This is about a request used to report a click in the app store, which is technically specified in the privacy policy [1] and you can get a CSV of it from Apple in data requests. This is the subject of a class action filed earlier this month [2].
While I think Apple's data collection within its apps is excessive, the only thing the researchers achieve by conflating it with device analytics is giving tech media an "Apple Lies!" headline cycle. People should be informed about how these analytics/surveillance systems work and how to effectively navigate and counter them, not be sold paranoia and the idea that the settings are always lying. They're misleading you with marketing, sure, but the truth in this case is written plainly in the prompt that pops up the first time you open the app store.
[1] https://www.apple.com/legal/privacy/data/en/app-store/, "We use information about your browsing, purchases, searches, and downloads. These records are stored with IP address, a random unique identifier (where that arises), and Apple ID"
"This is about a request used to report a click in the app store, which is technically specified in the privacy policy [1] and you can get a CSV of it from Apple in data requests. This is the subject of a class action filed earlier this month [2]."
The complaint does not allege that Apple failed to disclose how it collects and uses personal data. It alleges that Apple (a) provided a means for customers to opt-out, (b) some customers opted-out, and (c) Apple continued to collect data from customers who opted-out.
From the complaint:
"Even when consumers follow Apples own instructions and turn off Allow Apps to Request to Track and/or Share [Device] Analytics on their privacy controls, Apple nevertheless continues to record consumers app usage, app browsing communications, and personal information in its proprietary Apple apps, including the App Store, Apple Music, Apple TV, Books, and Stocks."
The complaint only applies to a subset of Apple customers who indicated that they did not consent:
"All individuals who during the Class Period (a) turned off Allow Apps to Request to Track, Share iPhone Analytics, Share iPhone & Watch Analytics, and/or Share iPad Analytics, and (b) whose mobile app activity was still tracked by Apple, (c) on an iPhone mobile device."
When Google was accused of wiretapping by scanning Gmail, it could not prove consent and it had to settle. When Google was accused to wiretapping by eavesdropping on open Wifi, again it had to settle. It does seem possible that a plaintiff could succeed against a "tech" company on a wiretapping claim.
Is collecting user information, app browing history and app usage history "communication" under a wiretap statute.
The suit may be dismissed, but the issue of Apple obtaining consent to collect data purportedly for analytics is still valid.
I don’t think it’s disingenuous to point out that two very different things are being comforted. Most people understand that the App Store is linked to their account because it must be to support billing.
That’s very different from, for example, tracking when/where you use apps or what you do in them.
Sorry, if it wasn't clear. I was calling Apple disingenuous, not you.
Apple isn't just linking your App Store purchases to your account, they are tracking every single click and search term in the App Store and linking that to your account.
Would people feel differently if we were talking about web apps, where nearly every click is sent to a server? Why is it egregious for a store to do analytics?
For one, because as another comment mentioned Apple's app store is the only option on iOS, so you can't opt out of it even if you really wanted to. I also find what Apple is doing particularly bad because the click data is associated with your account for a period of time decided by Apple (Edit: I said "permanently" before but that was wrong, it does expire but the privacy policy doesn't specify the exact retention period) and can't be deleted short of terminating the account. Compare how Google lets you disable or delete that kind of granular data from your account with the "Web and App Activity" switch.
1. "App Store browsing activity includes information like the content and apps you tap and view while browsing the App Store. This information is aggregated across users so that it does not identify you. We may also use local, on-device processing to select which ad to display, using information stored on your device, such as the apps you frequently open."
2. "To protect your privacy, targeted ads are delivered only if more than 5,000 people meet the targeting criteria. The information used to determine which ads are relevant to you is tied to random identifiers and not tied to your Apple ID."
3. "Apple’s advertising platform receives information about the ads you tap and view against a random identifier not tied to your Apple ID."
4. It's also possible to reset this random, unique identifier or turn off personalization entirely.
I think that section is about how the advertising system uses browsing activity, not how it's collected and stored. Even with ad personalization turned off on my iPad, my data export has click records going back to 2020 (when I created this Apple ID).
They can be subpeonad for every woman who has downloaded an abortion app?
They have a list of people who are gay/Democrat/Republican/whatever and that list can be stolen?
You are trusting your medical info to an analytics team? One that probably doesn't have the best controls? That probably bulk shares their data across departments like marketing?
