Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple's App Store analytics may be able to identify users

Apple is allegedly able to identify a user in analytics it collects, according to security researchers, via a unique identifier that can be associated with a user's iCloud account.

As a privacy-focused company, Apple's introduction of App Tracking Transparency, as well as assurances it would not collect identifiable data on a user's usage habits, is supposed to assure users they won't necessarily be tracked and their data monetized in some way. In details unearthed by two researchers, it seems Apple may be able to do so.

In a series of Monday tweets, iOS developers Mysk continued researching Apple's systems, and discovered an ID in its analytics data referred to as "dsId." It was later determined that this refers to a "Directory Services Identifier," which is linked to an iCloud account.

Each DSID can, in theory, be collated with an existing iCloud account. If the research is accurate, if Apple chose to do this, it has the associated user's name, email, and other details relating to the account.

The identifier is included in all analytics data the App Store sends to Apple, with other apps also doing the same thing. Mysk reckons this means "your detailed behavior when browsing apps on the App Store is sent to Apple, and contains the ID needed to link the data to you."

Mysk points out that Apple's own Device Analytics & Privacy statement states "None of the collected information identifies you personally," which is characterized as "inaccurate."

Apple has previously and publicly asserted that it isn't in the business of selling user data, and also explained how it uses data in its ad platforms. This includes assertions that its ad platform does not connect user or device data with data collected from third parties for targeted advertising, and that it doesn't share user device or device identification with data collection firms.

Despite claims it doesn't sell data, and that it works to anonymize data that is used by clients of its ad platform, the issue here is that Apple still could potentially use the identifiable data for its own purposes, and that there is evidence that it has the capability of collecting identifiable data.

AppleInsider has reached out to Apple for comment.

On November 12, an attempted class action suit against Apple emerged, alleging that Apple violates the user's right to privacy due to it knowing what users are looking at on the App Strore. That lawsuit was based on research by Mysk, but at the time, the researchers couldn't examine what data was sent in iOS 16 due to the use of encryption.



29 Comments

rob53 13 Years · 3312 comments

“May be able to”? Either they can or they can’t. The Twitter statement says they can but can we ever say anything on Twitter us accurate? 

starof80 4 Years · 19 comments

JP234 said:
As long as Apple isn't selling that data to third parties, and uses it to improve my user experience, I don't care.

Agreed 

DAalseth 6 Years · 3067 comments

Able to do something is different than doing it.
I’m able to rob a bank, that doesn’t mean I should be accused of it. 

Show me some evidence.

lkrupp 19 Years · 10521 comments

Allegedly, theoretically, could, might? This is nothing but a witch hunt and belongs in the National Enquirer along with the latest alien abduction reports.

Designed to place doubt in the minds of users pure and simple 

bobolicious 10 Years · 1177 comments

... call me surprised ... (not so much : )
... is the broader data market for derivative data, per shoshanazuboff.com/book/shoshana/ ...?
... also does Apple often limit representations to 'others' when discussing selling personal data and privacy ...?
Also is 'core ml' potentially part of commodifying privacy while attracting developers...?
www.wired.com/story/core-ml-privacy-machine-learning-ios/