It is discovered that individuals can be identified from the usage data of the anonymous iPhone

Usage is collected whenever you use your smartphone, and the collected data is useful for device analysis. Apple states in its privacy policy that 'none of the information collected is personally identifiable,' but according to the latest research by security research software company Mysk , the iPhone It has become clear that the analysis data contains a ``personally identifiable identification ID'' linked to the user name and phone number.

???? New Findings:
???? 1/6
Apple's analytics data include an ID called “dsId”. We were able to verify that “dsId” is the “Directory Services Identifier”, an ID that uniquely identifies an iCloud account. Meaning, Apple's analytics can personally identify you ???? pic .twitter.com/3DSUFwX3nV

— Mysk ???????????????? (@mysk_co) November 21, 2022

Apple Sends DSID With iPhone Analytics Data, Tests Show
https://gizmodo.com/apple-iphone-privacy-dsid-analytics-personal-data-test-1849807619

iOS privacy concerns deepen; analytics data is tied to Apple IDs
https://9to5mac.com/2022/11/21/ios-privacy-concerns-deepen/

Apple focuses on protecting user privacy, but the App Store, the app store provided by Apple, collects information about where the user is tapping or swiping on the screen. points out Mysk, a software development company consisting of two iOS app developers and security researchers. This usage is sent even if the data sharing setting is turned off, and Mysk further said, ``Even if the user agrees to share analytical data with Apple, the information shared is too much. There are too many,' he commented.

It is clear that Apple arbitrarily collects information on ``how users operate the App Store application''-GIGAZINE

And as a result of Mysk's new analysis, the user's iPhone usage data, which Apple basically collects as 'not personally identifiable', includes the user's name, date of birth, email address, phone number, etc. announced that it contains an ID associated with

When Mysk analyzed the data sent from the iPhone to Apple, it was found that the analysis data contained an unchangeable ID number called the Directory Service Identifier (DSID). Since this DSID is linked to the user's personal information, Apple's privacy policy states that ``no personal data is recorded and personally identifiable information is removed from any reports before being sent to Apple.'' Mysk points out that it is against.

2/6
Apple states in their Device Analytics & Privacy statement that the collected data does not identify you personally. This is inaccurate. We also showed earlier that the #AppStore keeps sending detailed analytics to Apple even when sharing analytics is switched off.pic.twitter.com /2mJiHtM1GD

— Mysk ???????????????? (@mysk_co) November 21, 2022

Mysk used iPhones with iOS user rights restrictions removed, and by decrypting traffic while using iPhones, they investigated exactly what data was being sent and when. In addition to iPhones with iOS 14.5 or later, which have introduced ' App Tracking Transparency ' to protect users from data collection by other companies, Mysk also investigated iPhones with iOS 16 , the latest OS at the time of the investigation, to reinforce the findings. I'm here. According to Mysk, the data is sent under the same circumstances and at the same time regardless of the OS version, and even if you toggle 'Allow data transmission' on or off from the user-operable privacy settings. , the data collection situation did not change.

“Knowing a DSID is like knowing a person’s name,” Mysk said. There is no way to do it,' he said. In fact, the EU General Data Protection Regulation (GDPR) , the European privacy law that set the standard for data regulation around the world, defines personal data as “any information that directly or indirectly identifies an individual”. and the DSID number is likely to be one of them.

3/6
Apple uses DSID to uniquely identify Apple ID accounts. DSID is associated with your name, email, and any data in your iCloud account. This is a screenshot of an API call to iCloud, and DSID it can be clearly seen alongside a user's personal data : pic.twitter.com/x59lr0AzWf

— Mysk ???????????????? (@mysk_co) November 21, 2022

Mysk's tests show that users tapped on the App Store, searched for apps, saw ads, how long they looked at an app, how they found it, and anything else they did in real time. That is included in the usage data, and that data is sent in association with DSID.

In the following movie published by Mysk's YouTube channel, you can see how much data is being sent in real time.

The App Store on your iPhone is watching your every move-YouTube


According to tech news site Gizmodo, ``Apple may process data containing DSIDs to sort out personally identifiable information when it is received, and to separate personal information from other data.'' In fact, Apple's privacy policy states, ``If a user agrees to send analytics information when using an iCloud account from multiple devices, synchronization using encryption will be performed. , We may associate some of the app usage data across devices, but only in a way that does not allow Apple to identify the individual user.' However, due to the point that ``similar information is being sent even if you do not allow data collection'' and that Apple has not responded to requests for comment from news sites such as Gizmodo, Apple's data collection Gizmodo said the allegations are not clear enough.