Trisha Kae Andrada, Tech Times

A security analyst has found that iPhones are collecting and transmitting Apple analytics data regardless of whether or not the user agreed to this during setup. 

In a report by 9to5Mac, the researcher was astounded by the amount of information gathered.

It has now been claimed in a class action complaint that Apple's assurances of user privacy are totally fictitious.

Mysk's Discoveries

Developer and security researcher Tommy Mysk revealed the finding, adding to his previous reports that many iOS applications do not use VPNs while transmitting data to Apple.

He conducted his own experiments by monitoring the IP addresses being visited by applications while connected to a VPN. 9to5Mac reported that he discovered several of the built-in Apple apps bypassed the VPN and instead communicated with Apple's servers directly.

Consequently, there is a possibility that Internet service providers (ISPs) or hackers conducting man-in-the-middle (MITM) attacks using easily-created counterfeit Wi-Fi hotspots might intercept any data sent to or from these servers.

Moreover, Mysk has previously found that Apple's Watch's Mail app did not implement the Mail Privacy Protection function. Apple eventually patched the issue.

Related Article: Apple App Store Privacy Dispute: Researchers Claim that Cupertino Tracks Everything You Type

Illegally-Sent Data

With each new iPhone setup, you will be asked whether you are okay with Apple gathering analytics data. Of course, no analytics data will be transferred to Apple if you choose not to give your approval.

Mysk observed, however, that even with this option disabled, Apple applications were still collecting and transmitting the information. In fact, he saw no difference in the data sent regardless of whether the user granted or denied access.

9to5Mac added that Mysk first saw this in Apple's App Store.

Many privacy concerns have been prompted by Apple's recent modifications to App Store advertisements. It would seem that with iOS 14.6, every touch in the App Store app is sent to Apple. 

Details about the user's activity on the App Store are given to Apple in real time as they explore. The data has identifiers that may be used to connect a user's actions to a predefined profile.

Even with permission, the amount and specificity of data collected are too large, according to Mysk, since it includes everything necessary for device fingerprinting. 

Device fingerprinting is a method employed by firms like Meta to circumvent App Tracking Transparency. To be clear, according to 9to5Mac, Apple's developer standards strictly restrict any such workarounds.

Your app searches, ad views, app page clicks, and page views were all sent in real-time by the App Store app.

Class Action Lawsuit

Based on a report by Gizmodo, a lawsuit was filed last week in federal court in California as a result of this practice.

Apple is being sued for allegedly breaking California's Invasion of Privacy Act. 

According to the complaint, the plaintiff, Elliot Libman, stated, "Privacy is one of the main issues that Apple uses to set its products apart from competitors. But Apple's privacy guarantees are completely illusory."

The company's catchphrase, "Privacy. That's iPhone," appears on billboards throughout the US.

See Also: iOS 16.1 Flaws Could Allow Hackers Run iPhone Commands; Apple Releases iOS 16.1.1 Security Fixes

This article is owned by Tech Times

Written by Trisha Kae Andrada

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion