Here’s How Apple Improves the iOS and Mac User Experience While Protecting Your Privacy

Apple has added a new entry to its Machine Learning Journal with in-depth technical details about how it uses differential privacy to gather anonymous usage insights from devices like iPhones, iPads, and Macs.


At a high level, differential privacy allows Apple to crowdsource data from a large number of users without compromising the privacy of any individual.

There are two types of differential privacy: central and local. Apple has chosen to use the local setting, which means that data is randomized before being sent from devices, so that its servers never see or receive raw data from users.

When users set up their device, Apple explicitly asks users if they wish to provide usage information on an opt-in basis. If a user declines, no data is collected by Apple unless they choose to opt in at a later time.

The toggle for sending usage information can be found under Settings > Privacy > Analytics on iOS 10 and later and under System Preferences > Security & Privacy > Privacy > Analytics on macOS Sierra and later.

Apple says the data it collects helps to, for example, improve the QuickType keyboard's predictive words and emoji suggestions, and to help identify problematic websites that use excessive power or too much memory in Safari.

An opted-in user who types an emoji, for example, may trigger usage information to be collected based on the following process:

• The data is immediately privatized via local differential privacy.

• The data is temporarily stored on-device using a technology called Data Protection, which is explained on page 11 of Apple's iOS Security Guide.

• After a delay, a random sample of the data is collected and sent to Apple's server.

The data sent to Apple does not include device identifiers or timestamps of when the events in the usage information occurred. The communication between a device and Apple's server is encrypted using TLS.


In iOS, information being shared with Apple for the categories of data that are protected using Differential Privacy is visible under Settings > Privacy > Analytics > Analytics Data, in entries that begin with "DifferentialPrivacy."

In macOS, users can launch the Console app and view the information under the Differential Privacy category of System Reports.

On a side note, the blog post reveals that "Face With Tears of Joy" is the most popular emoji, used by more than 25 percent of English-speaking users of Apple devices. We saw this chart before, but now it's labeled along the y-axis.


For a detailed explanation of the mathematical algorithms that Apple is using, the Learning with Privacy at Scale entry in its Machine Learning Journal is a worthwhile read.


Discuss this article in our forums

Apple Says ‘Face With Tears of Joy’ is Most Popular Emoji in United States Among English Speakers

Apple has revealed that "face with tears of joy" is the most popular emoji among English speakers in the United States.

The face topped Apple's list of the top 10 emoji, ahead of a red heart, loudly crying face, heart eyes face, face throwing a kiss, face with rolling eyes, skull, smiling face with smiling eyes, weary face, and thinking face.

Apple's chart isn't labeled, much to the disappointment of anyone who was desperately seeking emoji statistics.


Apple's list of the top 10 emoji is mostly consistent with public data available from Emojipedia and EmojiTracker, with the skull being an exception, according to Unicode's Emoji Subcommittee vice-chair Jeremy Burge.

Apple shared the chart in a recently published overview of its differential privacy technology on macOS Sierra and iOS 10 and later, which allows the company to collect and aggregate anonymized data from a large number of users while preserving the privacy of individual users.
The differential privacy technology used by Apple is rooted in the idea that statistical noise that is slightly biased can mask a user's individual data before it is shared with Apple. If many people are submitting the same data, the noise that has been added can average out over large numbers of data points, and Apple can see meaningful information emerge.
Apple says it uses local differential privacy to help protect the privacy of user activity in a given time period, while still gaining insight that improves the intelligence and usability of iOS and macOS features such as:

• QuickType suggestions
• Emoji suggestions
• Lookup Hints
• Safari Energy Draining Domains
• Safari Autoplay Intent Detection (macOS High Sierra)
• Safari Crashing Domains (iOS 11)
• Health Type Usage (iOS 10.2)

Apple has specifically developed a technique known in the academic world as "local differential privacy":
Local differential privacy guarantees that it is difficult to determine whether a certain user contributed to the computation of an aggregate by adding slightly biased noise to the data that is shared with Apple. But before adding this noise, it's necessary to define a data structure that captures a sketch of user input with a small number of bits. Apple currently makes use of two specific techniques.
In iOS, information being shared with Apple for the categories of data that are protected using Differential Privacy is visible under Settings > Privacy > Analytics > Analytics Data, in entries that begin with "DifferentialPrivacy."

In macOS, users can launch the Console app and view the information under the Differential Privacy category of System Reports.

Apple's differential privacy overview provides many more technical details about the technology, including info about the Count Mean Sketch technique that allows Apple to determine the most popular emoji.


Discuss this article in our forums

Apple Collecting Browsing Data in Safari Using Differential Privacy in macOS High Sierra

With the release of macOS High Sierra, Apple is now collecting data from the Safari browser using differential privacy technology, reports TechCrunch. Apple is aiming to gain information about browsing habits to help identify problematic websites that use excessive power or too much memory.
This form of data collection is the first of its kind for Safari, aimed at identifying sites that use excessive power and crash the browser by monopolizing too much memory. Apple is also documenting the popularity of these problematic domains, in order to prioritize which sites it addresses first.
Apple first announced its adoption of differential privacy in 2016 alongside the debut of iOS 10. Differential privacy is a technique that allows Apple to collect user information while keeping user data entirely private. It uses hashing, subsampling, and noise injection to enable crowd-sourced learning without compromising user privacy.

Differential privacy is already in use on Mac and iOS devices for emoji use, search predictions, predictive text, and other small features that use machine learning for improvement.


Because of this, Apple does not have a specific message about the new Safari data collection when macOS High Sierra is installed, and it is lumped in with the general Mac analytics data notice that is presented when setting up a new Mac. From Apple's Privacy notice regarding analytics:
If you agree to send Mac Analytics information to Apple, it may include the following:
- Details about app or system crashes, freezes or kernel panics.
- Information about events on your Mac (for example whether a certain function such as waking your Mac was successful or not).
- Usage information (for example, data about how you use Apple and third-party software, hardware, and services).

Analytics data contains your computer's hardware and software specifications, including information about devices connected to your Mac and the versions of the operating system and apps you're using on your Mac. Personal data is either not logged at all in the reports generated by your Mac, is subject to privacy preserving techniques such as differential privacy, or is removed from any reports before they're sent to Apple.
While users are given the option to turn off analytics when setting up a Mac, there's also a Security and Privacy setting that can be accessed to turn it off any time. To get to the feature, click on the Apple at the top of the menu bar, and choose "System Preferences." From there, open up Security and Privacy, select the "Privacy" tab and then choose Analytics to choose whether or not to share data with Apple.


Discuss this article in our forums