Very, very big brother Apple Inc
At appdb, we are making completely independent app store, which works without Apple approval and has it’s own APIs and services.
Upon testing of how it works without and with logged in Apple IDs on your devices, we have found something interesting, so our CEO, Aleksei Borodin, who has enough skills to understand what information is being collected and how to decode it, made a very interesting research. Let him speak for himself:
By a fortunate coincidence, I happen to be a resident of the European Union, which means that the GDPR also applies to me. It allows me to request a copy of the information that various companies hold about me. I decided to do this with Apple, and was unpleasantly surprised.
Apple strives to collect as little data as possible:
Apple strives to collect and store the minimum amount of data required to provide the services you use.
Let’s dive into the GDPR dump of my data and see to what extent Apple’s efforts to collect less data are significant.
To request the same dump, if you live in the European Union (possibly from other countries as well), you can do so at this link.
The dump consists of multiple ZIP archives containing CSV and JSON files inside. There are also empty null files. Apparently, something went wrong there.
The folder structure is as follows:
├── Apple ID account and device information
│ ├── Apple ID Account Information-1.csv
│ ├── Apple ID Account Information.csv
│ ├── Apple ID Device Information-1.csv
│ ├── Apple ID Device Information.csv
│ ├── Apple ID SignOn Information-1.csv
│ ├── Apple ID SignOn Information.csv
│ ├── Apps Using Sign In with Apple-1.csv
│ ├── Apps Using Sign In with Apple.csv
│ ├── Data & Privacy Request History-1.csv
│ ├── Data & Privacy Request History.csv
│ ├── Passkeys Information-1.csv
│ └── Passkeys Information.csv
├── Apple Media Services Information Part 1 of 2
│ ├── Apple_Media_Services
│ │ ├── Apple Music Activity
│ │ │ ├── Apple Music - Container Details.csv
│ │ │ ├── Apple Music - Container Origin.csv
│ │ │ ├── Apple Music - Favorites.csv
│ │ │ ├── Apple Music - Feature Statistics.csv
│ │ │ ├── Apple Music - Play History Daily Tracks.csv
│ │ │ ├── Apple Music - Play Statistics.csv
│ │ │ ├── Apple Music - Recently Played Containers.csv
│ │ │ ├── Apple Music - Recently Played Tracks.csv
│ │ │ ├── Apple Music - Top Content.csv
│ │ │ ├── Apple Music - Track Play History.csv
│ │ │ ├── Apple Music Play Activity.csv
│ │ │ ├── Identifier Information.json
│ │ │ ├── Music - Favorite Stations.csv
│ │ │ ├── Music - Liked Radio Tracks.csv
│ │ │ ├── Music - Onboarding Artists.csv
│ │ │ ├── Music - Onboarding Genres.csv
│ │ │ └── Social and Connect Post Information
│ │ │ └── Social and Connect Post Information.csv
│ │ ├── Apps and Services Analytics
│ │ │ ├── notifications-emailEvents.csv
│ │ │ ├── notifications-notificationEvents.csv
│ │ │ ├── notifications-userJourneys.csv
│ │ │ └── notifications-userTags.csv
│ │ ├── Game Center Activity
│ │ │ └── GameCenter Friend Count.csv
│ │ ├── Stores Activity
│ │ │ ├── Account and Transaction History
│ │ │ │ ├── Account History - Account Details.csv
│ │ │ │ ├── Account History - Apple Media Products Welcome Page Action.csv
│ │ │ │ ├── Account History - Apple Pay Status History.csv
│ │ │ │ ├── Account History - TV Provider Opt-In History.csv
│ │ │ │ ├── App Authorization History.csv
│ │ │ │ ├── Billing Information History.csv
│ │ │ │ ├── Customer Device History - Computer Authorizations.csv
│ │ │ │ ├── Customer Device History - iTunes in the Cloud Authorization.csv
│ │ │ │ ├── Customer Subscription Communication History.csv
│ │ │ │ ├── Report a Problem Illegal or Abusive Content Submissions.csv
│ │ │ │ ├── Report a Problem Refund and Dispute History.csv
│ │ │ │ ├── Store Credit Cashout History.csv
│ │ │ │ ├── Store Transaction History - Free Apps.csv
│ │ │ │ ├── Store Transaction History.csv
│ │ │ │ ├── Subscription History.csv
│ │ │ │ ├── Suspended Subscription History.csv
│ │ │ │ ├── U2 Songs of Innocence Album Information.csv
│ │ │ │ └── iTunes and App Store Hidden Purchases.csv
│ │ │ ├── Apple Books Information
│ │ │ │ ├── Apple Books Collection Information.json
│ │ │ │ ├── Apple Books Global Annotations.json
│ │ │ │ └── Apple Books User Annotations.json
│ │ │ ├── Apple TV and Podcast Information
│ │ │ │ ├── Apple TV Bookmarks.csv
│ │ │ │ ├── Apple TV Favorites and Wishlist.csv
│ │ │ │ ├── Profile and Sporting Events.json
│ │ │ │ ├── TV App Favorites and Activity.json
│ │ │ │ └── Your Podcasts.csv
│ │ │ ├── Other Activity
│ │ │ │ ├── App Install Activity.csv
│ │ │ │ ├── App Notifications.csv
│ │ │ │ ├── App Store Click Activity.csv
│ │ │ │ ├── Apple Music Click Activity V3.csv
│ │ │ │ ├── Bookstore Click Activity.csv
│ │ │ │ ├── GameCenter Player Activities.csv
│ │ │ │ ├── Limit Ad Tracking Information.csv
