Last week researchers reported that several Apple apps were harvesting user data even when told not to, a claim that prompted a class-action lawsuit. But a follow-up suggests the situation could be even worse than first thought. The same two iOS devs (and “occasional security researchers”) who post under the Twitter account Mysk now claim to have spotted unique ID numbers in the usage data sent to Apple, seemingly contradicting the company’s claim that all such data is anonymous.
“Apple’s analytics data include an ID called “dsId,” they tweeted, “an ID that uniquely identifies an iCloud account. Meaning Apple’s analytics can personally identify you.”
They demonstrate the appearance of consistent DSID (Directory Services Identifier) numbers in harvested data in a six-part thread, including a video of the process happening in real-time:
The DSID is associated “with your name, email, and any data in your iCloud account,” the researchers write, meaning Apple (and theoretically third-party advertising partners) could tie the apps you click on and the ads you view to you specifically. This seems to be at odds with Apple’s Device Analytics & Privacy statement, which clearly states that “None of the collected information identifies you personally.” Of course, it’s possible that Apple isn’t actually looking at the DSID and thus keeping data anonymous, but the fact that it’s included in Mysk’s findings is troubling.
Once again, the details sent to Apple were unaffected by disabling the ‘Share iPhone Analytics’ option, according to Mysk. There’s no apparent way to stop this from happening, other than choosing not to use the App Store and other iOS apps implicated in the research. Apple has yet to respond to the claims, which first surfaced earlier this month.
In recent years many smartphone users have adopted a cynical mindset when it comes to data harvesting, as can be seen by the shrugging comments following Gizmodo’s write-up of this story: All the tech giants are at it, people tell themselves, and it doesn’t hurt me directly. But aside from the seeming contradiction of an explicit promise not to do this, Apple could be hurt by this revelation because it has portrayed itself for some time now as the quintessential pro-privacy tech company. That principle may now come into conflict with Apple’s growing ads business, which stands to benefit from an influx of detailed user data.
