Two iOS developers from Canada and Germany, who are members of the Myst group, have accused Apple of violating user privacy. According to them, this happens using the Directory Service Identifier tool. They report their findings on Twitter.
According to Myst, the App Store has a DSID tool, which stands for Directory Services Identifier. It identifies the iCloud account. This is necessary to determine any data specified in the account: username, email address, all devices, IP addresses, etc. Apple may use this information for its purposes. For example, for advertising. And it is even sent to third-party companies.
At the same time, the privacy rules have the following lines:
Based on the data collected, it is not possible to identify you personally. Personal data is either not included in the reports at all, is processed using privacy technologies such as differentiated privacy, or is removed from all reports before they are sent to Apple.
So it turns out that Apple is violating its own rules? No. Because in the section “App Store and Privacy,” there are other lines:
We use information about your online activity, purchases, searches, and downloads to find new ways to improve our stores. This information is stored along with your IP address, a random unique identifier (if applicable), and your Apple ID if you are signed in to the App Store or another Apple online store.
And it would be nice if this tracking could be turned off. You can even assume that the prohibition of sharing analytics with Apple and developers when setting up an iPhone disables this tracking. However, it is not. Disabling DSID is impossible – users do not have such an opportunity.
Likely, the documents drawn up by Apple’s lawyers do not violate any laws. And even the advertising slogan “What happens on your iPhone, stays on your iPhone” may be true.
However, there is a problem with perception. Legal tricks, if the case goes to court, in this case, may not work – user rules should still be transparent.