Apple is facing a proposed federal class action alleging that it records users’ mobile activity without their consent and despite privacy assurances, in violation of the California Invasion of Privacy Act, reports Bloomberg.
In a lawsuit filed by New York citizen and iPhone 13 owner Elliot Libman, Apple is accused of “utterly false” assurances that users are in control of what information they share when they use its stock iPhone apps.
Specifically, the class action claims that Apple mobile device options to disable the sharing of device analytics and opting out of settings such as “Allow Apps to Request to Track” do nothing to stop Apple from continuing to collect data relating to users’ browsing and activity for monetization purposes. From the complaint:
Apple records, tracks, collects and monetizes analytics data—including browsing history and activity information—regardless of what safeguards or “privacy settings” consumers undertake to protect their privacy. Even when consumers follow Apple’s own instructions and turn off “Allow Apps to Request to Track” and/or “Share [Device] Analytics” on their privacy controls, Apple nevertheless continues to record consumers’ app usage, app browsing communications, and personal information in its proprietary Apple apps, including the App Store, Apple Music, Apple TV, Books, and Stocks.
To back up its allegations, the complaint cites a recent gizmodo report covering the work of security researchers at the software company Mysk. Earlier this month, researchers Tommy Mysk and Talal Haj Bakry claimed to have found evidence that the analytics control and anti-tracking settings have no obvious effect on Apple’s data collection in the above stock apps.
For example, according to the researchers, the App Store app continually harvested a wealth of usage data in real time, including user taps, apps searched for, viewed ads, and how long a user looks at any given app. Along with these details, Apple is also allegedly able to gather details typical of device fingerprinting methods, including ID numbers, device model, screen resolution, installed keyboard languages, and internet connection type.
In another example, the Mysk researchers said the Stocks app sent Apple a user’s list of watched stocks, stocks viewed or searched for (including timestamps), as well as a record of news articles viewed in the app. This information was said to be sent to a web address via a transmission separate from the iCloud communication necessary to sync user data across devices.
“Opting-out or switching the personalization options off did not reduce the amount of detailed analytics that the app was sending,” Mysk told gizmodo. “I switched off all the possible options, namely personalized ads, personalized recommendations, and sharing usage data and analytics.”
The researchers uncovered these findings using a jailbroken iPhone running iOS 14.6. Notably, while the team discovered similar iPhone activity on a non-jailbroken phone running iOS 16, the data was encrypted and it was therefore not possible to determine exactly what it contained. This limitation has not prevented the findings from instigating a lawsuit, however.
“Through its pervasive and unlawful data tracking and collection business, Apple knows even the most intimate and potentially embarrassing aspects of the user’s app usage — regardless of whether the user accepts Apple’s illusory offer to keep such activities private,” reads the complaint. We’ve reached out to Apple for comment and will update this article if we hear back.