> Privacy controls are not a panacea against abuse by malicious developers
Sure, I never claimed that they were a panacea - just that the majority of privacy controls implemented by iDevices are actually in iOS and not Apple's App Store review process.
Additionally, those privacy controls are more fundamental than those in the App Store. It's more important that the app not be able to toggle the microphone at will than for you to be able to control what it does with that audio after capture.
> Many of the App Store privacy rules relate to what you are allowed to do with the user data after access is granted by the user
That's not an iOS problem, and Apple fundamentally cannot regulate that, App Store or no - after your personal information goes to a third party's servers, Apple has zero visibility into what happens.
This is also not an Apple-specific issue - this happens with Android, Windows, Chrome, and random online websites. Apple cannot and should not be responsible for fixing this - we need a good set of government regulations designed to restrict how your personal data is collected or used. Otherwise, just like you said, an entity (e.g. a bank) can ask for your personal data, then store it, and it gets leaked.
> Additionally, those privacy controls are more fundamental than those in the App Store. It's more important that the app not be able to toggle the microphone at will than for you to be able to control what it does with that audio after capture.
I mean both are equally important really. I might want to grant you access to my microphone to run a voice command but that doesn't mean I want you to collect my voice recordings and sell them to someone else. I might want to grant you access to my contacts so I can message my friends but that doesn't mean I want you to scrape my contact list to data mine my social network.
> That's not an iOS problem, and Apple fundamentally cannot regulate that, App Store or no - after your personal information goes to a third party's servers, Apple has zero visibility into what happens.
Yes they can. Maybe not perfectly but the App Store Review Guidelines define specific restrictions on what you can do with personal information, with the threat of having your developer account terminated if you violate those restrictions.
> Apple cannot and should not be responsible for fixing this - we need a good set of government regulations designed to restrict how your personal data is collected or used.
Sure, specific privacy regulations would be great, but the government moves very slowly and the government itself isn't going to be able to enforce such regulations on a massive scale in the same way that the app review process currently does.
> I mean both are equally important really. I might want to grant you access to my microphone to run a voice command but that doesn't mean I want you to collect my voice recordings and sell them to someone else.
Throughout this thread you’ve demonstrated that you don’t understand how the OS itself works and assume App Store review is somehow protecting you from this, the OS already prevents this.
Sure, I never claimed that they were a panacea - just that the majority of privacy controls implemented by iDevices are actually in iOS and not Apple's App Store review process.
Additionally, those privacy controls are more fundamental than those in the App Store. It's more important that the app not be able to toggle the microphone at will than for you to be able to control what it does with that audio after capture.
> Many of the App Store privacy rules relate to what you are allowed to do with the user data after access is granted by the user
That's not an iOS problem, and Apple fundamentally cannot regulate that, App Store or no - after your personal information goes to a third party's servers, Apple has zero visibility into what happens.
This is also not an Apple-specific issue - this happens with Android, Windows, Chrome, and random online websites. Apple cannot and should not be responsible for fixing this - we need a good set of government regulations designed to restrict how your personal data is collected or used. Otherwise, just like you said, an entity (e.g. a bank) can ask for your personal data, then store it, and it gets leaked.