You might want to re-read that contract you signed for Apple’s iPhone Upgrade Program

“As Apple prepares to announce its latest and greatest devices later today (Sept. 7), it’s worth checking in on something launched at last year’s event,” Mike Murphy writes for Quartz. “Back then, Apple introduced the iPhone Upgrade Program, a way of leasing the newest iPhones on a monthly installment plan that last two years.”

“But a closer look at the program contract reveals those that enrolled might have released their personal information to a far larger group than they had expected,” Murphy writes. “Anyone wishing to sign up for the upgrade program — currently only available in the US — actually signs a deal with Citizens Bank’s personal loan subsidiary, Citizens One, which finances the loan for Apple. ”

Murphy writes, “But a closer look at the program contract reveals those that enrolled might have released their personal information to a far larger group than they had expected… According to the letter, Citizens use your information to market its own products, and share your information so that ‘affiliates’ can also market to you. Citizens Bank wasn’t immediately available to explain the difference between ‘affiliates’ and ‘nonaffiliates,’ or how often it shares customers’ personal information.

Read more in the full article here.

MacDailyNews Take: Hopefully the information is guarded well and judiciously used at all times – and given Apple’s stance on privacy, we expect it.


  1. MDN noted “Hopefully the information is guarded well and judiciously used …”

    I can guarantee CB guards it well and uses its info judiciously in selling it only to the highest paying affiliates (spamming advertisers;-)

      1. Are you dumb or just intentionally stupid? This is what banks do – lend you money are share your data to sell you. Cook has nothing to do with it. Show a manufacturer of any consumer product that can require financing who provides that financing on their own.

        Better yet, if you don’t like it PAY CASH and SHUT UP. Unless, of course, you are incapable of paying cash because you live in a house of cards (plastic) and whatever cash you have is gone to pay your 26% credit cards within a few hours of receiving it.

        If you are going to dump on Cook, at least have some resemblance of being correct and weaving a few facts into your fiction.

    1. Oh Heck! This deserves much stronger language.

      Apple needs a new CEO.

      Apple is all about protecting their customers’ information. Wait till he tells you, you are not just Apple’s customers, but Citizens’ customers as well. Oh yeah, and, they have no control over that information provided to them. (true huh! but…) Really! Is that what you expected from the company that fought the FBI over customers’ privacy? Or, maybe, it was just nothing in it for Apple. Hm? (like the ability to sell more iPhones, that’s why the big public showing of protection. hm?)

      Oh, I guest the more things change the more they stay the same. Too bad Apple doesn’t finance this plan itself. It has more money than most banks.

      1. Are you a charter member of the stupid club like the guy above? READ THE CONTRACT BEFORE YOU SIGN IT and if you don’t like the terms don’t buy what you can’t afford and don’t sign the contract. A third grader could read the contract and understand Apple is only a conduit for third party financing. Do you realize how incredibly stupid what you said is?

        I am stunned someone with enough basic education to operate a laptop and navigate the internet would actually say what you said and mean it seriously.

        1. Reading and comprehension, they go hand in hand, but not so much in your case I see.

          “Oh yeah, and, they have no control over that information provided to them. (true huh! but…)” You missed the that “true huh”, ok, fine. Let’s take another look shall we.

          “Too bad Apple doesn’t finance this plan itself. It has more money than most banks.” You missed that all together, hey? ( over your head perhaps ) Oh, well. Maybe next time you’ll find a third grader to read to you, so you can spend more time on the comprehension part.

  2. Reading this article sounds a bit like coming up with a term like “enemy combatants” after you read “Citizens Bank wasn’t immediately available to explain the difference between “affiliates” and “nonaffiliates,” or how often it shares customers’ personal information.”

    Then again who knows how hard the writer tried to get the bank to immediately explain, or if the writer even bothered to pour through the bank’s policy manuals to find out in an investigative manner what an affiliate specifically referred to, or if they even understand the definition that affiliate could mean, “a person or organization officially attached to a larger body.”

    At any rate, not to worry to the folks that make a matter, the free and civilized world is free of such minutia.

    1. Indeed, such notices are required by the government. You should try buying a house with a bank loan these days – well over 100 pages to the loan package.

      Unfortunately, being standard doesn’t mean they don’t share – it is virtually guaranteed that they do!

  3. The Quartz article is way over blown. The Bank is required to disclose to its customers how it shares the individuals data. In fact they get a Privacy Notice (same one you get annually for any financial institution) once they are approved. The customer has the right to opt out of certain types of information sharing with non affiliates. The Privacy Notice actually defines what a affiliate and non affiliates are at some Banks add the names of their affiliates.