I mean, if you don't care, send me your medical records, I'm sure I can make some money off of them.
>not be sold paranoia and the idea that the settings are always lying //
Yeah, um, so if Apple et al. cared like you seem to, perhaps enough to stop lying, then that might be a first step towards people trusting them? You expect the weaker party to trust first before the stronger party even proves they're trustworthy!?
>They're misleading you with marketing, sure [...] //
They have no obligation to mislead. You want us to treat liars like they're angels.
I don't think it's about trust. The easy availability of short-form privacy policies and data export requests are the result of legal requirements, ideally you should be able to rely on those disclosures even if you don't know enough about the company to trust or distrust it. In this case, the disclosures correctly showed that this kind of click data was being collected.
>They're misleading you with marketing, sure, but the truth in this case is written plainly in the prompt that pops up the first time you open the app store.
Then they should be sued for misleading in marketing?
It is one thing where it is legally to do so, it is another thing to have Apple turning on the speaker at highest volume for 5 years , largest attack on Ads and Facebook ( or Social Media ), finger pointing at tracking. And only to find out they are doing exactly the same.
I'm not one to jump infront of a bus for the big company, but the "testing" being reported on here is so incredibly lacking.
- Single proof via a single device on a single OS version from a single API response.
- Claim on the latest version it is doing the same, but can't prove it. Just that requests are being sent when you interact with the application(ok?)
...And that's it.
I don't know the state of the jailbreaking scene, but a quick search seems to indicate that throughout 14.X and 15.X could have been checked, but they haven't. Would happily take this more seriously when reporting of issues is more sufficent. (or others proving more proof)
I wonder what log they got this from; i'm scrubbing through both my latest `Analytics-X.ips.ca.synced` files and `AppStore-X.ips` file and can't find dsId. This is even with every 'Share Analytics' checkbox ticked in settings, besides Improve Health Records. Unfortunately the name of that log file is cropped out.
Isn't it odd that no one else has been able to replicate this researcher's findings? I'd imagine a bunch of others would run similar tests and come out in support of these findings.
I highly suspect there's something off about this and I will wait for others to corroborate these findings (should be easy if there's actually substance here).
I've always been suspicious that there's extra, "latent" first-party instrumentation code in consumer OSes that, when activated, does some additional "innocuous-seeming" metrics-collection, along existing metrics-collection channels, but that is actually just barely enough to be identifiable (in a way that's only apparent if you're a security researcher and you think really hard about it); where this switch is either activated per-device during system updates or virus hot-scan pushes, or per user for cloud-connected user accounts by monitoring a policy flag on your cloud account; and where these mechanisms in turn are activated by state actors telling the OS manufacturer to do so, to then collect the resulting metrics and de-anonymize the device owner.
I mean, it's what I'd do if I were Apple and/or Microsoft, and I knew that the US government was constantly compelling my employees through National Security Letters to do a bunch of extra off-the-books work to enable transparent one-off device-specific wiretaps. I'd productize that wiretap process, to get my employees' time back.
No, "they" don't, because consumer operating systems are designed to not leak identifying data back to the OS vendor, only anonymized instrumentation data. There is no (useful, de-anonymizing) data held on Apple/Microsoft/etc about these devices (except what they're given intentionally by the user, by the user explicitly enabling certain cloud features.) That's been proven by security researchers examining OS network traffic, over and over.
My point was that "security researchers examining network traffic" won't reveal de-anonymizing information leaks, if those leaks are not enabled on 99.99999% of devices, but rather only become enabled on specific devices when the OS vendor distributes those specific devices a "special" update.
If this telemetry file they're showing is undocumented and Apple is intentionally hiding this analytics upload from Settings -> Privacy & Security -> Analytics & Improvements -> Analytics Data (which allows you to export the json files it uploads), then I feel like that'd be a much bigger story and would at least be mentioned here.
It seems too early to say "no one else is able to replicate it", given that the claim was only posted to Twitter yesterday, and the Gizmodo article linked to here was only posted 4 hours ago.
It wasn't true even without the unique identifier, Apple can always correlated all the other data they sent to their servers to identified you.
Most people thing of anonymity like a boolean when is most like a gradient, for example, Tor not only needs onion routing, it also need to to present each user to the net alike, that is why they configure their version of firefox in a specific way and even a simple thing like changing the resolution of the window make you less anonymous. Even in perfect conditions you still vulnerable to correlation attacks and if you are the US, you can probably just use network flow data to deanonymize an user, obviously to do it the resources and implications would be enormous.
In the end is just a gradient of being anonymous to who? The ad conglomerate? A big state?
It would be literally impossible with a standard iphone to be anonymous to Apple, is just PR by Apple.
I'm honestly surprised we aren't seeing these big tech companies have an arms race with respect to homomorphic encryption. Since you can perform computations on the encrypted data itself this appears to be the best of both worlds: anonymous and still able to pull big data. Probably won't be able to serve as personalized ads, but from what I'm aware, the big data is far more important than the direct targeting.
I know Meta is betting big on the Metaverse, but it's also wild to me that they similarly don't bet big here and keep their ad infrastructure.
If it the concept that counts, not just that particular tech, some do "race" to get big data without compromising privacy, even when they don't have to (because no competitors are racing on the privacy dimension).
For a survey, check out what firms are doing on "differential privacy" not just "homomorphic encryption". As a for instance, Apple -- since the OP is about them -- spent significant extra effort to make Maps anonymized.
Apple maps was based on OpenStreetMap originally, which actually tracked users less than the Apple Maps[0] app. Guess all that special work was for nothing.
Ad targeting is much broader than that though. Even with encrypted data you can match keys to profiles. You just don't know who that profile belongs to and you don't even need to know the contents of that profile. The whole point here is that you can treat the system like a black box but still work with it in a useful way.
Brave has proven that targeting is not always the best answer. They did an analysis on their own platform, their CTR is very very good and they do not compromise privacy in any way and still deliver ads (opt-in).
Studies? This is CTR we're talking about. It doesn't have to be a research paper to show what's the average CTR, advertisers know it beforehand, they just made the info public.
Apart from the fact that they have no incentive to, there are technical downsides, even assuming you could get a useful homomorphic scheme to work in practice.
For example, encrypted data can't be compressed. Columnar big data systems rely heavily on that to be performant.
> Apart from the fact that they have no incentive to
They have huge incentives. Apple is positioning themselves as the privacy king. Meta has suffered huge losses because of their privacy abuses. Neither of these suggest no incentives. I'd argue that they suggest large incentives.
The technical downsides are a fair critique though. But this also is where competition excels. Our machines are getting faster. Other algorithms have also gotten extremely faster and it would be naive to assume that homormorphic algorithms similarly don't. This is why I say an arms race.
Apple has done plenty of major screwups that each put a big doubt on whether “Apple loves your privacy” is something more than PR BS, but for some reason, they all got memoryholed.
An iphone user is _probably_ tracked by less ad agencies than a stock android user, but that’s it.
> They have huge incentives. Apple is positioning themselves as the privacy king
I am willing to bet that it is a deal breaker only for very small minority of users. I would argue that search engine data is of much bigger privacy concern than OS, as compared to search history no OS action comes close in disclosing personal action, and google/bing almost has universal market presence even for Apple users.
> Meta has suffered huge losses because of their privacy abuses.
They had their revenue reduced, true. But it is not loss. They wouldn't be in any better position if they didn't used extra data when it was available.
I wonder if there's new feature or improvement Apple could introduce that would actually increase their sales. It seems like at the moment people buy the new iPhone because 1/ they need/want a new phone, 2/ they want an iPhone, and 3/ they want the new iPhone.
Apple know what they need to do to be successful, and that's continue to release updates to the iPhone that in a few small ways make it slightly better than the previous one.
The other thing is you could likely squeeze your competition out of the market. Countries are waking up to the implications of data harvesting and that it isn't only being used by themselves but their adversaries. So if a big company, like Apple, got it working, it would be much easier to lobby legislation that would harm (or kill) your competitors. (While I think we would all be better off if this happened, I do recognize that this same power can be abused and cause a significant disruption in the ecosystem. But I think it would also be extremely difficult to impossible to gain such an edge that others couldn't quickly adapt. Even if they drag their feet)
It's unclear when homomorphic encryption will be ready for prime time, especially at big tech scale. It's easier to give up the data under assurances of how exactly that data will be used. Secure enclaves (e.g. AWS nitro enclaves) can be used to offer cryptographic attestations as to what the code is doing with the user data. Practically speaking, an average user won't inspect the code, of course. But it does allow for other companies to audit and vouch for the usage.
as the a fan of homomorphic encryption I very much hear what you are saying (two examples I thought up https://news.ycombinator.com/item?id=32993163). But at the end of the day, there's no way to prove that Bob's Homomorphic Encryption SaaS company isn't "backing up" all your data into a regular database as well. And that's assuming Bob never gets hacked, too.
At the end of the day, even with HE, we have to trust Bob to be trustworthy, and to have designed and implemented it totally correctly (or else data will leak in the clear).
If it was Bob's small company then having a 3rd-party external auditor review the system would go a long way to gaining the public's trust, but unfortunately Meta has no such luxury. They could say they can't see your data until they were blue in the face, and they could even be telling the trust, but people don't currently believe they haven't sold your data (or the specific nuance there), so I'm not surprised they haven't made a large investment in HE. HE is also not quite there yet. It's ridiculously slow for anything but the most simple operations and Meta's data needs are far from simple.
Yeah you make a really good point (especially with those two examples, which the latter might not even require data collection at all). But I do think that an arms race in this direction would change the public view. You'd sure have a lot fewer nerds like us arguing about privacy. Though we'd probably be arguing more for open source to lessen the trust issue.
I don't think we'll ever have fully trust-less systems. But I do think there's a big difference between saying "trust us, we don't look at the data" vs "we encrypted the data and use this method, trust us that we aren't decrypting it". The former method is worse because there's a lot of people that have clear access to the data. The latter is better because there are more speed bumps and the argument is more sound. A lot of trust is built from demonstrating good faith efforts.
We need other researchers to duplicate this before it holds any weight. That said, I would also really like to know whether Mysk holds any AAPL short positions or put contracts.
Why was the title changed away from the article headline? Few people know what a DSID is before reading the article so this seems designed to deliberately bury the lead.
[2022-11-15] Louis Rossman - "Apple SUED for privacy violations; iOS collects invasive analytics even if you opt out." - https://www.youtube.com/watch?v=016QGxOsjQY [11 min]
I wouldn't be surprised if regardless of the methods users it can't truly be anonymous since that defeats the purpose. Even just compliance would result in resolvable data since you need to be able to request a copy of the data.
Usually if there was actual guilty behavior, someone involved would shrink away quietly. Have any high-up Apple people, for instance, disabled their Twitter accounts since this was first revealed on Twitter? No.
Apple is fundamentally transforming into an advertising company. The difference between them and ad companies such as Google is that, with Apple, advertising is baked into almost every single product.
Every time you open the App store, you're opening a giant garden of advertisements. These ads are extremely lucrative to Apple. Every time you update the OS, it prompts you with ads to sign up with more services. Every time you open Apple News, the same thing happens: you're bombarded with ads to sign up for a premium subscription. When I still had an Apple laptop, it would constantly give me a popup asking me to signup for iCloud, even though I hadn't consciously ever used it.
At nearly every turn, engaging with Apple software leads to profitable ads for Apple. (Usually in the form of direct subscriptions, or commission based advertising.)
What do ad companies love? User data! This is as true for Apple as it is for Google. The difference: Apple has an iron grip on their advertisements like no other company in the world. This gives them the tools that let them pretend they're not an ad company. They are.
You’re really stretching here. Ad companies make their money by selling ads; compare how much of Apple’s revenue comes from selling ads (very small %) vs how much of Google’s revenue comes from selling ads (almost all of it).
Prompts to buy additional products do not make a company an advertising company. If it did, every restaurant in the world would be an “advertising company” because wait staff, cashiers, and menus encourage customers to order additional food.
The App Store is a list of ads, on which Apple earns a commission. I don't think it's a stretch to see it as an advertising platform.
1. Apple Displays ads (Sales content for products.)
2. Apple gets paid when those ads convert into sales.
If Apple didn't get paid when Apps were sold through the app store, then I could see how it isn't an ad platform for them. Yet, the only option, if you want to sell a product listed on the app store is to pay Apple their cut, which fundamentally turns it into a paid advertising platform controlled by Apple.
While Apple is not considered an advertising company today, they have been growing services revenue for the past several years. Part of that is growth in ads (3rd party ads in app store, 1st party ads in the OS, iAd [discontinued], etc).
