Tuesday, November 26, 2024

App Store Search Queries Appear to Violate Data Minimization Practices

Mysk:

This is an example of what the App Store app shares with #Apple when you search for an app. Everything you type in the search field is recorded as an event and associated with your Apple ID before it is sent to Apple. When I search for “Google Authenticator,” events are recorded as I type character by character. The leap between rows 78 and 79 is when I picked a suggestion. The timestamp of every event is recorded, i.e. Apple can calculate my typing speed 🙃.

[…]

There is no way you can opt out of sending such app Analytics to Apple or request it be anonymous.

[…]

Apple Maps does the same, but it never associates the requests with the user’s ID when sending the search requests, and never records them as app analytics.

Nick Heer:

What I cannot understand is why Apple wants to record all typed text and completed queries and correlate those to millisecond-level time codes and attach all that to someone’s Apple ID. This is the very opposite of data minimization — a reality which is unfortunately common among Apple’s services. It is not “tracking” by the company’s definition, which is exclusively concerning third-party sharing, but it violates the spirit of user privacy.

Previously:

6 Comments RSS · Twitter · Mastodon


My first guess is that they are looking for patterns to detect bots that game the App Store.


I'm going to go for the simplest explanation: Apple is tracking you and recording your data, in a direct contradiction to their claims of protecting user privacy. They will eventually sell this data if they are not already doing so.

I could be wrong, but why should we trust them when they're caught doing things like this? Why should we trust them regardless? Or trust any tech company that has to forever chase ever increasing profits, or has already gone a good way down the enshittification path?


Collecting this data could be especially helpful for Apple search ads.

It may not be tracking by their own definition but it sure is tracking by mine.


No, no. You misunderstand. This is "cloud analytics. Completely distinct from app analytics.

Privacy for me, but not for thee!


I believe the word we’re looking for is *keylogger*


I search for apps in duck duck go. The search is waaay better anyway.

Leave a Comment