by 
A new test of how Apple collects has usage data from iPhones found that the company collects personally identifiable information while expressly promising not to.
That pPrivacy Policy govern Apple’s device analysis says he “None of the information collected personally identifies you.” But an analysis of the data sent to Apple shows that it contains a permanent, immutable ID number called a Directory Services Identifier or DSID, according to researchers at the software company Mysk. Apple collects the same ID number along with information for your Apple ID, which means the DSID is linked directly to your full name, phone number, date of birth, email address and more, according to testing by Mysk.
According to Apple’s analytics policy, “personally identifiable information is either not logged at all, is subject to privacy protection techniques such as differential privacy, or is removed from all reports before being sent to Apple.” However, Mysk’s tests show that the DSID, the linked directly to your name is sent to Apple in the same package as all other analytics information.
“Knowing the DSID is like knowing your name. It’s one-to-one with your identity,” Tommy Mysk said App developer and security researcher who conducted the test together with his partner Talal Haj Bakry. “All these detailed analyzes are linked directly to you. And that’s a problem, because there’s no way to turn it off.”
The findings compound recent discoveries about Apple’s privacy concerns and promises. Earlier this month, Mysk discovered that Apple collects analytics data even when you switch off an iPhone setting Called “Share iPhone Analytics”, an action that Apple become commitments “Disable device analytics sharing altogether.” Days after Gizmodo reported on Mysk’s testing, a class action was filed against Apple for allegedly deceiving its customers in this matter.
G/O Media may receive a commission
Apple has not responded to a request for comment. The company has not commented publicly on the apparent inconsistencies in its privacy promises or the recent lawsuit.
In theory, Apple could argue that an ID number is not personal data. But the GDPR, the mammoth European data protection law, which sets the standard for data regulation worldwide, defines personal data as any information that “directly or indirectly” identifies an individual, including ID numbers.
“I think people should be upset about this,” Mysk said. “This isn’t Google. People choose iPhone believing that such things will not happen. Apple doesn’t have the right to keep tabs on you.”
Mysk belatedly released information about the test in a Twitter thread Sunday.
In some cases, this analytics data appears to include details about each of your movements. Mysk’s tests show that analytics for the StFor example, ore includes everything you’ve been doing in real time, including what you’ve tapped, what apps you’ve searched for, what ads you’ve seen, and how long you’ve been looking at a particular app and how you found it. The data, which is sent in real time, can be seen in a video on Mysk’s YouTube channel.
The researchers checked their work on two different devices. First they used a prisonbroken iPhone running iOS 14.6, which allowed them to decrypt traffic and examine exactly what data was being sent. Apple introduced a privacy setting called App Tracking Transparency in iOS 14.5 that prevents other companies from collecting datawith the request “Ask app not to track?”
The researchers also examined a regular iPhone running iOS 16, the latest operating system, which corroborated their findings. The researchers couldn’t examine exactly what data was being sent because the phone’s encryption remained intact, but the similarities to the tests on the jailbroken phone point to the patterns they found there maybe the default on iPhone. There is little reason to believe that prisonA broken phone would send different data, they said, but on iOS 16 they saw the same apps send similar packets of data to the same Apple web addresses. The data was transferred at the same time under the same circumstances, and toggling the available privacy settings on and off didn’t change anything either.
It is possible that Apple is processing DSID Data to protect personal data when the company receives the information and to separate your personal data from other data. But there’s no knowing, as so far Apple doesn’t seem willing to explain its practices. The enterprise may not use the data if you disable the relevant privacy settings, although you receive them, But that’s not how the company explains what the settings in its do Privacy Policy.
That The results are particularly damning given the years Apple has spent rebranding itself as a privacy company. Apple’s recent marketing campaigns suggest that the company’s privacy practices are said to be far better than those of other tech companies. It emblazoned 40-foot iPhone billboards with the simple slogan “Privacy. This is the iPhone.” and ran the ads around the world for months.
But Apple is making progress build an advertising empire own, based on the personal data of its billions of users. Even the company’s Privacy Settings can be seen as part of a long game Kneecap its advertising competitorsalthough the company vehemently denies this allegation.
For its part, the results come as personal Shock for Tommy Mysk. In the past, “I would always allow the app to share analytics with Apple because I want to help them,” Mysk said. “But I always assumed that the data would be sent anonymously.”
