Code sleuths at Mysk are challenging Apple’s vaunted focus on privacy. The developers claim Apple’s anonymous usage data for some in-house apps includes a Directory Services Identifier (DSID) uniquely linked to your Apple ID and iCloud data. Apple could potentially use this DSID to pinpoint your App Store browsing habits, according to Mysk. This seemingly contradicts Apple’s assertion that “none” of the data is personally identifying, and appears to extend to iOS 16.
The researchers previously shared findings that iOS 14.6 sends large volumes of first-party app activity to Apple, even if you completely disable device analytics or otherwise limit collection. This includes your iPhone model, keyboard languages and other details that could theoretically be used to fingerprint your device. Gizmodo notes that users filed a class action lawsuit against Apple after Mysk published its privacy data.
🚨 New Findings:
🧵 1/6
Apple’s analytics data include an ID called “dsId”. We were able to verify that “dsId” is the “Directory Services Identifier”, an ID that uniquely identifies an iCloud account. Meaning, Apple’s analytics can personally identify you 👇 pic.twitter.com/3DSUFwX3nV— Mysk 🇨🇦🇩🇪 (@mysk_co) November 21, 2022
We’ve asked Apple for comment, and will let you know if we hear back. Mysk pointed out that Apple’s tool to prevent third-party app tracking debuted in iOS 14.5, so this shouldn’t affect other software you use on your devices.
Just what Apple sees isn’t clear. As Gizmodoexplains, Apple encrypts the usage data and isn’t necessarily processing personal and general info together. The problem, as you might guess, is that Apple doesn’t detail its analytics collection practices. There’s a concern Apple might not be honoring its privacy promises, even if the data gathering is limited.