They claimed it's from "analytics data" But what they actually did is just look at the request body of API calls (probably using something like WireShark)

That's completely different things

To simplify what's going on:

Apple: Did you buy this game? User: Yes here is my user id Apple: Oh I can confirm that there is a transaction record for this game with your user id

???: Apple lied. Apple invaded user privacy.

I don't know the true purpose of these request body and the API calls.

No one does except who actually implemented these API calls and who handles the data inside Apple.

Just simply having some kind of user ID in API calls doesn't say anything. If you are using any service that has user account, this happens all the time. Your posts, comments, profile picture on Reddit is associated with some kind of user id. Without user id, how can Reddit remembers your posts, comments?

It's same for App Store. The apps you bought, you subscribed etc is associated with user id.

Having user id in the API calls doesn't mean a service is tracking and analyzing your behavior. That is totally different story that this article and the tweets from two dudes has not proved anything

You (and the two dudes who claimed this) are assuming that DSID is found in the analytics data, which is not true.

The DSID is found in the request body of API calls while two dudes browsing App Store.

But the purpose of those API calls are unknown. And only someone who works at Apple handles these data knows the purpose. It is unknown whether that API calls were for the purpose of tracking user behavior or just simply checking whether the user bought the apps on the current page or the device can run certain apps etc.

To verify whether Apple actually collects data for user analytics, someone needs to investigate their backend services and databases. Not some API calls.

That's why this article and the "analysis" by two dudes are simply clickbaits.

Do you know what API call is? How do you know those API calls with DSID are the purpose of analytics unless you work at Apple and knows how the data is used?

The "analysis" just grabbed request body from API calls

Not every API call is for analytics. How someone outside Apple know whether the API call was for analytics?

This is very misleading article and "analysis". Any service that requires user information needs an identifier. For example, when a user purchased an app then that transaction of user and app needs to be recorded to store purchase history.

Just communicating with user id doesn't mean privacy invasive information is recorded. It can be just checking whether the user purchased certain apps in App Store not tracking user behaviors in creepy details like Meta.