Even if rank and file Apple employees do not want to grow ads in iOS/App Store, clearly Apple leadership wants to sell more ads (and increase their services revenue). At App Store scale, their volume of ads is not trivial.
Curious if you'd say the same about Microsoft Windows. They never show banner ads anywhere in the product but they do advertise their own apps and services (and like the App Store on iPhone, they advertise apps you can install from their Microsoft Store).
IMO, both Microsoft and Apple are showing me ads I don't want to be shown.
> Every time you open the App store, you're opening a giant garden of advertisements.
Curation and Ads are very different. When you walk into a Target and see a curated set of products like bath towels, they're not Ads. In fact, customers pay more to shop at Target because of Target's ability to curate quality products consistently.
Now the App Store does have Ads (mainly in search - one slot at the top). But it's far from a "giant garden every time you open it".
Idk about your region, but the App Store in my region features actual advertisements on the front page.
The first showcase is an actual showcase, but the second item is very much ads. And the way it's set up is to have something like 1/2 the image visible without the user scrolling, but the part that says is that it's an ad is not visible without scrolling. So the idea I guess is to have the user click on it to find out more based on 1/2 the image without them knowing that it was an ad.
> Apple is fundamentally transforming into an advertising company. The difference between them and ad companies such as Google is that, with Apple, advertising is baked into almost every single product.
It's nice to think this is part of a transformation taking place at Apple. In truth, what is transforming is our perception of Apple. It's not like Analytics has recently changed how it operates.
So you think they need user data to display the ad for Apple Care+ and Apple TV? which they unconditionally display to anyone anyway? Those are the only two ads I have seen.
Calling the app store an ad is really stretching the truth. It‘s a store, of course it displays the products that are for sale.
What was it lately about Apple now being valued at more than all the other SV giants combined? Insane.
[edit: not true at all, apologies]
Like countless others I’ve always been very sympathetic to the entire philosophy of the company - like how they’ve mostly kept to the high road in many important ways. It is going to be a huge shame when they go down that AD road.
But on the bright side - it might turn out that Apple will just have to be the first/main for anti-monopoly regulation.
Even on Google-flavored Android devices, you don't have to use the Play Store if you don't want to. You don't have to use Google Maps if you don't want to. You don't have to send your location to Google if you don't want to. iOS is strictly worse than all the other alternatives I know of.
The risk of malware is far higher on iOS than on a Google Android device, with Xcodeghost alone infecting more users than all others combined, and oft-exploited system apps like iMessage and Safari requiring a reboot to update. I don't know what you mean by leaks and slowing down (maybe https://www.npr.org/2020/11/18/936268845/apple-agrees-to-pay...), but my point was exactly that this doesn't matter on most Android devices, including Google-flavored ones, because (unlike with iOS) you don't have to use Google's app store or maps or SMS app.
It's entirely possible to use a computer for computing and a phone for voice/text. There's no need for combining them into one device with the worst aspects of them all.
While technically correct, this point of view is about a decade behind reality. Mobile devices are the de-facto computation device for most people. Fewer and fewer people have dedicated computation devices; there's no need for them if you have a smartphone.
It does mean being beholden to one of two smartphone OS makers unless you're in the technically capable 5%.
To use a smartphone, arguably. It's now how it's shaping out though. The power of chat apps (telegram, whatsapp, etc) alone makes it hard to be part of a social circle without one.
Peer pressure's an incredibly strong force, as is the stigma of being an outsider.
Whats the point of investing time in chat with people that you'll never see? I'm old enough to know that those virtual relationships had no value for my life. Platform shouldn't be a reason to keep in touch with someone.
Please don't complain about tangential annoyances—e.g. article or website formats, name collisions, or back-button breakage. They're too common to be interesting.
While I think Apple's data collection within its apps is excessive, the only thing the researchers achieve by conflating it with device analytics is giving tech media an "Apple Lies!" headline cycle. People should be informed about how these analytics/surveillance systems work and how to effectively navigate and counter them, not be sold paranoia and the idea that the settings are always lying. They're misleading you with marketing, sure, but the truth in this case is written plainly in the prompt that pops up the first time you open the app store.
[1] https://www.apple.com/legal/privacy/data/en/app-store/, "We use information about your browsing, purchases, searches, and downloads. These records are stored with IP address, a random unique identifier (where that arises), and Apple ID"
[2] https://news.bloomberglaw.com/litigation/apple-hit-with-clas...