← Tablets
D

Apple iPad (10th Gen)

Privacy is a human right — unless Apple wants to run ads. Opt-out toggle does nothing.
Serious concerns
Apple · 🇺🇸 United States · WiFi + Cellular + Bluetooth
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
FCC ID: BCGA2696
Chipset: Apple A14 Bionic
App: com.apple.AppStore
Manufacturer: Apple Inc.
Model: iPad (10th Generation)

⚠️ The bottom line

Apple forces other companies to ask permission before tracking you, but exempts its own advertising from the same rule. Apple's ad business boomed after ATT because it kept access to data it denied to competitors. The privacy feature doubles as a competitive weapon. Apple says your data is encrypted and safe. But by default, Apple keeps a copy of the key to your iCloud backups — and they hand that data to police when asked. They even dropped plans to fix this because the FBI objected. Most people never turn on the stronger protection.

Legal jurisdiction
🇺🇸 United States (headquarters)
CLOUD Act read more →
US govt can demand your data from this company even if stored overseas
FISA §702 / PRISM read more →
NSA collects stored emails, photos, messages without individual warrants
Geofence warrants read more →
Police can demand location data for everyone near a crime scene
Spying
2/4 MODERATE
Is someone spying on me?
Data Sharing
3/4 HIGH
Who gets my data?
Security
3/4 HIGH
Is it actually secure?
Honesty
4/4 EXTREME
Can I trust what they say?
REPLACE Extreme risk. Look for alternatives or lock down hard.
8Contradictions
3Critical
3High
2Medium
5Sources
Findings by concern
Spying 2/4 MODERATE 2 findings
⚡ highpolicy claims vs firmware analysis
Apple built a reputation for refusing to unlock phones for the FBI. Then it tried to install software that would scan your private photos before they left your device. Security experts called it surveillance. Apple backed down, but the fact they built it tells you something.

What they claim: Apple states "Privacy is built into every Apple product from the beginning." Positions itself as the company that refuses to build backdoors (San Bernardino 2016).

What we found: Aug 2021: Apple announced NeuralHash CSAM client-side scanning for every iPhone/iPad. 90+ groups condemned it. Matthew Green (Johns Hopkins) warned of abuse. Snowden called it "spyPhone." Apple abandoned the plan but demonstrated willingness to build on-device surveillance infrastructure.

⚫ mediumpolicy claims vs firmware analysis
Apple shows an orange dot when an app uses your microphone. But a bug meant Messages recorded audio for seconds before the dot appeared. Another bug let apps record through your AirPods without permission at all.

What they claim: iOS security guide: microphone indicator (orange dot) appears "whenever an app accesses the microphone" for "real-time awareness." Marketed as core privacy protection.

What we found: CVE-2024-44207 (fixed iOS 18.0.1): Audio messages captured seconds of audio BEFORE indicator appeared. CVE-2022-32946: apps could record via AirPods without mic permission. Apple's audio privacy guarantees breached multiple times.

Data Sharing 3/4 HIGH 1 finding
⚠️ criticalpolicy claims vs app permissions
Apple forces other companies to ask permission before tracking you, but exempts its own advertising from the same rule. Apple's ad business boomed after ATT because it kept access to data it denied to competitors. The privacy feature doubles as a competitive weapon.

What they claim: Apple's privacy page states "At Apple, we believe privacy is a fundamental human right." App Tracking Transparency requires all third-party apps to request permission before tracking users.

What we found: Apple Search Ads is exempt from the ATT prompt because Apple classifies its own tracking as "first-party." Apple's ad revenue grew 238% post-ATT (Financial Times, Oct 2022). Apple collects App Store search queries, tap behavior, ad views, and session data to serve targeted ads.

Security 3/4 HIGH 1 finding
⚠️ criticalpolicy claims vs firmware analysis
Apple says your data is encrypted and safe. But by default, Apple keeps a copy of the key to your iCloud backups — and they hand that data to police when asked. They even dropped plans to fix this because the FBI objected. Most people never turn on the stronger protection.

What they claim: Apple states "your data is protected by encryption" and "Apple leads the industry in security innovations." Marketing suggests your data is safe from everyone, including Apple.

