Comments

You must log in or register to comment.

15acf4d3 t1_ixi6dqx wrote

This is very misleading article and "analysis". Any service that requires user information needs an identifier. For example, when a user purchased an app then that transaction of user and app needs to be recorded to store purchase history.

Just communicating with user id doesn't mean privacy invasive information is recorded. It can be just checking whether the user purchased certain apps in App Store not tracking user behaviors in creepy details like Meta.

14

xXTheBigBearXx t1_ixj85nw wrote

Did you even read the thread?

The analytics contains an identifier. That same identifier is returned from an iCloud API call to retrieve an account.

Meaning the analytics data is tied to accounts

4

virtuoussimplicity59 t1_ixj8sx1 wrote

It is good to know that Apple takes this very seriously. It seems like Apple would also develop their own app to scan your device for any vulnerabilities.

0

xXTheBigBearXx t1_ixjciu6 wrote

The API calls are irrelevant to the purpose of the analytics??

The point is the analytics contains an identifier, which is linked to the iCloud account as proved by the API call

2

15acf4d3 t1_ixjg9fz wrote

You (and the two dudes who claimed this) are assuming that DSID is found in the analytics data, which is not true.

The DSID is found in the request body of API calls while two dudes browsing App Store.

But the purpose of those API calls are unknown. And only someone who works at Apple handles these data knows the purpose. It is unknown whether that API calls were for the purpose of tracking user behavior or just simply checking whether the user bought the apps on the current page or the device can run certain apps etc.

To verify whether Apple actually collects data for user analytics, someone needs to investigate their backend services and databases. Not some API calls.

That's why this article and the "analysis" by two dudes are simply clickbaits.

3

15acf4d3 t1_ixjidls wrote

I don't know the true purpose of these request body and the API calls.

No one does except who actually implemented these API calls and who handles the data inside Apple.

Just simply having some kind of user ID in API calls doesn't say anything. If you are using any service that has user account, this happens all the time. Your posts, comments, profile picture on Reddit is associated with some kind of user id. Without user id, how can Reddit remembers your posts, comments?

It's same for App Store. The apps you bought, you subscribed etc is associated with user id.

Having user id in the API calls doesn't mean a service is tracking and analyzing your behavior. That is totally different story that this article and the tweets from two dudes has not proved anything

3

15acf4d3 t1_ixjiy4d wrote

To simplify what's going on:

Apple: Did you buy this game? User: Yes here is my user id Apple: Oh I can confirm that there is a transaction record for this game with your user id

???: Apple lied. Apple invaded user privacy.

3

15acf4d3 t1_ixjj7w0 wrote

They claimed it's from "analytics data" But what they actually did is just look at the request body of API calls (probably using something like WireShark)

That's completely different things

3