“Privacy. This is Apple.” The famous logo of the Cupertino company may stumble. Two researchers from software company Mysk say Apple collects personal information from iPhone usage data while explicitly promising not to. Based on its findings, the company knows the detailed behavior of users in its own applications and can identify them. EL PAS has contacted Apple, who, at the moment, claims they have nothing to say about it.
Tommy Misk and Talal Haj Bakri, two independent researchers from Mysk, conducted an analysis of Apple applications and the usage data they send to the company’s servers. “We focused on the App Store because users had no alternative to downloading and installing apps on iOS,” says Mysk, who says other apps such as Apple Books, the iTunes Store, Apple Music and Apple TV send similar data to the tech giant.
Among this information is “what the user does in these apps, what they see, when they do it, and for how long”. For example, according to Mysk, App Store usage data includes the number of milliseconds a person spends reading the privacy section of a particular app. All this data can be useful for developers to improve their apps. But Mysk insists that it is normal for them to ask users for permission to collect and also to hide their identity, so that the user cannot be identified personally.
On its iPhone analysis webpage, Apple states that none of the information collected is user-identifying. “Personal data is not logged, subject to privacy protection technologies (such as Differential Privacy), or removed from reports before it is sent to Apple,” it notes. However, Mysk claims that the data sent to the company includes a permanent, immutable identification number called a Directory Services Identifier, or DSID. This number “can personally identify the user”, because “It’s associated with your name, email, and any data in your iCloud accountIt’s not clear exactly what Apple does with it or if it uses any techniques to separate personally identifiable information from other information.
The researchers conducted these tests using an iPhone with Jailbreak (a process that allows you to remove some restrictions imposed by Apple) using iOS 14.6 to decrypt the traffic and examine the data being sent to Apple. They also made it with a mobile phone running iOS 16, which is the latest operating system. Although in this case they were unable to decrypt the data, they say they detected a similar pattern of network traffic, so they consider it “highly likely that the App Store app is sending the same data.”
They ensure from Mysk that Apple collects this information even when an iPhone configuration called “Share iPhone analysis” is deactivated. All despite the fact that, with this action, the company promises to “completely disable device analysis data sharing.” “The policy is vague and gives users the impression that turning off device analytics will also turn off usage data and app analytics,” Misk criticizes.
The researchers claim that Users can do nothing to prevent it Apple apps collect usage data and associate it with your identity. Samuel Parra, a lawyer specializing in technology law, asserts that they can respond to this potential attack on their privacy by filing a case with organizations such as the Spanish Agency for Data Protection. In fact, the situation led the user, Eliot Lippman, to file a class action lawsuit against Apple in California federal court, “on his own behalf and on behalf of anyone else in a similar situation.”
Possible crisis of confidence
Apple often prides itself on making privacy one of its priorities and one of the characteristics that sets it apart from the competition. But where do these tests leave the company? “First and foremost, from the perspective of Apple as a brand seemingly committed to privacy, it bankrupts the trust of its customers,” says Samuel Barra, an attorney specializing in technology law.
In addition, the information that Apple supposedly collects without the consent or knowledge of users “will allow the creation of highly accurate profiles regarding tastes, preferences, political ideology or even health.” Something, Barra points out, can be used to manipulate said preferences. For example, trying to get users to change their mind about a particular political context. “What happened with Cambridge Analytica showed us that if we know the user, it is entirely possible to shape it according to the interests of whoever pays the most, even in matters of political ideology,” he says.
The findings of these researchers could affect Apple’s reputation in the future, according to Álvaro Orts Ferrer, a privacy expert lawyer and director of Orts Consultores: “If what Mysk indicates is true and in the event that Apple insures in its policies that we do not collect personal data, we will find ourselves not We only face a breach of the terms established between Apple and the user, and with it, that will result in a legal breach, but also great reputational damage.”
Something Barra agrees with: “Are we going to believe similar messages from Apple again?” This situation can also bypass Apple itself. Large companies can send an unflattering message to society: Whatever you do, we’re watching you. Because it gives me the feeling that if someone can spy on us, they will,” says the expert.
For its part, Musk believes that “a company that believes privacy is a basic human right should describe its ‘numerous’ privacy statements in a much clearer way.” Additionally, it highlights that the company collects a lot of data from users and that it should provide an option to avoid this. “Their privacy statements look as if they were written by Google, Meta, or TikTok,” he concludes.
You can follow country technology in Facebook s Twitter Or sign up here to receive The weekly newsletter.