Here’s How the Vision Pro Keeps Your Private Stuff Private
Toggle Dark Mode
It’s well-known that Apple generally does more to protect its users’ privacy than most other big tech companies. While it doesn’t have a perfect track record, the company at least tries to treat privacy as a core goal when designing its hardware and software — and the Vision Pro is no exception.
When Apple unveiled its new spatial computing headset last June, it took some time during the presentation to highlight key privacy and security features of the headset, such as Optic ID — the Vision Pro’s answer to Face ID — and how Apple had built isolation features into the hardware so that apps wouldn’t even be able to tell where you’re looking with your eyeballs.
With all the excitement around what the Vision Pro can do, even Apple hasn’t talked much about what it doesn’t do, which is compromise your privacy by sharing too much data to too many places. As with the iPhone, what happens on your Vision Pro stays on your Vision Pro.
Now, the company has outlined the specifics of that in a new Privacy Overview of the Vision Pro and the visionOS software that runs on it. While much of the document is a rehash of Apple’s overall privacy policies, it also provides some interesting insights into the potential privacy pitfalls of a “spatial computer” — and how Apple has worked to avoid those.
For our first spatial computer, we had to innovate across every facet of the hardware and software, including how to build great features that don’t come at the expense of privacy.
Apple
Keeping Your Surroundings Private
It’s easy to forget until you actually strap on a Vision Pro, but everything it shows you from the real world around you is fed into your eyeballs by a series of cameras on the outside. You’re never actually looking through the Vision Pro’s eyepiece.
That means that everything you see, your Vision Pro sees too. That could be a privacy nightmare in the hands of many companies. Imagine looking around your home or office and having all that data fed back to some big server farm. Even if you’re not being spied on, the idea that algorithms could be sifting through that to try and analyze and monetize your environment is a level of creepy that goes beyond the most invasive ad-tracking firms.
Even when you’re in an immersive environment or working with an app, the direction of your eyes can provide clues that could be very valuable to those who want to turn you into their product. For example, while ad trackers can already figure out what web pages you visit, they have no way of knowing what parts of that web page interest you. Browse through a store page, and you might be interested in any one of dozens of products, but the eyeball tracking in the Vision Pro could help them know which ones you spend the most time actually looking at.
To protect your privacy, it’s crucially important that developers can’t abuse this information to be able to find out where you’re looking, and Apple has ensured there’s a strong firewall between the eye tracking features and even its own apps, much less those offered by third-party developers.
Apple Vision Pro is the first Apple product that uses advanced always-on camera streams of your eyes and the world around you to enable spatial experiences. And where you look can reveal what you are thinking, such as links you almost clicked or apps you thought about downloading. To keep your thought process private, where you look before you interact with content is not shared with Apple or the apps you are using, and does not leave your device.
Apple
Apple has been a pioneer in on-device machine learning for years. Back in iOS 10, it swam against the tide when it famously added face and object recognition to the Photos app that ran its analysis entirely on the silicon in your iPhone. While Google Photos and others had already been doing facial recognition for years, they relied on large server farms to analyze that data, and they were likely using it for more than just tagging your personal photos.
So, it’s no surprise that the Vision Pro follows those same rules. Everything that could have any privacy implications is handled entirely on the device. This includes blending apps with your surroundings, tracking your eyeball and hand movements, and even the Persona that Apple generates from your photos.
Apple adds that most apps don’t need access to your surroundings, as it’s visionOS that maps them into your real-world space. This is called Shared Space mode, although some apps can ask permission to access your surroundings in Full Space mode to create a more immersive experience.
If you authorize them to do this — and only if you do so — they’ll get limited access to map your surroundings, but they still can’t capture actual images. Instead, they gain the ability to create a scene mesh to help recognize the objects around you and determine the location of those objects. Apple also notes they only get access to your surroundings within five meters.
Apps also don’t get access to your hand or head movement by default. Most apps don’t need these, but those that do can request permission. This is typically also required for apps that provide fully immersive experiences, but it’s entirely under the user’s control. Apps in Shared Spaces never get access to hand and head movement information; like eyeball tracking, this is processed entirely on the device, and only the results of those movements are passed on by visionOS to the app you’re running.
For example, when you look at an icon or a button in an app, visionOS will highlight that object to help you know where you’re looking. This highlight is generated by visionOS on your device, effectively overlaying the app. No data is sent into the app until you make a gesture to select the button or other object you’re looking at, in the same way that hovering a mouse over a button in an app doesn’t do anything in the app until you click on it.
Apple has also added three new data types to its Privacy Nutrition Labels for the visionOS App Store, so you’ll know if an app wants the ability to track your head movement, hand movement, or your surroundings.
In addition to these specific Vision Pro privacy protections, visionOS also includes many of the same privacy and security features as iOS, iPadOS, and macOS, including Advanced Data Protection for full end-to-end encryption of iCloud data, App Tracking Transparency, Location Services privacy, iCloud Private relay, iMessage encryption, Safari Private Browsing, and more.