Does Apple really anonymize user analytical data before transmitting it to its servers? According to one researcher, it would be a lie.
Apple is under fire again. In the viewfinder the alleged respect for privacy guaranteed by the company to its users. Apple claims that the analytical data provided by the user is anonymized before being sent to its servers (or those of third parties), but research by Tommy Mysk suggests that this is not the case.
Mysk, which recently had already discovered some disturbing user tracking practices by the App Store, claims that user data is actually transmitted by always attaching a unique identifier that makes the user’s identity recognizable.
The tests were conducted using two iPhones, one of which was jailbroken. This last phone was used to decrypt the bulk of the data transmitted by iOS to Apple’s servers, thus discovering that user data is linked to an identifier called DSID. This ID is linked to all the information you provide to Apple: Apple ID, first and last name, phone number, date of birth, email address, and so on.
In its guidelines, Apple claims that personal data is transmitted either in the absence of a connection with the ID, or that it is subjected to anonymization techniques to prevent it from being traced back to the user. Yet the Mysk tests would show that the DSID is always transmitted to Apple’s servers in the same packet with the other analytical information.
“Knowing the DSID is the exact same thing as knowing your name, it’s a unique identity,” explains the researcher. “All of these detailed analyzes of your behavior and habits are linked directly to your identity. That’s a problem, because there’s no way to turn this setting off.”
- Apple Says Your iPhone’s Usage Data is Anonymous, but New Tests Say That’s Not True (gizmodo.com)