New Findings Raise Concerns Over Apple’s Commitment to Privacy
November 9, 2022 at 12:01 p.m.
Cybersecurity researchers Talal Haj Bakry and Tommy Mysk recently found that Apple, a company that prides itself on privacy, is spying on your every move. Apps such as the App Store, Stocks, Apple TV, Books, and Apple Music track users without explicit consent and far more than the industry standard.
In a video Tweeted by Mysk, the researchers show screenshots of data transmitted between an iPhone and Apple’s servers. They tested this out on a jailbroken version of iOS 14.6 but found that even on iOS 16, Apple transmits data to the same servers employed in consumer surveillance. The spying persists, even when users opt out of sending data to Apple.
Specific data transmitted to Apple is shocking, given the company’s stance on privacy. Apps such as the App Store track almost everything you do, including enough details about your device for Apple to figure out exactly who you are. Here’s just some of the data that Apple tracks:
- news articles viewed
- stock watchlist
- names/timestamps of stocks searched
- device ID numbers
- Internet connection type
- device type and model
- keyboard languages
- screen resolution
With all of this information, Apple can effectively monitor users at an individual level. The data transmissions persisted when Bakry and Mysk attempted to turn off all data-sharing options. This type of surveillance is what you’d expect from Amazon because they admit it and take pride in their ability to manage massive amounts of data. But even Amazon doesn’t monitor its customers to this extent.
It’s important to note that apps such as Health and Wallet do not exhibit this behavior. It indicates that Apple is aware of the intrusive nature of its data collection operations but limits it to less sensitive apps. After all, the Health app is HIPAA compliant, so Apple would face federal charges if they harvested that data.
The security duo looked at how Google and Microsoft manage sensitive data. When you opt out of sharing information with both corporations, they respect your wishes. Despite Apple’s pro-privacy marketing, the company spies on users more than Microsoft or Google because both allow customers to opt out of data collection and, more importantly, honor this request.
Apple’s motives are clear. They’re doing this for the sake of profit. As iPhone sales fall, the company needs to compensate by selling more apps and services. By harvesting user data, they can more effectively steer users to apps and services they’re more inclined to purchase.
Apple obviously uses your Apple ID to maintain some persistence across its systems. Otherwise, you’d need to log in again and again. Most users are upset that they must infrequently enter their credentials.
Many users aren’t bristled by this kind of surveillance. They see it as beneficial because recommendations are more salient. But Apple Music doesn’t need to collect all of this information to figure out that you’re into a particular genre of music. They’re more likely trying to figure out if you listen to music at the gym, in your car, or when you go running to understand your lifestyle better and offer appropriate products and services.
A web browser posts HTTP header data to a server, including operating system, screen resolution, and other sensitive data. It’s been going on for decades. Perhaps one day, the EU will figure it out and try to end it, creating another headache for big tech and small developers alike.
The problem here is one of surprise for some, but not so much for Appledystopia staff. We’ve all worked in technology. We’re well aware of the double speak. It’s like someone telling me, an adult, that Santa Claus doesn’t exist. Of course, Apple doesn’t live up to its privacy pledge. The company is well known for its reality distortion field. Apple’s privacy claims radiate from this field. They also claim to be innovative, yet the iPhone 13 and 14 are practically the same!
This is not the first iOS security flaw that Bakry and Mysk uncovered. Three years ago, the duo found that iOS apps can read the clipboard, which often exposes sensitive data. They reported this to Apple, yet the company refused to pay a bug bounty to the duo, claiming it wasn’t a security flaw.