Apple

iOS privacy concerns deepen as Apple’s promises on analytics anonymity appear to be false

From 9to5mac.com


iOS privacy concerns were raised last week when security researchers appeared to demonstrate that iPhones send the same analytics data to Apple whether you grant or decline permission.

The same researchers have now demonstrated that Apple can – despite assurances to the contrary – link this data back to individual users, as the same ID is used as that for iCloud accounts …

Background

When you first set up a new Apple device, you are asked whether or not you would like to share analytics data with Apple.

Help Apple improve its products and services by automatically sending daily diagnostic and usage data. Data may include location information.

You can agree to this or decline, but Tommy Mysk discovered that exactly the same analytics data appears to be sent to Apple whether or not you consent.

The App Store app was sending real-time data on your app searches, the ads you’d seen, how you found the apps you viewed, and even how long you spent looking at an app’s page. Gizmodo points out that even this data can be sensitive – for example, searching for apps related to LGBTQIA+ issues, or abortion. 

The site suggested that Mysk check out other stock Apple apps, and this revealed that the same was true of Apple Music, Apple TV, Books, and Stocks. For example, the Stocks app shared with Apple your watched stocks, as well as the names of other stocks you searched for or viewed – together with the news articles you read in the app.

A class action lawsuit has now been filed over this.

Apple promises analytics data is anonymous

Even if you agree to Apple collecting analytics data from your devices, the company promises that all data is anonymous.

None of the collected information identifies you personally. Personal data is either not logged at all, is subject to privacy preserving techniques such as differential privacy, or is removed from any reports before they’re sent to Apple.

The company goes on to indicate that it may use your Apple ID to correlate analytics data from all of the devices on which you granted consent, but again says that you cannot be identified.

If you agree to send Analytics information to Apple from multiple devices that use the same iCloud account, we may correlate some usage data about Apple apps across those devices by syncing using end-to-end encryption. We do this in a manner that does not identify you to Apple.

You can see these assurances on your iPhone:

  • Open the Settings app
  • Select Privacy & Security
  • Scroll all the way down to tap Analytics & Improvements
  • Tap About Analytics & Privacy in the opening paragraph

iOS privacy concerns deepen

However, Mysk appears to demonstrate that this assurance of anonymity is false, by capturing the data sent to Apple, and comparing it to that used to identify an iCloud user by their Apple ID.

Apple’s analytics data include an ID called “dsIdâ€. We were able to verify that “dsId†is the “Directory Services Identifierâ€, an ID that uniquely identifies an iCloud account. Meaning, Apple’s analytics can personally identify you […]

The analytics data that the App Store sends to Apple always contain an ID called “dsIdâ€. We weren’t sure if this was the same as the DSID, the ID that uniquely identifies an iCloud account. We confirm that they’re the same ID.

You can see this in the video below.

We’ve reached out to Apple and will update with any response.

9to5Mac’s Take

As the old saying has it, “Never ascribe to malice that which can be adequately explained by incompetence.†I’m pretty confident that Hanlon’s Razor applies here, and that the reason Apple’s assurances appear to be false is down to error rather than a deliberate intent to deceive. The company simply has too much to lose and too little to gain by any nefarious behavior of this kind.

However, as incompetence goes, this does seem pretty high up the scale. Privacy has become a huge part of Apple’s marketing message, so to fail to protect privacy in not one but two major ways is a very big deal.

Apple needs to fix this, and fix it fast.

Photo: Guillaume Bourdages/Unsplash


The post iOS privacy concerns deepen as Apple’s promises on analytics anonymity appear to be false first appeared on 9to5mac.com

New reasons to get excited everyday.

Get the latest tech news delivered right in your mailbox


5 Reasons Why You Should Try Online Horse Race Betting

In many places around the world, horse races are an attraction that a lot of people love to watch. With the fast-paced action and thrill that each game provides, it is no longer surprising to know that millions of fans have grown fond of it.

NordLayer — more than a business VPN

Cybersecurity threats have become vast and more sophisticated. The rate of malware attacks and malicious activity counts within seconds despite the size or sector the organization belongs to — no one is safe enough to expect that foe actors will bypass vital company resources.


You may also like

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments

More in Apple

×
* Popular *
0
Would love your thoughts, please comment.x
()
x