Security researchers have discovered that Apple collects data on iPhone and iPad users, tracking them, which contradicts the Apple firm’s privacy policy. A sensitive matter…
In the war in which the manufacturers are waging to dominate the smartphone market, Apple is betting heavily on the confidentiality it guarantees to its users – this has become one of its main marketing arguments. In a sector that relies heavily on the exploitation of personal data, the apple firm has even set itself up as a real bulwark against this practice, which has allowed it to differentiate itself from its competitors, as evidenced by its motto: “Privacy. That’s iPhone“. A promise relayed by an advertising campaign on television and on social networks in May 2022, claiming respect for privacy. Alas, it would seem that the reality is slightly more complex and that Apple does not keep all its promises in terms of privacy…
App Store: a way to track users?
Two cybersecurity researchers – known as Mysk on Twitter – were interested in how Apple collects and uses the personal information of its users on iPhone and iPad via the App Store, the official store through which you must go to download applications. They discovered that the Californian company was collecting data on the slightest actions of its users, without guaranteeing their anonymity. A finding that contradicts the famous privacy policy of the apple firm. The researchers conducted their tests on a “jailbroken” – unlocked – iPhone running iOS 14.6 with App Tracking Transparency active. By jailbreaking the device, they were able to install tools to decipher the flow of information and thus analyze the data that is sent to Apple’s servers. However, they were unable to do the same on a device running iOS 16, but the two versions of the apple operating system have very many similarities in their operation, which would suggest that data is collected from the same way. This is all the more likely since this method fits perfectly into the new strategy implemented by Apple for several months. Indeed, users have seen a sharp increase in advertisements in the App Store, which has raised vehement protests – including from developers – to the point that the Apple firm has had to backtrack for some application categories, such as gambling.
New Findings:
1/6
Apples analytics data include an ID called dsId. We were able to verify that dsId is the Directory Services Identifier, an ID that uniquely identifies an iCloud account. Meaning, Apples analytics can personally identify you pic.twitter.com/3DSUFwX3nV— Mysk (@mysk_co) November 21, 2022
In their study, the two researchers reveal that Apple follows from A to Z the movements of its users on the App Store, Apple’s application store. The firm would thus be able to know their habits, their centers of interest and their behavior on their devices, including when the tracking functions – such as the sharing of usage data or personalized advertisements – are deactivated. Indeed, since April 2021, Apple has been encouraging its users to refuse advertising tracking through the Tracking Transparency application – which has also dealt a blow to Facebook, whose business model depends largely on targeted advertising and user tracking. Of course, Apple had promised at the time to apply the same treatment and not to follow the actions of its users online or in applications in the event of refusal. But this would not be the case in practice if we are to believe the analyzes of the Mysk researchers who point out that Apple would not follow the policy it applies to others…
Personal data: a collection that is not anonymous
What’s worse, as the researchers revealed on November 21, is that the collection is not anonymous. They discovered in the data sent contains a DSID (Directory Services Identifier): an identification number directly linked to the user’s Apple ID – which is linked to their iCloud account –, and which therefore makes it possible to trace back to to their e-mail address, telephone number, address or date of birth. According to the analysis, it is impossible to end this data transfer, even from an iPhone or iPad that has disabled this option. Tommy Mysk, one of the company’s co-founders, told Guizmodo that “knowing the DSID is like knowing its name. It’s a direct link to your identity. All of these detailed scans will be directly linked to you. And that’s a problem because there’s no way disable.” To sum up, Apple therefore collects data on its users and their behavior in the App Store – their habits, what they searched for, the advertisements they were exposed to, how long they stayed on the page of an application… – without them being able to remedy it in any way, and this collection is absolutely not anonymous, contrary to what the firm claims.
This study – and this was before we knew that the data collection was not anonymous – led, a few days ago, to a class action — a class action lawsuit — against Apple in federal court in California. The assembled plaintiffs believe that the firm violates the California Invasion of Privacy Act, which aims to protect users’ right to block tracking, including when it is used to perform analytics. The complaint does not focus so much on collection – all tech giants do – but on the fact that the firm does not take into account the parameters allowing, in theory, to refuse this practice.
For now, Apple has declined to comment. But the subject is very sensitive, and it would be good for Tim Cook’s firm to speak officially to clarify everything, with supporting evidence. This case could well harm the “angelic” reputation of Apple, which is already in the sights of legislators, especially in Europe. The latter want to tackle the company’s monopoly, which forces developers to submit to the rules of the App Store if they want to take advantage of its huge market – Apple notably imposes a high commission, which continues to increase. The European Union has already forced Apple to comply with its rules by requiring the manufacturer to adopt the USB-C format on its mobile devices, which must become the universal charging sockets – something the Apple firm is reluctantly beginning to do. , phasing out its proprietary Lighting format.