Apple Privacy Labels Often Don’t Match What Chinese Smart Home Apps Do

The smart‑home sector in China is booming, driven by affordable IoT devices and mandatory real‑name registration tied to mobile numbers. This regulatory backdrop encourages developers to harvest detailed user profiles—phone numbers, device IDs, location, financial and health metrics—to power services such as voice assistants, automated routines, and targeted advertising. While Apple’s App Store provides a unified privacy label framework, the study shows that many Chinese apps exploit the platform’s permissive data‑sharing environment, embedding third‑party SDKs that track users beyond what the labels disclose.

A critical blind spot emerges around by‑standers: visitors, neighbors, and passersby captured by cameras or microphones are never asked for consent, and no UI controls exist to manage their data. The research highlights a stark divergence between privacy policies— which acknowledge data collection and law‑enforcement sharing— and the actual user experience, where permissions are granted silently and deletion workflows remain opaque. Apple’s privacy labels further compound the issue, with dozens of apps falsely claiming no tracking or user‑linked data despite clear evidence of extensive collection.

These inconsistencies have ripple effects for regulators, consumers, and Apple alike. Chinese cybersecurity law already mandates cooperation with public‑security authorities, limiting true deletion rights and raising concerns about state‑level data access. For Apple, the credibility of its privacy label system is at stake, prompting calls for stricter verification and enforcement. Developers must prioritize transparent consent flows, especially for by‑standers, and align UI controls with policy statements to rebuild trust and comply with emerging global privacy standards.