HomeTechnologyMobileApple Sends DSID With iPhone Analytics Data, Tests Show

Apple Sends DSID With iPhone Analytics Data, Tests Show

The Apple logo in an Apple Store

Photo: Sukrita Rungroj (Shutterstock)

A new test of how Apple collects has usage data from iPhones found that the company collects personally identifiable information while explicitly promising not to.

The privacy policy to govern Device analytics from Apple says the “none of the information collected personally identifies you.” But an analysis of the data sent to Apple shows that it contains a permanent, unchanging ID number called a Directory Services Identifier, or DSID, That’s what researchers from the software company Mysk say. Apple collects that same ID number along with information for your Apple ID, which means the DSID is directly linked to your full name, phone number, date of birth, email address and more, according to Mysk’s tests.

According to Apple’s analytics policy, “Personal data is not logged at all, is subject to privacy preservation techniques such as differential privacy, or is removed from reports before being sent to Apple.” But Mysk’s tests show that the DSID, which is directly tied to your name, is sent to Apple in the same package as all other analytical information.

“Knowing the DSID is like knowing your name. It’s one-on-one with your identity,” says Tommy Mysk, a app developer and security researcher, who conducted the test with his partner Talal Haj Bakry. “All these detailed analyzes are linked directly to you. And that’s a problem because there’s no way to turn it off.”

The findings compound recent discoveries about Apple’s privacy concerns and promises. Earlier this month, Mysk discovered that Apple collects analytics information even if you Turn of an iPhone setting called “Share iPhone Analytics”, a move Apple commitments will “turn off Device Analytics sharing altogether.” Days after Gizmodo reported on Mysk’s tests, a class action lawsuit was brought against Apple for allegedly misleading its customers on the matter.

Apple did not respond to a request for comment. The company has not said publicly about the apparent contradictions in its privacy promises or the recent lawsuit.

Theoretically, Apple could argue that an ID number is not personal information. But the AVG, the mammoth European privacy law, which has set the global standard for data regulation, defines personal data as any information that “directly or indirectly” identifies an individual, including ID numbers.

“I think people should be upset about this,” Mysk said. This isn’t Google. people choose the iPhone because they think things like this aren’t going to happen. Apple has no right to monitor you.”

Mysk belatedly published information about the test in a Twitter thread Sunday.

In some cases, this analytic data apparently contains details about all your movements. Mysk’s tests show that analytics for the App Store, for example, includes everything you did in real time, including what you tapped, what apps you searched for, what ads you saw, and how long you looked at a particular app and how you found it. The data, which is transmitted in real time, can be seen in a video on Mysk’s YouTube channel.

The App Store on your iPhone monitors your every move

During these tests, the researchers checked their work on two different devices. First they used a prisonbroken iPhone running iOS 14.6, which allowed them to decrypt the traffic and examine exactly what data was being sent. Apple introduced a privacy setting in iOS 14.5 that prevents other companies from collecting data called App Tracking Transparencyprompting users to decide whether or not to give their data to individual apps with the prompt “App asking not to track?

The researchers also examined a regular iPhone running iOS 16, the latest operating system, which confirmed their findings. The researchers couldn’t examine exactly what data was being sent because the phone’s encryption remained intact, but the similarities to the tests on the jailbroken phone suggest the patterns they found there maybe the standard- on iPhone. There is little reason to believe that prisonbroken phone would send different data, they said, but on iOS 16, they saw the same apps sending similar data packets to the same Apple web addresses. The data was sent at the same times and under the same conditions, and turning the available privacy settings on and off didn’t change anything either.

Apple may be processing DSID data to hide personally identifiable data when the company receives the information, separating your personal data from other data. But there’s no way of knowing, as Apple seems unwilling to explain its practices so far. Company may not use the data if you disable the related privacy settings, despite still receiving it, but that’s not how the company explains what the institutions do in it privacy policy.

The findings are especially damning given the years Apple has rebranded itself as a privacy company. Apple’s recent marketing campaigns suggest that the company’s privacy practices are much better than those of other tech companies. It graced 40-foot iPhone billboards with the simple slogan “Privacy. That’s iPhone.” and ran the ads around the world for months.

But Apple is making progress build an advertising empire of its own, built on the personal data of its billions of users. Even the company’s privacy settings can be seen as part of a long game patella are advertising competitorsalthough the company vehemently denies that allegation.

For his part, the findings come as a personal one shock to Tommy Mysk. In the past, “I would always allow the app to share analytics with Apple because I want to help them,” Mysk said. “But I always assumed the data would be sent in an anonymous way.”

Must Read
Apple Faces Critical iPhone SE Decision


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments