The Directory Services Identifier (DSID), which might be used to identify users, is a part of the analytics data acquired by iPhone, according to researchers at the software company Mysk
Because Apple collects both DSID and Apple ID, it can use the former to recognise the user and access any related personal data, such as full name, contact information, date of birth, email address, and address.
“Apple uses DSID to uniquely identify Apple ID accounts. DSID is associated with your name, email, and any data in your iCloud account. This is a screenshot of an API call to iCloud, and DSID it can be clearly seen alongside a user’s personal data” reads a Tweet by Mysk.
The experts claim that this conduct is against the company’s privacy policy, which stipulates that “none of the obtained information identifies you personally.”
According to the policy, “Personal data is either not logged at all, is subject to privacy protecting mechanisms like differential privacy, or is erased from any reports before they’re submitted to Apple.”
“Having a DSID is equivalent to having a name. According to security expert and app developer Tommy Mysk, it’s one-to-one to your identification. “All of these in-depth metrics will be immediately linked to you. And that’s a problem as there isn’t a switch to turn it off.
It is important to highlight that Mysk researchers used a jailbroken iPhone running iOS 14.6 for their tests in order to be able to decrypt the traffic and determine which data are sent back to Apple.
The experts also tested an iPhone running iOS 16, but security measures implemented by Apple could not allow them to “jailbreak” the device to inspect the traffic. Anyway, the experts argue that a jailbroken phone would send the same data as the latest iOS version.
Apple has yet to respond to a request for comment on the issue.
Earlier this month, Mysk researchers also discovered that Apple collects analytics information even when the users switch off the iPhone setting “Share iPhone Analytics.”
