Wednesday, May 29, 2024

RESEARCH: analytics information related to iPhones include a Directory Services Identifier (DSID) that may be used to identify users

The Directory Services Identifier (DSID), which might be used to identify users, is a part of the analytics data acquired by iPhone, according to researchers at the software company Mysk

Because Apple collects both DSID and Apple ID, it can use the former to recognise the user and access any related personal data, such as full name, contact information, date of birth, email address, and address.

“Apple uses DSID to uniquely identify Apple ID accounts. DSID is associated with your name, email, and any data in your iCloud account. This is a screenshot of an API call to iCloud, and DSID it can be clearly seen alongside a user’s personal data” reads a Tweet by Mysk.

The experts claim that this conduct is against the company’s privacy policy, which stipulates that “none of the obtained information identifies you personally.”

According to the policy, “Personal data is either not logged at all, is subject to privacy protecting mechanisms like differential privacy, or is erased from any reports before they’re submitted to Apple.”

“Having a DSID is equivalent to having a name. According to security expert and app developer Tommy Mysk, it’s one-to-one to your identification. “All of these in-depth metrics will be immediately linked to you. And that’s a problem as there isn’t a switch to turn it off.

Recommended:  End 2 End Encryption (E2EE) Is Finally here, kind of, for Apple Device Backups

It is important to highlight that Mysk researchers used a jailbroken iPhone running iOS 14.6 for their tests in order to be able to decrypt the traffic and determine which data are sent back to Apple.

The experts also tested an iPhone running iOS 16, but security measures implemented by Apple could not allow them to “jailbreak” the device to inspect the traffic. Anyway, the experts argue that a jailbroken phone would send the same data as the latest iOS version.

Apple has yet to respond to a request for comment on the issue.

Earlier this month, Mysk researchers also discovered that Apple collects analytics information even when the users switch off the iPhone setting “Share iPhone Analytics.”

ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates