Comments
Darkassassin07 t1_ixi1f9v wrote
*shocked pikachu face*
15acf4d3 t1_ixi6dqx wrote
This is very misleading article and "analysis". Any service that requires user information needs an identifier. For example, when a user purchased an app then that transaction of user and app needs to be recorded to store purchase history.
Just communicating with user id doesn't mean privacy invasive information is recorded. It can be just checking whether the user purchased certain apps in App Store not tracking user behaviors in creepy details like Meta.
lovepig1337 t1_ixicmtf wrote
Yeah, this is not a big deal.
JonnyGraphite t1_ixiq333 wrote
Please tell them this on the r/Apple because it’s an apocalypse there
xXTheBigBearXx t1_ixj3rpu wrote
The analytics are supposed to be anonymous, so if they're being sent with an identifier, they're not anonymous, simple as that.
15acf4d3 t1_ixj53y2 wrote
The "analysis" just grabbed request body from API calls
Not every API call is for analytics. How someone outside Apple know whether the API call was for analytics?
xXTheBigBearXx t1_ixj85nw wrote
Did you even read the thread?
The analytics contains an identifier. That same identifier is returned from an iCloud API call to retrieve an account.
Meaning the analytics data is tied to accounts
15acf4d3 t1_ixj8plv wrote
Do you know what API call is? How do you know those API calls with DSID are the purpose of analytics unless you work at Apple and knows how the data is used?
virtuoussimplicity59 t1_ixj8sx1 wrote
It is good to know that Apple takes this very seriously. It seems like Apple would also develop their own app to scan your device for any vulnerabilities.
xXTheBigBearXx t1_ixjciu6 wrote
The API calls are irrelevant to the purpose of the analytics??
The point is the analytics contains an identifier, which is linked to the iCloud account as proved by the API call
15acf4d3 t1_ixjg9fz wrote
You (and the two dudes who claimed this) are assuming that DSID is found in the analytics data, which is not true.
The DSID is found in the request body of API calls while two dudes browsing App Store.
But the purpose of those API calls are unknown. And only someone who works at Apple handles these data knows the purpose. It is unknown whether that API calls were for the purpose of tracking user behavior or just simply checking whether the user bought the apps on the current page or the device can run certain apps etc.
To verify whether Apple actually collects data for user analytics, someone needs to investigate their backend services and databases. Not some API calls.
That's why this article and the "analysis" by two dudes are simply clickbaits.
xXTheBigBearXx t1_ixjh4nu wrote
So what your saying is the second screenshot from their Tweets is an API return also, and not analytics then?
15acf4d3 t1_ixjidls wrote
I don't know the true purpose of these request body and the API calls.
No one does except who actually implemented these API calls and who handles the data inside Apple.
Just simply having some kind of user ID in API calls doesn't say anything. If you are using any service that has user account, this happens all the time. Your posts, comments, profile picture on Reddit is associated with some kind of user id. Without user id, how can Reddit remembers your posts, comments?
It's same for App Store. The apps you bought, you subscribed etc is associated with user id.
Having user id in the API calls doesn't mean a service is tracking and analyzing your behavior. That is totally different story that this article and the tweets from two dudes has not proved anything
15acf4d3 t1_ixjiy4d wrote
To simplify what's going on:
Apple: Did you buy this game? User: Yes here is my user id Apple: Oh I can confirm that there is a transaction record for this game with your user id
???: Apple lied. Apple invaded user privacy.
xXTheBigBearXx t1_ixjiykp wrote
You didn't answer my question..
Did they not tweet an image of some Analytics data, which contains the dsId?
15acf4d3 t1_ixjj7w0 wrote
They claimed it's from "analytics data" But what they actually did is just look at the request body of API calls (probably using something like WireShark)
That's completely different things
muffdivemcgruff t1_ixkxz28 wrote
No, the identifier is only return when you are logged into icloud and have credentials.
When uoure not logg in and requesting the data it does not return the identifiers.
xXTheBigBearXx t1_ixlmgnf wrote
Yes, but there shouldn't be an identifier in analytics if you're logged in either. They should be anonymous.
AutoModerator t1_ixhyvuk wrote
We have multiple giveaways running!
Phone 14 Pro & Ugreen Nexode 140W chargers Giveaway!
WOWCube® Entertainment System!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.