones every two years. Phones are fast enough and the bump from the last generation A10 fusion chip to the latest A11 bionic really isn’t that important. Apple has even started added some fancy name to the end to uphold the experience of getting a new, more powerful phone. As a result, the deliberate slowdown was seen as user hostile to deceptively increase user delight when upgrading to a new phone and artificially enhancing the “this is so much smoother than my old phone” feeling. If the last iPhone started at 100% performance and degraded to 75%, the jump to 125% feels more significant.

From A Message to Our Customers about iPhone Batteries and Performance

It should go without saying that we think sudden, unexpected shutdowns are unacceptable. We don’t want any of our users to lose a call, miss taking a picture or have any other part of their iPhone experience interrupted if we can avoid it.

Apple mentions there are three contributions to battery life and performance:

  • a normal, temporary performance impact when upgrading the operating system as iPhone installs new software and updates apps
  • minor bugs in the initial release which have since been fixed
  • continued chemical aging of the batteries in older iPhone 6 and iPhone 6s devices, many of which are still running on their original batteries.

As always, our team is working on ways to make the user experience even better, including improving how we manage performance and avoid unexpected shutdowns as batteries age.

As they should. Apple has always been the experience company. The Apple walled garden is carefully designed in the ethos that people don’t know what they want until you show it to them. Maybe we need a little more clarity into how Apple creates people’s preferences.