What we found: Standard Data Protection (the default) means Apple holds encryption keys for iCloud Backups, Photos, Notes, iCloud Drive. Reuters (Jan 2020): Apple dropped E2E backup encryption plans after FBI pressure. Advanced Data Protection opt-in since Dec 2022, most users never enable it.

Honesty 4/4 EXTREME 4 findings
⚠️ criticalpolicy claims vs network analysis
Apple gives you a switch to turn off analytics sharing. But researchers proved Apple's own apps ignore that switch completely and keep sending detailed data about everything you do — tied to your identity. Even Google and Microsoft actually stop when you say stop.

What they claim: Apple's privacy settings include "Share iPhone & iPad Analytics" toggle. Implies toggling OFF stops data collection. Apple states "You're in control of your data."

What we found: Tommy Mysk and Talal Haj Bakry (Nov 2022) proved App Store, Music, TV, Books, Stocks apps transmit detailed analytics regardless of toggle. Data includes dsId mapped 1:1 to iCloud account. Class action: Libman v. Apple, Inc. Google Chrome and Microsoft Edge both respect their opt-out toggles.

⚡ highpolicy claims vs regulatory findings
Apple said Siri recordings were handled by computers. In reality, human contractors listened to about 1,000 recordings every day, including deeply private moments captured by accidental activations. Apple never told users. They paid $95 million to settle.

What they claim: Apple's Siri privacy stated recordings processed by machine learning only. "What happens on your iPhone, stays on your iPhone." No disclosure of human review.

What we found: Whistleblower Thomas Le Bonniec (GlobeTech, Ireland, Jul 2019): contractors listened to ~1,000 Siri recordings/day. Captured medical info, drug deals, sexual encounters. $95M settlement Jan 2025 (Lopez v. Apple). France OFAC criminal investigation Oct 2025.

⚡ highpolicy claims vs network analysis
Apple says turning off location services stops tracking. But background system services keep checking your location every couple of minutes anyway. Your carrier tracks you regardless — and they got caught selling that data.

What they claim: Location Services settings: "With Location Services off, no apps will be able to use your location." Implies full user control.

What we found: System services (Compass Calibration, Find My, Motion Calibration, Networking & Wireless, Significant Locations) fire location checks every 1-2 minutes even with Location Services off. FCC fined carriers ~$200M (Apr 2024) for selling customer location data.

⚫ mediumpolicy claims vs app permissions
Apple says its tracking rules apply equally to everyone. But the rules only restrict the kind of tracking competitors do. Apple keeps full access to its own app data for its growing ad business. Like a referee who writes rules only for the other team.

What they claim: Apple states ATT "is applied universally to all iOS apps, including those developed by Apple." Frames ATT as a level playing field.

What we found: ATT does not restrict first-party data. Apple collects App Store searches, browsing patterns, purchase history, News reading habits, Stocks usage for Apple Search Ads — data no competitor can access. Post-ATT opt-in rates ~15-25%, destroying competitors while Apple's data untouched.

What happened to real people
Documented incidents involving Apple products and user data.
PRISM participant since 2012. Apple dropped full iCloud E2EE plans (codenamed Plesio/KeyDrop) after FBI objections (Reuters 2020). Advanced Data Protection released 2022 as opt-in with deliberate friction. [source]
Apple handed over iCloud backups in 1,568 cases covering ~6,000 accounts. 90% compliance rate. Surveillance firm: 'If you did something bad, I bet I could find it on that backup.' [source]
Government requests for push notification metadata rose from 158 (H1 2023) to 277 (H1 2024). Push tokens can identify devices and link to accounts. [source]
What your data is worth to governments
Apple complied with 12,043 government data requests in H1 2024. That's +621% over 10 years. Apple has been a confirmed PRISM participant since 2012. Under this programme, the NSA collects stored communications. The company is legally prohibited from telling you. Jurisdiction: US (CLOUD Act, FISA Section 702).
Documented: PRISM participant since 2012. Apple dropped full iCloud E2EE plans (codenamed Plesio/KeyDrop) after FBI objections (Reuters 2020). Advanced Data Protection released 2022 as opt-in with deliberate friction.
Documented: Apple handed over iCloud backups in 1,568 cases covering ~6,000 accounts. 90% compliance rate. Surveillance firm: 'If you did something bad, I bet I could find it on that backup.'
What is PRISM? · What is the CLOUD Act? · Transparency report
Sources