A new test of how Apple gathers usage data from iPhones has found that the company collects personally identifiable information while explicitly promising not to.
The privacy policy governing Apple’s device analytics says the “none of the collected information identifies you personally.” But an analysis of the data sent to Apple shows it includes a permanent, unchangeable ID number called a Directory Services Identifier, or DSID, according to researchers from the software company Mysk. Apple collects that same ID number along with information for your Apple ID, which means the DSID is directly tied to your full name, phone number, birth date, email address and more, according to Mysk’s tests.
According to Apple’s analytics policy, “Personal data is either not logged at all, is subject to privacy preserving techniques such as differential privacy, or is removed from any reports before they’re sent to Apple.” But Mysk’s tests show that show that the DSID, which is directly tied to your name, is sent to Apple in the same packet as all the other analytics information.
“Knowing the DSID is like knowing your name. It’s one-to-one to your identity,” said Tommy Mysk, an app developer and security researcher, who ran the test along with his partner Talal Haj Bakry. “All these detailed analytics are going to be linked directly to you. And that’s a problem, because there’s no way to switch it off.”
The findings worsen recent discoveries about Apple’s privacy problems and promises. Earlier this month, Mysk discovered that Apple…
Privacy 2024 Recap – some significant decisions, slow progress for reform
The past year saw a few court decisions of note as well as halting progress toward privacy…