๐งต
The App Store on #macOS 13.2 sends detailed usage data and analytics to Apple. All interactions are associated with the user's iCloud ID, or dsid. This happens even when you turn off sharing usage data and analytics.
(1/6) ๐
#Privacy #InfoSec
(2/6)
The App Store on the latest version of macOS (13.2) behaves identically to what we demonstrated on iOS 14.6. This gives a clue that almost certainly the same happens on iOS 16.2. Recap of what iOS 14.6 sends:
(3/6)
Here's an example of the analytics sent when I search for "Holy Moly" on the App Store. Everything is logged and associated with the user's iCloud ID, even when you play a video of an app and click on the unmute button. Data collected can identify a user personally.
(4/6)
During the test, personalized ads as well as sharing analytics with Apple were turned off on the Mac according to Apple's support page. Yet, the App Store has collected as much as 270 KB of rich analytics in a matter of 10 minutes.
(5/6)
The privacy label of the App Store does state that the app collects usage data and links it to the user's identity. However, the description in the Settings of "Share Mac Analytics" gives the impression that usage data will be turned off with that switch. Very vague!
(6/6)
Finally, everyone agrees that you can't be both a privacy company and so obsessed over harvesting first-party analytics. Fortunately for Mac users, there are other ways to install apps on the Mac, a privilege iOS users still don't have.
For more content like this follow us here on Twitter and also on Mastodon: ๐๐
defcon.social/@mysk
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.