Apple's privacy promises: Are iPhones as secure as the company claims?

Apple’s privacy promises: Are iPhones as secure as the company claims?

“Privacy. It’s Apple. The Cupertino company’s famous slogan could be in trouble. Two Mysk software researchers claim that Apple collects personal information from iPhone usage data even when the company explicitly promises not to do so. According to Mysk’s findings, the company knows and can identify specific user behavior in Apple’s own applications. EL PAÍS contacted Apple, who did not provide any comment on the matter for the moment.

Tommy Mysk and Talal Haj Bakry, independent researchers at Mysk, analyzed Apple apps and the usage data they send to the company’s servers. “We focused on the App Store because users have no other alternative to download and install apps on iOS,” says Mysk. He adds that other apps, including Apple Books, iTunes Store, Apple Music and Apple TV, send similar data to the tech giant.

Some of this information includes “what a user does in these apps, what they view, when they view it, and for how long.” For example, according to Mysk, App Store usage data records the number of milliseconds a person spends reading the privacy section of a specific app. All this data can be useful for developers to improve their applications. But Mysk notes that they usually ask users for permission to collect the data and anonymize it so that a user cannot be personally identified.

On its web page dedicated to iPhone analysis, Apple specifies that none of the information it collects identifies the user: “Personal data is not recorded, is subject to security protection techniques. privacy (such as differential privacy) or are removed from reports before they are sent to Apple. .” But Mysk says the data sent to the company includes a permanent, immutable identification number called a directory services identifier, or DSID. This number “can personally identify a user”, because it “is associated with their name, their e-mail address and all the data of their iCloud account”. It’s unclear exactly what Apple does with the data and whether it separates personal identification from other information.

The researchers performed these tests on a jailbroken iPhone (meaning the phone removes certain limitations imposed by Apple) with the iOS 14.6 operating system to decrypt the traffic and examine what data was sent to Apple. They also tested a cell phone that runs iOS 16, the latest operating system. In the latter case, the researchers were unable to decrypt the data. Nevertheless, they claim to have detected a similar network traffic pattern, so they think it’s “very likely that the App Store is sending the same data.”


Mysk says Apple collects this information even when the iPhone’s “Share iPhone Analytics” setting is turned off, despite the tech company’s promises to “completely disable sharing of device analytics data.” . Mysk points out that “the policy is ambiguous and gives users the impression that disabling device scanning would also disable usage data and app scanning.”

The researchers note that users cannot prevent Apple apps from collecting usage data and linking it to their identity. Samuel Parra, a lawyer specializing in technology law, says that users could respond to this possible violation of their privacy by filing a complaint with the regulatory authorities. In fact, one user, Elliot Libman, filed a class action lawsuit against Apple, “on his own behalf and on behalf of all others in a similar situation,” in federal court in California precisely for this reason.

A crisis of confidence?

Apple often boasts that privacy is one of the company’s top priorities and uses this claim to set itself apart from the competition. So where do the Mysk search results leave the tech giant? “First of all, from Apple’s perspective as a brand that apparently puts privacy first, [doing] it would be a breach of his clients’ trust,” Parra says.

Moreover, the information that Apple allegedly collects without the user’s knowledge “would allow the creation of very precise profiles on tastes, preferences, political ideology and even health”, which, as Parra points out, could be used to manipulate users. ‘ preferences. For example, the data could be used to change users’ minds in a particular political context. “What Cambridge Analytica has done has shown us that, if you know the users, it’s entirely possible to mold them to the interests of the highest bidder, even on issues of political ideology,” he observes. -he.

The researchers’ findings could also affect Apple’s reputation in the future, says Álvaro Orts Ferrer, privacy lawyer and director of Orts Consultants: “If what Mysk claims is true and if Apple’s policies assure us that it does not collect personal information given that we would not only be facing a violation of Apple’s user agreement – and therefore a violation of the law – but also a significant reputational damage.

Parra agrees and wonders, “Are we still going to believe similar messages from Apple?” The situation could also go beyond Apple itself. “Big companies could send a message to society that is not reassuring: whatever you do, we are watching you. Because I feel like if someone can spy on us, they will,” the expert says.

For her part, Mysk argues that “a company that believes privacy is a basic human right should outline its ‘many’ privacy statements much more clearly.” He also points out that the company collects too much user data and should provide an option to prevent it. “[Apple’s] the privacy statements seem more like they were written by Google, Meta or TikTok,” he says.

Register for our weekly newsletter to get more English news coverage from EL PAÍS USA Edition

#Apples #privacy #promises #iPhones #secure #company #claims

Leave a Comment

Your email address will not be published. Required fields are marked *