Two researchers have revealed that Apple tracks |
Two researchers have revealed that Apple tracks and collects data about iPhone users without their knowledge
A new study by two security researchers from software company Mysk shows that in line with Apple's longstanding commitment to protecting the privacy of its users, Apple collects information about iPhone users through its own apps, even when tracking is turned off.
This was discovered by Tommy Musk and (Talal Haj Bakri) Talal Haj Bakri, application developers and security researchers at Mysk Software, who implemented (Stop Tracking) called (iPhone Analytics) in many features of iPhone applications such as: Store, Music- app, Books app and iPhone app Apple TV and Stocks app, all of which continued to collect data even when the feature was enabled.
According to what the researchers posted on Twitter, the App Store records everything a user does there in real time, including: what they click on, search, and how long the user spends on each page. What ads does he see and how does it happen? Access the application page.
In addition to collecting all this data, the researchers found that the App Store also collects information about users' phones, such as: phone identification numbers such as: IMEI number and (Mac address), the type of phone used, screen size and resolution, phone keyboard language and Internet connection method .
Neither opting out nor disabling customization options reduces the amount of detailed analysis the app sends out in data collection,” Musk told Gizmodo.
When researchers examined some other Apple apps for comparison, they found that the Health and Wallet apps do not collect user activity stats or analytics, regardless of whether the setting (iPhone Analytics) is turned on or off.
Other Apple apps send analytics data and share consistent ID numbers, allowing Apple to track user activity across its services in real time.
For example, they found that the Stocks app sends Apple a list of stocks the user is following, the names of stocks the user has viewed or searched for, when they were viewed, and a history of any news articles or reports. Users see in the application.
According to the researchers' analysis, they found that all the data was sent to a URL called Analytics (https://stocks-analytics-events.apple.com/analyticseventsv2/async). This transfer is separate from the iCloud registration required to sync user data across devices. Unlike other apps, Stocks sends different identification numbers and less detailed information about the device.
The researchers conducted the study on two different iPhones, starting with an unprotected iPhone running iOS 14.6, which allowed them to decrypt and analyze data sent to Apple.
They use this version of iOS precisely because in iOS 14.5 Apple introduced App Tracking Transparency, a feature that lets users choose which apps they track.
Then, the researchers backed up their findings by also looking at regular (protected) iPhones running iOS 16, the latest operating system released by Apple. They found no difference in sending data between the two phones because the same app in iOS 16 sends similar packets to the same Apple URL.
It turns out that the data was transferred at the same time and under the same conditions, and enabling or disabling the available privacy settings did not change anything.
Apple has always stressed the importance of user privacy, especially with the introduction of the app tracking transparency feature in iOS 14.5, where the support page (Device Analytics & Privacy) states that users must consent to the collection of this information from devices.
Apple states on its support page that: “None of the information collected personally identifies you. Personal information is never logged, is subject to data protection technologies such as (Differential Privacy), or is omitted from any report before you submit it. Apple..."
But the research findings showed that Apple was accessing data that users might not want to know, such as sending data that could show users viewing apps related to mental health, addiction, sexual orientation and religion that they might not have. Want to send to corporate servers.
"We want companies like Apple to treat privacy as a human right, collect public data rather than private data, and avoid the substance of what users do," the researchers wrote on Twitter.
It's impossible to know what Apple does with data without explanation, and it often does; So far Apple has been silent. He never responded to multiple requests for comment on this study, and we will update the report with any information provided by the company.
🧵
— Mysk 🇨🇦🇩🇪 (@mysk_co) November 3, 2022
1/5
The recent changes that Apple has made to App Store ads should raise many #privacy concerns. It seems that the #AppStore app on iOS 14.6 sends every tap you make in the app to Apple.👇This data is sent in one request: (data usage & personalized ads are off)#CyberSecurity pic.twitter.com/1pYqdagi4e