Apple Device Analytics Contain Identifying iCloud User Data, Claim Security Researchers

[prime17569]

If true, and still occurring on the latest iOS version, this would be greatly damaging to Apple's reputation among its customers. I would wait for more evidence, though.

You can view the data your device collects by going to Settings > Privacy & Security > Analytics & Improvements > Analytics Data.

If the researchers are looking at these files, it is possible that, as another commenter mentioned, they go through a processing and de-identification step before being sent to Apple. (Some of these files appear to be in machine-readable JSON, which would make such a process easier.)

You can also see the App Privacy Report to determine which Apple domains your device contacts.

Hope this is helpful.

 

[steve09090]

It doesn't mean it's a non issue Your logic is a little circular: you trust Apple in respect to privacy, but when it is revealed that something Apple does is not as they say it is, you nevertheless don't think it's an issue because you trust Apple in respect to privacy.

To clarify. I trust that they intend to do what they say, but sometimes they make mistakes that are not intentional. It’s not the first time that they have done that and they have rectified it in the past. But as I said, don't trust privacy on the internet, but I trust that Apple are trying more than the others.

I agree that it’s not a non-issue and it needs to be addressed (which I said), but won't lose sleep over It.

Here in Australia, we just had our second largest Telco (Optus), and our largest Medical Insurer (Medibank) hacked with soooo much data stolen: Passport, Drivers Licence, Emails, Date of Birth, Names, Addresses, Medical records and much more with that data either sold or distributed freely on the Dark Web. So that’s why I’m a bit more circumspect over an anonymous iCloud number that only Apple can use.

 

[solq]

So that’s why I’m a bit more circumspect over an anonymous iCloud number that only Apple can use.

Let's not get into it too much but Pegasus has been in use for at least half a year. When you say "only Apple" there's a lot of hope and positive emotion doing heavy lifting there.

And if this latest trick is true, Apple might get in trouble with the EU, since this violates GDPR.

 

[InGen]

Big if true, but confirms what many privacy conscious people have suspected about the collection of tiny but important bits of our metadata that can be used directly or indirectly to link your online movements back to you and your devices.

People are aware that WhatsApp conversations are e2e “encrypted”, and yet don’t realise that as part of their Terms & Conditions they will collect all other relevant metadata metrics like what numbers communicate with others, how often and what time messages are sent and received, Device I.Ds & full Contact lists.

And when you “report” a message to WhatsApp in-app, you are granting WhatsApp permission to see the full conversation by inviting them in so-to-say. They collect and keep that data.

These tech conglomerates may not be currently seeing what humans are whispering to each other (although they still do in most communication forums like Discord, Zoom & Dating Apps), but they are seeing who, when & where, in real time. That information is power like you wouldn’t believe.

You are being managed.

 

[MNGR]

I don’t know enough about the report. However it is plain to me that Apple has to know and connect all applications purchases in the App Store to your account.
And that would be true of any vendor that sells you an application for any platform.

 

[bluecoast]

I can't believe that it's an oversight, as Apple claim they are all out for user privacy.

So there's obviously a reason for this.

This is bad enough - it would be depressing if this is to do with serving ads.

 

[solq]

I don’t know enough about the report. However it is plain to me that Apple has to know and connect all applications purchases in the App Store to your account.
And that would be true of any vendor that sells you an application for any platform.

Of course, but this report isn't about that. It's about analytics data containing info that can identify users. The reference to App Store is that it sends analytics whether you opted in or not. Different things, both unwelcome.

 

[InGen]

I don’t know enough about the report. However it is plain to me that Apple has to know and connect all applications purchases in the App Store to your account.
And that would be true of any vendor that sells you an application for any platform.

What’s being discussed here is Analytical Usage Data which is sent to Apple by users who consent into the program on their device, under the expectation that what Apple is receiving is completely anonymous data sets of usage metrics, raw numbers pertaining to how things are used. It is the expectation that what Apple receives is aggregate data with no connection to any specific Apple user. This revelation feels like an (intentionally allowed) backdoor that could be used without recourse to identify usage habits of whomever Apple pleases.

Apple already shares sensitive iCloud & Device data in certain jurisdictions to certain governments or law enforcement agencies. If a request is made for this kind of data by these countries, technically Apple could now fulfil this request if obliged by law.

 

[Eldaerenth Faexidor]

The last known words of wise man …

You trust them because they do what they say, than when they don’t … trust them anyway.

So why do you feel safe? Faith?

Nope. I feel safe because I’ve turned it off, right from the get go. Lol. So chill my wise friend and have a nice day! ✌🏼

 

[Heat_Fan89]

No surprise, really. They all do it. Once you are on the internet, you are being owned. If you want to avoid this stuff, don't connect to the internet, use a landline phone, get your favorite Telco to start installing pay phones and use cash only.

 

[rmariboe]

Really should be off by default if Apple actually cares about privacy instead of saying they care about privacy.

It is off by default 🤔

 

[spinedoc77]

Madness that you can say "toaster" around another manufacturers devices and suddenly you see toasters everywhere but no one investigates this.

This is so completely crazy and conspiracy theory-esque, but it's damn true and it seems to be more and more prevalent. Now I *often* find something I may have said in a phone conversation or verbally to someone else pop up in my ads magically. With so many listening devices around us now it seems to make sense, and I wouldn't be surprised if this didn't pop up as the next huge scandal. Of course being the sheep we are it will make the weekly news cycle, then be forgotten in a week or 2 while behind the scenes laws are made by lobbyists and enacted by politicians legalizing such maneuvers.

 

[OnawaAfrica]

bruh he checks icloud endpoit which has directly todo with icloud and iDevice Setup process and obviosly this includes ur icloud ID and ur Device ID.

 

[Shirasaki]

No surprise, really. They all do it. Once you are on the internet, you are being owned. If you want to avoid this stuff, don't connect to the internet, use a landline phone, get your favorite Telco to start installing pay phones and use cash only.

But then, people around you don’t care, which makes you a standout, even easier to own.

 

[Chazak]

Quite the range of opinions!

I will withhold mine until I have done more than just read the article to educate myself.

 

[Chazak]

First day on the internet?

On a serious note, this is becoming an alarming trend where people even share information they haven't fully processed nor understood.

I don't think the "alarming" trend is new at all. People claiming to know something about something they know nothing about is not a new trend. It's been around for a few thousand years!

 

[bluecoast]

I'm really starting to lose faith in Apple, privacy-wise.

I'm now no longer confident that Apple really does what it says it does.

A year ago for example, when I upgraded to Monterey, loads of my iCloud tabs from a year or so ago appeared in Safari even though they were meant to be deleted. Obviously not.

So what else is Apple keeping?

I'm starting to think 'security through obscurity' is actually a really bad idea.

 

[rp100]

News flash: all your internet-connected devices are recording personally identifiable info on everything you do while simultaneously saying you aren’t personally identifiable because, um, end-to-end encryption.

 

[0924487]

Some people's privacy concerns are based on capability, others are based on intent. I've long learned that it's a very personal thing that you just have to respect.

I only care about the capacity of being evil.

I believe in security and privacy by engineering, not by promise.

If Russia promises not to nuke the US, you think the US will retire all of the nuke arsenals?

 

[0924487]

No. There is an ID identifier. No where is does it say it is linked to a name and address. Read the article again.

Do you know what an Directory Services Identifier is?

The other rubbish about mobile phone numbers etc is irrelevant because nowhere does it even elude to being able to read the contacts of the iCloud.

If I have your drivers license, and I have access to the ministry database for this, you think I don’t know your address, your phone number, your DOB, and your favourite sex position?

 

[antiprotest]

The true face of Apple.

I feel nothing about this. Not surprised or angry. Instead, I am surprised and frustrated that after years of similar news about Apple so many people are still convinced Apple is all about privacy. Whether due to hypocrisy or incompetence, Apple is not about privacy. They haven't been for a long time. Just accept that Apple is just like or becoming just like Facebook and Google, except much more hypocritical.

 

[ghanwani]

I have nothing to hide. (Gotta come out and say it before anyone else does.) In fact, I hope Apple already knows that I feel pretty lousy about their privacy practices.

 

[GeoStructural]

It was not Facebook who hacked your phone to track you. It was Apple giving your data to Facebook by default.

This 👆. This is what people here fail to realize, remember, or refuse to accept.

And there are reports that even before implementing the new "Privacy preserving measures" Apple met with Facebook to discuss financial benefits for both.

 

[Apple_Robert]

I will refer you to https://www.apple.com/legal/privacy/law-enforcement-guidelines-us.pdf

If you look at page 11, section J, you'll see that Apple DOES have access to your iCloud data, since they're able to share it with law enforcement. Most telling is "Apple retains the encryption keys in its U.S. data centers", so they clearly have both the encrypted data and the encryption keys, which means they have full access to your iCloud data.

That only applies if a user performs device iCloud backups. Otherwise, Apple doesn’t have access.

 

[Naraxus]

The true face of Apple.

I feel nothing about this. Not surprised or angry. Instead, I am surprised and frustrated that after years of similar news about Apple so many people are still convinced Apple is all about privacy. Whether due to hypocrisy or incompetence, Apple is not about privacy. They haven't been for a long time. Just accept that Apple is just like or becoming just like Facebook and Google, except much more hypocritical.

Exactly. Apple has never been about privacy. They've only been less open about what they actually do with your data. Like you, it amazes me as well that after so many examples to the contrary people still think Apple has their back and their best interests in mind when it comes to privacy.