Two iOS security researchers have discovered that Apple’s claim of protecting iPhone users’ privacy is far from true.
A Twitter post by Tommy Mysk and Tala Haj Bakry alleges that Apple tracks users via an identifier referred to as ‘Direct Services Identifier‘ (DSID).
Apple requests analytical data from consumers when they set up their iPhones to improve its goods and services. The researchers discovered that a user’s name, email address, and any other information associated with their iCloud account are included in the DSID allocated to their iCloud account.
Bakry and Mysk backed up their claim by demonstrating how Apple uses the DSID to identify DSID accounts with personal data next to the number.
Although Apple claims the DISD is anonymous, the number was found to be connected to the App Store. Thus, Apple processes personally identifiable data it claims to be private.
The discovery follows an earlier discovery of Apple tracking users with disabled tracking settings. Bakry and Mysk said that enabling additional privacy options and disabling analytics tracking had no discernible impact on Apple’s tracking processes.
The discovery is somewhat ironic. Apple is currently engaged in a legal battle with Meta over the tracking of users that opt out of tracking, which is exactly what it’s now charged with itself.
Class action lawsuit
Last year, Meta criticized privacy changes made in iOS 14, saying they were driven by profit instead of privacy. It seems anticompetitive for Apple to exempt itself from the same regulations by collecting user data from consumers that opt out of tracking.
Apple will be tested in court. A class action lawsuit has been filed in response to the earlier discovery by Bakry and Mysk.