What Apple users need to know about differential privacy

Machine intelligence, human privacy

In a big change of direction, Apple at WWDC announced plans to use differential privacy in iOS and macOS as a way in which it can collect useful data in order to securely provide its customers with data driven AI services. Why? What is it? And what is it for?


Connected technologies are proliferating across every part of modern life, not just in consumer markets – everything from public transport to energy supply is impacted.

In conjunction with real time big data analysis, these connected technologies make it possible to build insights that weren’t visible before. You see some evidence of the value of such data in medical research using ResearchKit. Google already collects a huge quantity of such information for its products, but many consumers want more control over the information that is collected about them.

However, the Snowden revelations and the creeping nature of both surveillance and sophisticated cybercrime has prompted growing recognition that such information can also be used in negative ways.

All the same positive implications of these solutions means Apple wants to build systems that can gather the useful stuff without sacrificing your privacy. That’s also why the company has been insistent on the need for privacy. Differential privacy is Apple’s response. Among other things, Apple will use it to watch what people do: If everyone starts using a particular emoji it will spot this pattern and offer that emoji up as a recommendation to others, for example.

What is differential privacy?

Differential privacy enables Apple to collect data and usage patterns for large numbers of people without compromising privacy or security. It does this by mixing on-device data with noise in order to obscure personal information. This protects individual identities while also enabling actionable insights into what they do.

Apple says: “Differential Privacy adds mathematical noise to a small sample of the individual’s usage pattern. As more people share the same pattern, general patterns begin to emerge, which can inform and enhance the user experience.”

The company is using hashing, sub-sampling and noise injection to achieve this. Hashing permanently scrambles data in such a way that the system can still grab good insight without storing the original information; Subsampling means much of the data Apple is interested in will be analyzed on your device; Noise injection adds random data to help protect against reverse engineering or cross-referencing of your data. One of the most approachable yet comprehensive explanations of this is available here.

In use, the differential privacy of the hashes “allows Apple to count the frequency with which popular deep links are visited without ever associating a user with a link,” the company says.

There is debate surrounding the effectiveness of differential privacy, but Apple is not introducing it for everything, instead it is putting it forward in a limited way for specific uses.

How is Apple using the differential privacy?

Apple is using differential privacy to enable insights in four specific ways:

  • New words added to local dictionaries;
  • Emojis typed by the user so iOS can suggest emoji replacements;
  • Spotlight deep links used inside apps;
  • Lookup hints within Notes.

Apple will not collect this information if you choose to opt out of allowing it to do so – you remain in control. The company also promises that if you do choose to share your information in this way then your individual privacy cannot be compromised.

The company is also developing predictive solutions that work entirely on the device and are not shared with the company, or anyone else. Apple is not collecting data created by the Photos app when it analyzes your photographs, for example, that entire operation is transacted on your device.

What next?

As the company develops differential privacy tools I imagine it will extend what it does to collect even more useful information, or to enable learned user habits to be privately and securely transported between authorized devices. Ultimately it will want to be able to deliver the same kind of AI-supported solutions its competitors can achieve, but wants to achieve this in a user-focused, deeply private, way. “All of this great work in iOS 10 would be meaningless if it came at the expense of your privacy,” Apple’s software boss Craig Federighi told WWDC 2016.

Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?

Want Apple TV tips? If you want to learn how to get the very best out of your Apple TV, please visit my Apple TV website.

Got a story? Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld.

Copyright © 2016 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon