Apple Says Your iPhone’s Usage Data is Anonymous

A new test of how Apple gathers usage data from iPhones has found that the company collects personally identifiable information while explicitly promising not to.

The privacy policy governing Apple’s device analytics says the “none of the collected information identifies you personally.” But an analysis of the data sent to Apple shows it includes a permanent, unchangeable ID number called a Directory Services Identifier, or DSID, according to researchers from the software company Mysk. Apple collects that same ID number along with information for your Apple ID, which means the DSID is directly tied to your full name, phone number, birth date, email address and more, according to Mysk’s tests.

According to Apple’s analytics policy, “Personal data is either not logged at all, is subject to privacy preserving techniques such as differential privacy, or is removed from any reports before they’re sent to Apple.” But Mysk’s tests show that show that the DSID, which is directly tied to your name, is sent to Apple in the same packet as all the other analytics information.

“Knowing the DSID is like knowing your name. It’s one-to-one to your identity,” said Tommy Mysk, an app developer and security researcher, who ran the test along with his partner Talal Haj Bakry. “All these detailed analytics are going to be linked directly to you. And that’s a problem, because there’s no way to switch it off.”

Read more

Mots-clés : cybersécurité, sécurité informatique, protection des données, menaces cybernétiques, veille cyber, analyse de vulnérabilités, sécurité des réseaux, cyberattaques, conformité RGPD, NIS2, DORA, PCIDSS, DEVSECOPS, eSANTE, intelligence artificielle, IA en cybersécurité, apprentissage automatique, deep learning, algorithmes de sécurité, détection des anomalies, systèmes intelligents, automatisation de la sécurité, IA pour la prévention des cyberattaques.