For all the Apple talk about how private your iPhone is, the company dumps a lot of data about you. iPhones have a privacy setting that should turn off this tracking. According to a new report from independent researchers, though, Apple collects very detailed information about you through its own apps even when tracking is turned off, a direct contradiction to Apple’s description of how privacy protections work.
Setting up iPhone Analytics makes an express promise. Turn it off, and Apple says it will “completely disable sharing of Device Analytics”. However, Tommy Musk and Talal Haj Bakri, two app developers and security researchers at software company Mysk, took a look at the data collected by a number of Apple iPhone apps – App Store, Apple Music, Apple TV, books and stocks. They found that controlling analytics and other privacy settings had no apparent impact on Apple’s data collection — tracking remained the same whether iPhone Analytics was turned on or off.
“The level of detail is shocking for a company like Apple,” Misk told Gizmodo.
The App Store seems to collect information about each file One thing you did in real time, including what you clicked on, the apps you searched for, the ads you saw, how long you looked at a particular app and how you found it. The app also sent details about you and your device, including ID numbers, the type of phone you’re using, screen resolutions, keyboard languages, and how you connected to the Internet—particularly the type of information commonly used for device fingerprinting.
Opting out or turning off personalization options did not reduce the amount of detailed analytics the app was sending, Misk said. “I’ve turned off all possible options, namely personalized ads, personalized recommendations, sharing of usage data, and analytics.”
Apple did not respond to multiple requests for comment. We’ll update the story with any information the company provides.
Gizmodo requested that Mysk examine a few other Apple apps for comparison. The researchers said that the Health and Wallet apps, for example, didn’t transmit any analytics data at all, regardless of whether the iPhone Analytics setting was on or off, whereas Apple Music, Apple TV, Books, the iTunes Store, and Stocks all did. Most of the apps that sent analytics data shared consistent ID numbers, which would allow Apple to track your activity across its services, the researchers found.
For example, the Stocks app sent Apple your list of watched stocks, the names stocks you viewed or searched for and time stamps for when you did it, as well as a record of any news articles you see in the app, according to Mysk’s analysis for Gizmodo. The information was sent to a web address labeled analytics, https://stocks-analytics-events.apple.com/analyticseventsv2/async. That transmission was separate from the iCloud communication necessary to sync your data across devices. Unlike the other apps, however, Stocks sent different ID numbers and far less detailed device information.
The researchers checked their work on two different devices. First, they used a jail broken iPhone running iOS 14.6, which allowed them to decrypt the traffic and examine exactly what data was being sent. Apple introduced App Tracking Transparency in iOS 14.5, cuing users to decide whether or not to give their data to individual apps with the prompt “Ask app not to track?”
The researchers also examined a regular iPhone running iOS 16, the latest operating system, which bolstered their findings. There is little reason to think that the jail broken phone would send different data, they said, but On iOS 16, they saw the same apps sending similar packets of data to the same Apple web addresses. The data was transmitted at the same times under the same circumstances, and turning the available privacy settings on and off likewise didn’t change anything. The researchers couldn’t examine exactly what data was sent because the phone’s encryption remained intact, but the similarities suggest this may be standard behavior on the iPhone.
Keeping tabs on your behavior rubs some people the wrong way, regardless of the information in question. But this data can be sensitive. In the App Store, for example, the fact that you’re looking at apps related to mental health, addiction, sexual orientation, and religion can reveal things that you might not want sent to corporate servers.
You can see what the data looks like for yourself in the video that Mysk posted on Twitter, documenting information collected by the App Store:
This is not a situation for every app that tracks me and what is one more. These results are not in line with standard industry practices, Misk says. He and his research partner have run similar tests in the past with analytics research in Google Chrome and Microsoft Edge. In both apps, Mysk says data is not sent when analytics settings are turned off.
Privacy is one of the main issues that Apple uses to differentiate its products from competitors. The 40-foot-high billboards for the iPhone were decorated with the simple slogan, “Privacy. This is iPhone.” Advertisements ran around the world for months. But the company is slowly introducing many internet privacy issues into Apple’s once-sacred ecosystem. Apple is working hard to Building an advertising empire. Apple’s ad network operates on your personal information just like Google and Meta do, albeit in a more conservative way.
Along the way, Apple has developed a very apt definition of what privacy means, which allows the company to criticize the privacy practices of its competitors while collecting your data for similar purposes. Apple says you shouldn’t think of what you’re doing as “tracking.” by company website:
Apple’s ad platform does not track you, which means it does not associate user or device data collected from our apps with user or device data collected from third parties for the purposes of targeted advertising or ad measurement, and does not share user or device data with data brokers.
In other words, tracking is only done if you are linking together data collected from services owned by different companies. If only one company – Apple – collects data, then by Apple’s definition, it doesn’t track. Of course, this is different from the definition of tracking that everyone seems to be using.
What happens on your iPhone stays on your iPhone, unless you count the hills of information your iPhone sends to Apple.
#Apple #apps #track #privacy #protections #Report