RESEARCH: analytics information related to iPhones include a Directory Services Identifier (DSID) that may be used to identify users

The Directory Services Identifier (DSID), which might be used to identify users, is a part of the analytics data acquired by iPhone, according to researchers at the software company Mysk

Because Apple collects both DSID and Apple ID, it can use the former to recognise the user and access any related personal data, such as full name, contact information, date of birth, email address, and address.

RESEARCH: analytics information related to iPhones include a Directory Services Identifier (DSID) that may be used to identify users

“Apple uses DSID to uniquely identify Apple ID accounts. DSID is associated with your name, email, and any data in your iCloud account. This is a screenshot of an API call to iCloud, and DSID it can be clearly seen alongside a user’s personal data” reads a Tweet by Mysk.

The experts claim that this conduct is against the company’s privacy policy, which stipulates that “none of the obtained information identifies you personally.”

According to the policy, “Personal data is either not logged at all, is subject to privacy protecting mechanisms like differential privacy, or is erased from any reports before they’re submitted to Apple.”

“Having a DSID is equivalent to having a name. According to security expert and app developer Tommy Mysk, it’s one-to-one to your identification. “All of these in-depth metrics will be immediately linked to you. And that’s a problem as there isn’t a switch to turn it off.

Recommended:  Capcom hack: Up to 350,000 people's information stolen

It is important to highlight that Mysk researchers used a jailbroken iPhone running iOS 14.6 for their tests in order to be able to decrypt the traffic and determine which data are sent back to Apple.

The experts also tested an iPhone running iOS 16, but security measures implemented by Apple could not allow them to “jailbreak” the device to inspect the traffic. Anyway, the experts argue that a jailbroken phone would send the same data as the latest iOS version.

Apple has yet to respond to a request for comment on the issue.

Earlier this month, Mysk researchers also discovered that Apple collects analytics information even when the users switch off the iPhone setting “Share iPhone Analytics.”

Latest posts by RiSec.n0tst3 (see all)
Recommended:  Apple pays out $100k bounty for Safari webcam hack that imperilled victims’ online accounts
Share the word, let's increase Cybersecurity Awareness as we know it

Leave a Comment

Your email address will not be published. Required fields are marked *

RiSec Captcha 57 − 50 =