Comments

You must log in or register to comment.

15acf4d3 t1_ixi6dqx wrote

This is very misleading article and "analysis". Any service that requires user information needs an identifier. For example, when a user purchased an app then that transaction of user and app needs to be recorded to store purchase history.

Just communicating with user id doesn't mean privacy invasive information is recorded. It can be just checking whether the user purchased certain apps in App Store not tracking user behaviors in creepy details like Meta.

14

xXTheBigBearXx t1_ixj3rpu wrote

The analytics are supposed to be anonymous, so if they're being sent with an identifier, they're not anonymous, simple as that.

5

15acf4d3 t1_ixj53y2 wrote

The "analysis" just grabbed request body from API calls

Not every API call is for analytics. How someone outside Apple know whether the API call was for analytics?

−1

xXTheBigBearXx t1_ixj85nw wrote

Did you even read the thread?

The analytics contains an identifier. That same identifier is returned from an iCloud API call to retrieve an account.

Meaning the analytics data is tied to accounts

4

15acf4d3 t1_ixj8plv wrote

Do you know what API call is? How do you know those API calls with DSID are the purpose of analytics unless you work at Apple and knows how the data is used?

0

xXTheBigBearXx t1_ixjciu6 wrote

The API calls are irrelevant to the purpose of the analytics??

The point is the analytics contains an identifier, which is linked to the iCloud account as proved by the API call

2

15acf4d3 t1_ixjg9fz wrote

You (and the two dudes who claimed this) are assuming that DSID is found in the analytics data, which is not true.

The DSID is found in the request body of API calls while two dudes browsing App Store.

But the purpose of those API calls are unknown. And only someone who works at Apple handles these data knows the purpose. It is unknown whether that API calls were for the purpose of tracking user behavior or just simply checking whether the user bought the apps on the current page or the device can run certain apps etc.

To verify whether Apple actually collects data for user analytics, someone needs to investigate their backend services and databases. Not some API calls.

That's why this article and the "analysis" by two dudes are simply clickbaits.

3

xXTheBigBearXx t1_ixjh4nu wrote

So what your saying is the second screenshot from their Tweets is an API return also, and not analytics then?

3

15acf4d3 t1_ixjidls wrote

I don't know the true purpose of these request body and the API calls.

No one does except who actually implemented these API calls and who handles the data inside Apple.

Just simply having some kind of user ID in API calls doesn't say anything. If you are using any service that has user account, this happens all the time. Your posts, comments, profile picture on Reddit is associated with some kind of user id. Without user id, how can Reddit remembers your posts, comments?

It's same for App Store. The apps you bought, you subscribed etc is associated with user id.

Having user id in the API calls doesn't mean a service is tracking and analyzing your behavior. That is totally different story that this article and the tweets from two dudes has not proved anything

3

xXTheBigBearXx t1_ixjiykp wrote

You didn't answer my question..

Did they not tweet an image of some Analytics data, which contains the dsId?

2

15acf4d3 t1_ixjj7w0 wrote

They claimed it's from "analytics data" But what they actually did is just look at the request body of API calls (probably using something like WireShark)

That's completely different things

3

15acf4d3 t1_ixjiy4d wrote

To simplify what's going on:

Apple: Did you buy this game? User: Yes here is my user id Apple: Oh I can confirm that there is a transaction record for this game with your user id

???: Apple lied. Apple invaded user privacy.

3

muffdivemcgruff t1_ixkxz28 wrote

No, the identifier is only return when you are logged into icloud and have credentials.

When uoure not logg in and requesting the data it does not return the identifiers.

2

xXTheBigBearXx t1_ixlmgnf wrote

Yes, but there shouldn't be an identifier in analytics if you're logged in either. They should be anonymous.

1

lovepig1337 t1_ixicmtf wrote

Yeah, this is not a big deal.

2

JonnyGraphite t1_ixiq333 wrote

Please tell them this on the r/Apple because it’s an apocalypse there

−2

virtuoussimplicity59 t1_ixj8sx1 wrote

It is good to know that Apple takes this very seriously. It seems like Apple would also develop their own app to scan your device for any vulnerabilities.

0