Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
The iPhone's pre-installed App Store, Apple Music, Apple TV, Books, and Stocks apps collect data about users even if they have opted out of tracking under the iPhone's privacy policy, according to app developers and cybersecurity experts Tommy Mysk and Talal Haj Bakry.
The Apple App Store client collects real-time data about a user's actions: clicks on buttons and links, search history, ad views, time spent on an app page, and how the user came to the app.
Detailed information about the user and their device is also sent to Apple resources: identifier, phone type, screen resolution, interface language, and Internet connection method. If you disable all options available in the settings — targeted advertising, personalized recommendations, sharing of analytical data — the application continues to collect and send the same set of data.
The Stocks application also collects detailed information:
A list of securities whose quotes the user follows; shares that the user opened through search; as well as links to news materials that the user opened in the application — all of this is sent to the address “https://stocks-analytics-events.apple.com/analyticseventsv2/async”, and goes in a separate stream from the iCloud connection, which is established to synchronize data between devices.
At the same time, the analytical platform uses an identifier that is not associated with data from other applications and collects less information about the device. Interestingly, the Health and Wallet applications do not collect analytics at all — and again, regardless of the privacy settings on the device.
The experts were able to decrypt the data sets sent for analytics using a jailbroken iPhone running iOS 14.6. Using the current phone model running iOS 16, the authors of the study confirmed their findings: Apple applications continued to send similar data streams to the same addresses under similar conditions. It was no longer possible to decrypt this information, but the experts concluded that the newer version of the device performs the same actions.
Mr. Mysk is confident that Apple's actions go beyond the standard industry policy: the same Google Chrome and Microsoft Edge browsers stop sending analytical data when the user sets a ban in the settings.
The Apple App Store client collects real-time data about a user's actions: clicks on buttons and links, search history, ad views, time spent on an app page, and how the user came to the app.
Detailed information about the user and their device is also sent to Apple resources: identifier, phone type, screen resolution, interface language, and Internet connection method. If you disable all options available in the settings — targeted advertising, personalized recommendations, sharing of analytical data — the application continues to collect and send the same set of data.
The Stocks application also collects detailed information:
A list of securities whose quotes the user follows; shares that the user opened through search; as well as links to news materials that the user opened in the application — all of this is sent to the address “https://stocks-analytics-events.apple.com/analyticseventsv2/async”, and goes in a separate stream from the iCloud connection, which is established to synchronize data between devices.
At the same time, the analytical platform uses an identifier that is not associated with data from other applications and collects less information about the device. Interestingly, the Health and Wallet applications do not collect analytics at all — and again, regardless of the privacy settings on the device.
The experts were able to decrypt the data sets sent for analytics using a jailbroken iPhone running iOS 14.6. Using the current phone model running iOS 16, the authors of the study confirmed their findings: Apple applications continued to send similar data streams to the same addresses under similar conditions. It was no longer possible to decrypt this information, but the experts concluded that the newer version of the device performs the same actions.
Mr. Mysk is confident that Apple's actions go beyond the standard industry policy: the same Google Chrome and Microsoft Edge browsers stop sending analytical data when the user sets a ban in the settings.
