Myst researchers Tommy Mysk and Talal Haj Bakry report finding that iOS keeps sending data to Apple “with every tap on the screen” even when the function Do Not Track is active, the ad tracker is disabled, and the user chooses not to share analytics and diagnostic data with Apple.
This strange behavior only occurs when a native iPhone app is in use, however. But what is intriguing is the level of detail contained in this data. For example, when a user types something into the App Store app, Apple knows exactly what the user searched for, what they pressed, and how long they spent on a particular listing – all of that in real time.
Class-action against Apple over privacy
In Apple Stock, the application that allows you to view the Stock Exchange, Apple collects the list of actions defined by the user, but also the articles that you are likely to read via the application, or the content of your research. actions via the application’s search field, in addition to the precise date and time of each consultation and interaction.
Some of the firm’s native apps even go so far as to collect detailed data about the user’s device, such as iPhone model, resolution, and keyboard language. In addition, it should be emphasized at this stage that no evidence of sharing of this data with third-party companies has been found.
The collection obviously takes place on several versions of iOS, since the researchers reached the same conclusions with a jailbroken iPhone running iOS 14.6 and a non-jailbroken iPhone running iOS 16, the latest version available. In the case of iOS 16, the data sent to Apple is nevertheless encrypted, which did not allow researchers to know the exact content.
However, when the user activates the settings related to privacy on iPhone, he is entitled to wonder why Apple continues without expressly telling him to collect data. Even if it seems to be done for the purpose of improving the firm’s application ecosystem.
This is why following this discovery, Myst decided to launch a class-action against Apple under California law. Invasion of Privacy Act. The complaint centers less on the collection itself than on the misleading wording of privacy-enhancing features in iPhones.
Indeed, when the user activates the features in question, with titles such as “Do not allow app tracking requests”, or “Do not share data”, he is entitled to say that no data is n is collected by his device.