  4. It’s for situations like this that I use my own domain name and when asked to provide an e-mail address to a company, I use a unique prefix that is derived from that manufacturer’s name.

    This offers two advantages. One is that when I receive spam, it’s easy to see who passed my name on to the spammer and the second advantage is that it’s trivially simple to block that particular e-mail address so that I never receive anything else from them.

    1. You can do the same sort of thing with a single Gmail account by appending “+[text]” to your address name. For example, “bob+mdn@…” for use with Macdailynews. Though I’ve wondered if clever spam companies have gotten worse to that tactic and set up a system to strip the + and everything after it.

      So, not as robust as you’re method, I suppose, but doable for those without the financial clout or technical acumen to establish their own domain name/email service.

      1. So what you’re saying is that in order to defeat the marketing people from taking advantage of your personal data, you’re sending all of your mail via Google instead.

        Would you care to think that through a little more ?

        As for the financial clout and technical acumen required to set up a domain name, the domain name costs me around ten dollars per year and mail redirection is simply a matter of entering in my preferred e-mail service ( or services ) into a control panel that the domain hosting company offer for free. It took a couple of minutes several years ago and I haven’t had to do it since. The only time I do anything with the control panel these days is to block certain addresses, or redirect some low priority mail to a minor e-mail account that isn’t accessed on my iPhone.

        So long as I keep that domain name valid, everybody who e-mails me will send e-mails to exactly the same e-mail address that I’ve used for many years and the address won’t change if I switch to a new service provider. All I would need to do is to use the control panel to redirect my mail to the new service provider instead.

        1. We’re talking more specifically about spam mitigation here, for which I think the “+suffix” approach is effective, as opposed to data mining of the email content itself. Your broader point is well taken, though; I do need to eventually rethink my broader email strategy at some point. I imagine it’s hard to match Gmail’s top-notch search tool and spam/phishing filters with a personal system, though. Those are pretty handy features!

          Also, it sounds like your email address is more of an auto-forwarding target than a full-fledged destination address. How do you handle the fact that any replies you send to mail received through it will be coming from a different address?

          1. When needed, I set up a temporary Mail account with that particular address in order to reply to such people and then delete it again straight after, but in reality, it’s seldom needed because most of those businesses either require me to reply by e-mail via a web form, but in many cases I simply don’t need to reply to them at all.

            Typical examples, my insurance company always requires me to e-mail via web forms, so do my utility companies. Many of the other e-mails are from places that I use and they send regular e-mails – such as my local restaurant highlighting new menus, a museum advertising forthcoming events, or a frequently used holiday firm promoting special deals.

  5. FWIW, they used to use Bank of America (unknown to me at the time, there is no clear indication that third parties are involved with their financing, let alone which third parties). I used an Apple loan about 12 years ago, and at the time I had no account with BoA. A couple of years ago I moved to a city where BoA was my only option, and sure enough when I went to open an account with them (again, having never had an ‘official’ account), they still had all of my info from that Apple loan in their system, and had sold it to Zeus knows who in the interim. Perhaps I’m being cynical, but I don’t know that Apple is even capable of (or cares about) getting its business partners to follow its own ethics, I wouldn’t count on your information being treated with care in this instance, either. Definitely proceed with caution if privacy is important to you.

    1. “unknown to me at the time, there is no clear indication that third parties are involved with their financing,” That is unequivocally your fault and a failure to read what you signed/agreed to. Disclosure of where the financing comes from has been the law for longer than 12 years. If you didn’t know BofA was providing the loan, you have no one to blame except yourself.

  6. After reading through the comments, I find it incredulous that so many of people have found a way to blame Apple/Cook/whoever for their complete and total failure to read and make sure they understood what they were signing. It’s like a convention of the stupid telling each other w=how the world has screwed them over.

    It would be refreshing if just one of you took responsibility for your own actions or lack thereof.

  7. Again… The user is the product. This is what is expected in marketing these days. It’s a way to make money on the net. I don’t like it and do what I can to cut it out of my life. But Apple’s ‘lease’ (?) program is a deal. So this is one way for Apple and CB to make money off it. *sigh*

  8. I enrolled in the iphone/citizenone loan in the bay area 12 months ago. I’ve since moved to Puna, HI. Now they’re tellin me at Apple, in order to upgrade to the iPhone 7, I HAVE to trade in to an Apple store. Mine’s in Honolulu, 250mi away.
    They won’t budge. They now expect me to pay the rest of the loan,(12 more months), with no upgrade! #BadApple

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.