SecureMac, Inc.

Checklist 303: App Store Tracking Opacity

November 10, 2022

An Apple App Store privacy story — should iOS users be worried? Plus: a small round of updates with UX fixes, security content, and a (possible) political basis for some users.

Checklist 303: App Store Tracking Opacity

On this week’s edition of The Checklist:

  • Privacy in the App Store?
  • iOS updates to know about

Is Apple watching what you do in the App Store?

The App Store is getting more ads — and that has some experts worried about the implications for user privacy.

According to a piece in 9to5Mac, a pair of security researchers known as “Mysk” have published research showing that iOS logs how users interact with the App Store.

The duo say that Apple has been tracking user actions in the App Store since mid-2021. To quote a series of tweets from Mysk’s Twitter account:

The recent changes that Apple has made to App Store ads should raise many #privacy concerns. It seems that the #AppStore app on iOS 14.6 sends every tap you make in the app to Apple.

As the user browses the App Store app, detailed usage data is sent to Apple simultaneously. The data contains IDs to map the behavior to a profile…

Should iOS users be worried?

So is this a serious issue for user privacy on iOS?

It depends who you ask.

An extremely privacy-conscious user might not be happy with any level of user behavior tracking — even by Apple.

But the more moderate view is that Apple in the App Store is just like any business running a shop: They want to know if their setup is working. In the physical world, if you walk into a Macy’s or a Target, you probably expect some level of visual monitoring by sales staff and marketing researchers. Stores want to track foot traffic patterns, sales, returns, and so on — and figure out which display and signage layouts are working, and which ones aren’t.

In a way, this is basically all that Apple is doing in the App Store. And it’s worth noting that the company says it doesn’t collect any personally identifiable data. Your activity tracked in the App Store is used to create anonymous “segments”: groups of people with similar characteristics relevant to advertisers. Your Apple ID isn’t used in this process, and other steps are taken to ensure that you can’t be identified individually.

It’s true that similar claims to “data anonymization” made by other tech companies have been shown to be false in the past. But in general, Apple has an excellent reputation for both privacy as well as technical competence — and has made user privacy a major selling point of its platform. In addition, Mysk’s research didn’t examine the latest version of iOS, so it’s not clear if the issue is still relevant.

Bottom line? The story is definitely one to watch, because no company should ever be above scrutiny when it comes to privacy. And if Apple is found to be doing something that makes users uncomfortable, then it’s up to those users to pressure Cupertino to change its ways! 

A handful of updates from Apple

MacRumors reports that Apple has released updates for Mac and mobile: macOS Ventura 13.0.1, iOS 16.1.1, and iPadOS 16.1.1. 

The updates are mostly bug fixes (very good news for iPhone users affected by a frustrating Wi-Fi connectivity issue). But one change to iOS in China is raising eyebrows: Users there will only be able to leave AirDrop open to “Everyone” for a maximum of 10 minutes.

No one is entirely sure what’s behind the change, but 9to5Mac reports that:

Some people speculate that the Chinese regulator required Apple to update iOS as an attempt to prevent anonymous people from spreading harmful content and anti-government material.

Free speech considerations aside, it’s debatable whether or not users who can leave AirDrop open to “Everyone” should actually do so. People can send you all sorts of questionable or disturbing media, so you might want to restrict AirDrop to “Contacts Only” (or just turn the feature off entirely until you need it). To see your current AirDrop settings, head for Settings > General > AirDrop.

In addition to the bugs and (possible) political implications of these latest updates, there were also some security patches for macOS, iOS, and iPadOS. So if you haven’t updated your systems yet, take a second to do so today!

Get the latest security news and deals