Apple is tracking you even when its own privacy settings say it’s not
#1
Written by Thomas Germain

Published: November 9, 2022


For all of Apple’s talk about how private your iPhone is, the company vacuums up a lot of data about you. iPhones do have a privacy setting that is supposed to turn off that tracking. According to a new report by independent researchers, though, Apple collects extremely detailed information on you with its own apps even when you turn off tracking, an apparent direct contradiction of Apple’s own description of how the privacy protection works.

The iPhone Analytics setting makes an explicit promise. Turn it off, and Apple says that it will “disable the sharing of Device Analytics altogether.” However, Tommy Mysk and Talal Haj Bakry, two app developers and security researchers at the software company Mysk, took a look at the data collected by a number of Apple iPhone apps—the App Store, Apple Music, Apple TV, Books, and Stocks. They found the analytics control and other privacy settings had no obvious effect on Apple’s data collection—the tracking remained the same whether iPhone Analytics was switched on or off.

“The level of detail is shocking for a company like Apple,” Mysk told Gizmodo.

The App Store appeared to harvest information about every single thing you did in real time, including what you tapped on, which apps you search for, what ads you saw, and how long you looked at a given app and how you found it. The app sent details about you and your device as well, including ID numbers, what kind of phone you’re using, your screen resolution, your keyboard languages, how you’re connected to the internet—notably, the kind of information commonly used for device fingerprinting.

“Opting-out or switching the personalization options off did not reduce the amount of detailed analytics that the app was sending,” Mysk said. “I switched all the possible options off, namely personalized ads, personalized recommendations, and sharing usage data and analytics.”

Apple did not respond to multiple requests for comment.

Gizmodo requested that Mysk examine a few other Apple apps for comparison. The researchers said that the Health and Wallet apps, for example, didn’t transmit any analytics data at all, regardless of whether the iPhone Analytics setting was on or off, whereas Apple Music, Apple TV, Books, the iTunes Store, and Stocks all did. Most of the apps that sent analytics data shared consistent ID numbers, which would allow Apple to track your activity across its services, the researchers found.

For example, the Stocks app sent Apple your list of watched stocks, the names stocks you viewed or searched for and time stamps for when you did it, as well as a record of any news articles you see in the app, according to Mysk’s analysis for Gizmodo. The information was sent to a web address labeled analytics, https://stocks-analytics-events.apple.co...tsv2/async. That transmission was separate from the iCloud communication necessary to sync your data across devices. Unlike the other apps, however, Stocks sent different ID numbers and far less detailed device information.

The researchers checked their work on two different devices. First, they used a jail broken iPhone running iOS 14.6, which allowed them to decrypt the traffic and examine exactly what data was being sent. Apple introduced App Tracking Transparency in iOS 14.5, cuing users to decide whether or not to give their data to individual apps with the prompt “Ask app not to track?”

The researchers also examined a regular iPhone running iOS 16, the latest operating system, which bolstered their findings. There is little reason to think that the jail broken phone would send different data, they said, but On iOS 16, they saw the same apps sending similar packets of data to the same Apple web addresses. The data was transmitted at the same times under the same circumstances, and turning the available privacy settings on and off likewise didn’t change anything. The researchers couldn’t examine exactly what data was sent because the phone’s encryption remained intact, but the similarities suggest this may be standard behavior on the iPhone.

It’s impossible to know what Apple is doing with the data without the company’s own explanation, and as is so often the case, Apple has been silent so far. It’s entirely possible that Apple doesn’t use the information if you turn the settings off, but that’s not how the company explains what the settings do in its privacy policy.

This isn’t an every-app-is-tracking-me-so-what’s-one-more situation. These findings are out of line with standard industry practices, Mysk says. He and his research partner ran similar tests in the past looking at analytics in Google Chrome and Microsoft Edge. In both of those apps, Mysk says the data isn’t sent when analytics settings are turned off.

Privacy is one of the main issues that Apple uses to set its products apart from competitors. It emblazoned 40-foot billboards of the iPhone with the simple slogan “Privacy. That’s iPhone.” and ran the ads across the world for months. But the company is slowly introducing many of the internet’s privacy issues into the once sacrosanct Apple ecosystem. Apple is working hard to build an advertising empire. Apple’s ad network runs on your personal information just like the ones Google and Meta operate, albeit in a more reserved way.

Along the way, Apple developed a very convenient definition of what privacy means that lets the company criticize its rivals’ privacy practices while harvesting your data for similar purposes. Apple says you shouldn’t think of what it does as “tracking.” According to the company’s website:

Quote:Apple’s advertising platform does not track you, meaning that it does not link user or device data collected from our apps with user or device data collected from third parties for targeted advertising or advertising measurement purposes, and does not share user or device data with data brokers.

In other words, it’s not tracking unless you’re linking together data collected from services owned by different companies. If only one company—Apple—is collecting the data, then by Apple’s definition, it’s not tracking. Of course, that’s different from the definition of tracking that everyone else seems to use.

It’s no surprise that Apple is collecting analytics information, the practice is laid out in the privacy policy, and almost every app and device you use probably uses your data for analytics. But Mysk said he’s stunned at the level of detail. “I expected from a company like Apple, that believes that privacy is a fundamental human right, to collect more generic analytics,” Mysk said.

What happens on your iPhone stays on your iPhone, unless you count the mountains of information your iPhone sends to Apple.



https://gizmodo.com/apple-iphone-analyti...1849757558
Reply
#2
Yes, that's totally true.  Apple is watching you I know all about it.  I noticed with the anti telemetry company that I use that quite some time ago they introduced lots of Apple servers to block.  Thankfully I have all those blocked regardless of whether I'm using an Apple product (which I'm not) but I have all the list of servers that are used around the world and I know exactly what their game is.  Certainly if you use Apple and you're a Pirate of the internet then chances are they know all sorts about you.
Reply
#3
An old story dating back to the original version of the iPhone in 2007.  Probably was invented to be a more effective data vacuum in the first place, because that's where the money was/is.  And Jobs was always about the money--well, that and his personality cult.
Reply
#4
(Sep 21, 2023, 03:23 am)delwycharm Wrote: Although Apple is allegedly committed to protecting user privacy and providing settings to control information collection, research has shown that information is still collected and shared. to a limited extent. surprising detail.
incredibox

FTFY
Reply
#5
Man It's high time we break away from big tech's stronghold and consider alternatives like GNU/Linux (Debian, Arch, Fedora) for our desktops and GrapheneOS for smartphones to protect our digital freedom. In cases where GrapheneOS isn't accessible, DivestOS comes second as a commendable solution, serving as a harm reduction project for EOL devices.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  BitTorrent Blocklists Are Even Less Effective Than Pirate Site Blocking Ernesto 9 47,700 Jun 09, 2024, 12:18 pm
Last Post: reeboker
  India: ISPs say they give the government full access to web traffic Resurgence 0 9,877 Nov 10, 2022, 13:51 pm
Last Post: Resurgence
  US: Twitter to pay $150m fine to resolve data privacy violations Resurgence 0 11,542 May 29, 2022, 00:52 am
Last Post: Resurgence
  US: Tech industry groups are watering down attempts at privacy regulation Resurgence 0 10,008 May 27, 2022, 00:41 am
Last Post: Resurgence
  Italy: Privacy authority fines Clearview AI €20M, orders biometrics deletion Resurgence 0 14,009 Mar 12, 2022, 01:04 am
Last Post: Resurgence



Users browsing this thread: 1 Guest(s)