Apple has centered its attention on consumer privacy in recent years. The iPhone maker has sparred with other Big Tech corporations about the issue, most notably Facebook owner Meta. Apple’s efforts to secure consumers’ data have resulted in billions of dollars in revenue losses for networks such as Facebook.
However, it turns out that Apple has been gathering user data on its own, even if users have specifically adjusted their settings to prevent the corporation from doing so. Apple is now being sued.
Apple touts the privacy and security features of its iPhones and other products, but some important results from a security researcher imply the reverse is happening behind the scenes. It turns out that Apple tracks user internet activity even when the setting is turned off.
Tommy Mysk and Talal Haj Bakry, app developers and security researchers with the software company Mysk, published their discoveries on Twitter in a comprehensive discussion. According to their study, Apple recently changed App Store advertisements to track every tap you make on the app, at least on iOS 14.6.
Even when data usage and customized advertisements are disabled, all data is provided to Apple in a single request.
As the user navigates the App Store app, it provides precise usage statistics to Apple. The data comprises IDs, which allow user behavior to be linked with a user’s profile. This runs against Apple’s rigorous improvements in iOS 14.5 to prevent developers from fingerprinting users.
The researchers point out that even if the user has authorized apps to share analytics data with Apple, the amount of information supplied is excessive.
It is unclear whether Apple collects this data in iOS 16, even when data collection and targeted adverts are off. Nonetheless, these findings are quite alarming for a firm that publicly promotes privacy with all of its products.
It’s no surprise that Apple is also getting into trouble over it. Last Monday, a class action complaint was filed against Apple, alleging that the company’s conduct violated the California Invasion of Privacy Act. It focuses on the false sense of privacy that comes from data gathering settings that don’t alter anything, rather than the data Apple collects through its apps.