It’s a good indication that things are headed in the wrong direction when your company’s anti-child-pornography initiative gets panned.

A major reason for the failure of Apple’s defence is that the photo-scanning programme confirms a fear many users already harbour: Personal data, even the most sensitive, is effectively out of users’ control, accessible at the flip of a switch.

Apple says, relentlessly, that privacy is the central feature of its iPhones. But as the photo scanning demonstrates, that’s true only until the company changes its mind about its policies.

The iPhone is a gluttonous collector of user information. The devices beam location data as well as information about Wi-Fi usage and internet usage to Apple’s servers, even when we think the devices are slumbering. That type of data opens up iPhone owners to alarmingly accurate tracking by third parties, including their whereabouts, political leanings, job and family status, ethnicity and net worth.

A particular concern around the photo-scanning initiative is that countries may compel Apple to use the technology for their own ends, which Apple says it will resist. But, through a third party, Apple has made Chinese users’ data accessible to the Chinese government, as The New York Times reported, a sleight of hand that allows the company to say it doesn’t directly turn the information over. That makes it hard to believe that Apple might not act similarly where its business interests demand it — even at home in the United States, where technology companies fulfill secret personal data requests daily.

It’s not just the child pornography project that should give users pause. Apple received plaudits, including from me, for rolling out an option this year to prevent apps from tracking users’ activity as they surf the mobile web. But the tracking was enabled in the first place by something Apple created called an “identifier for advertisers,” which turned on the fire hose of personal data available to marketers for the purpose of targeted ads. If Apple believes that tracking is anathema to privacy, why not disable the identifier itself or disable tracking as a default?

“The do-not-track option didn’t really solve privacy,” said Patrick Jackson, the chief technology officer of the privacy firm Disconnect. “It was designed to make users feel like they could press a button and fix it.” He said advertisers and others can still use a process known as fingerprinting — which relies on things like phone model, operating-system version and screen resolution — to identify users and continue keeping tabs on them.

Apple is also building out its own online advertising business, portions of which a French privacy watchdog said may run afoul of European laws. The agency said that Apple doesn’t appear to require users’ consent for tracking, as it now does from other app makers, meaning it could benefit from the targeted advertising that its do-not-track feature is meant to hinder.

Google’s Android mobile software also has a voracious appetite for data but may be less vulnerable than the iPhone to broad attacks, such as the recently uncovered one affecting tens of thousands of phones reportedly targeted by NSO Group’s Pegasus software. That’s because Android runs on many different phone types, each with slightly different versions of the software, said Zuk Avraham, CEO of the cybersecurity firm ZecOps. Pegasus software reportedly collected all manner of personal information, such as emails, voicemail messages, passwords, contacts, call logs, social media posts, web browsing history and photos, and it can remotely activate a user’s phone camera and microphone, according to The Washington Post.

Of course, no software will be invulnerable to every type of hack, but when your marketing states, “What happens on your iPhone stays on your iPhone,” the bar ought to be set higher.

One way to keep prying eyes off your data is to resist putting files into Apple’s iCloud service, but that means potentially choosing another service, with its own privacy concerns. The child pornography scanning project, Apple says, is only for consumers who store their photos in iCloud. Apple also has access to text messages that it says are otherwise encrypted when they are backed up in iCloud, a workaround that’s apparently necessary to aid law enforcement. But for most consumers, it’s a distinction without a difference; photos and text messages are primarily created and accessible on the phones that Apple tells us are sacrosanct.

Apple could take a big lead over its rivals by supporting a single setting at the browser level, known as the Global Privacy Control, to prohibit companies from selling your data to others. That would take the place of prohibiting such actions site by site. (The initiative is supported by a host of privacy and media organisations, including the Times, as well as California’s attorney general.)

Tech companies would like users to believe that they hold the keys to their own privacy. But, locked into Apple’s or Google’s ecosystems, our data is as secure as their policies. I’d like to trust that the biggest technology companies have the best intent, but when they have to say out loud that our privacy is paramount, it sure is difficult.

© 2021 The New York Times Company