│ │ │ │ ├── Media Preview - ebooks.csv
│ │ │ │ ├── Media Preview - previewed.csv
│ │ │ │ ├── Media Preview - tagged.csv
│ │ │ │ ├── Purchase Flow Events.csv
│ │ │ │ ├── Redemption Click Activity.csv
│ │ │ │ ├── Review profile.json
│ │ │ │ ├── Reviews.csv
│ │ │ │ ├── Subscription Click Activity.csv
│ │ │ │ ├── Video Play Activity.csv
│ │ │ │ ├── iTunes Payment Stack - Activity.csv
│ │ │ │ └── null
│ │ │ ├── Play Position Information
│ │ │ │ └── Playback Activity.csv
│ │ │ └── Social and Connect Post Information
│ │ │ └── Reported Concerns - Apple Music.csv
│ │ └── Testflight
│ │ ├── Testflight Data History-acceptedTerms.csv
│ │ ├── Testflight Data History-betaApps.csv
│ │ ├── Testflight Data History-crashes.csv
│ │ ├── Testflight Data History-devices.csv
│ │ ├── Testflight Data History-feedback.csv
│ │ ├── Testflight Data History-installs.csv
│ │ └── Testflight Data History-sessions.csv
│ ├── StoreCreditRedemptionHistory_1341894157_04152024021831667
│ │ └── StoreCreditRedemptionHistory
│ │ ├── Store Credit Transaction History.csv
│ │ └── Store Credit Balance History.csv
│ └── Update and Redownload History
│ ├── iTunes Match Re-download History.csv
│ └── iTunes and App-Book Re-download and Update History.csv
├── Game Center
│ └── Game Center Data.json
├── Marketing communications
│ ├── Additional Subscriptions-1.csv
│ ├── Additional Subscriptions.csv
│ ├── Apple Software Downloads-1.csv
│ ├── Apple Software Downloads.csv
│ ├── Device Registration History Pre iOS8 and Yosemite-1.csv
│ ├── Device Registration History Pre iOS8 and Yosemite.csv
│ ├── Marketing Communications Delivery.csv
│ └── Marketing Communications Response.csv
├── Other Data Part 1 of 3
│ ├── Developer Forums - Profiles.csv
│ └── Developer Forums - Questions.csv
├── Other Data Part 2 of 3
│ ├── Apple Features Using iCloud
│ │ ├── ActivitySharing
│ │ │ └── Activities.json
│ │ ├── AppleTV
│ │ │ └── AppleTV.json
│ │ ├── Calendar
│ │ │ └── Recents.xml
│ │ ├── EventKit
│ │ │ └── Locations.xml
│ │ ├── FaceTime
│ │ │ └── Recents.xml
│ │ ├── Freeform
│ │ │ └── FreeformBoards.json
│ │ ├── Mail
│ │ │ └── Recents.xml
│ │ ├── Maps
│ │ │ └── Maps_Location_Attributes.json
│ │ ├── MusicApps
│ │ │ └── MusicApps.json
│ │ ├── QuickTour
│ │ │ └── QuickTour.xml
│ │ ├── Wallet
│ │ │ └── Locations.xml
│ │ ├── Wi-Fi
│ │ │ └── KnownNetworks.xml
│ │ └── iBooks
│ │ └── iBooks.json
│ ├── Recovery Devices.json
│ └── iCloudUsageData Set1.csv
└── Wallet Activity
└── Apple Pay Cards.csv
38 directories, 118 filesThis is indeed a massive amount of information (I haven’t even ordered iCloud photos dumps yet, I think it will be a lot of fun). Overall, everything here is truly related to me, but there are also very interesting data that confirm that Apple, in general, didn’t care much about its statements and keeps everything it can possibly gather. Let’s take a look at the core.
Apple ID Account Information.csv — Inside, we find information about all the forms of Apple ID you have ever filled out, with all the necessary specifics, for example:
Your Apple ID Number — DSPersonID, which number you are in Apple’s records, I, for example, am the 1341894157th, creation date, type of payment card, address, phones, delivery addresses, and so on. The full list of fields is here:
Apple ID Number
Apple ID
Account Link Name
Account Link Type
Account Link Create Date
Account Link Last Update Date
Create Date
Prefix
First Name
Middle Name
Last Name
Nickname
Title
Suffix
Gender
Language
Last Update Date
Phonetic Prefix
Phonetic First Name
Phonetic Middle Name
Phonetic Last Name
Phonetic Nick Name
Phonetic Title
Phonetic Suffix
Legal Name
TimeZone
Company Name
Apple ID Alias
Organization Name
Last Password Change Date
Trusted Devices
Trusted Phone Numbers 1
Trusted Phone Numbers 2
iMessage Phones
Emails
iCloud Mail Aliases
Phones
Official Address
Residence Address
Mailing Address
Shipping Address
Billing Address
Payment Type
Billing Info Prefix
Billing Info First Name
Billing Info Last Name
Billing Info Suffix
Billing Info Phonetic First Name
Billing Info Phonetic Last Name
Shipping Info Prefix
Shipping Info First Name
Shipping Info Last Name
Shipping Info Suffix
Shipping Info Phonetic First Name
Shipping Info Phonetic Last Name
App Store Announcements and Offers
Apps, Music, Movies, and More
Apple News Updates
Apple Music
Beats Email Subscription
Teacher Engagement Program
Apple Survey
Share iCloud Analytics
Compliance Phone
Family Sharing
Third Party Email Permission
Apple Store App Communications
Recovery Contacts
Recovery ID
Recovery Initiated Device Class
Recovery Initiated Device Locale
Recovery Initiated Client IP
Beneficiary Contacts
AppleCare+ Communications
Advanced Data Protection
iCloud Data Access Web Enabled
iCloud Data Access Timestamp
Advanced Data Protection - Device IP Address
Advanced Data Protection - Device Name
Advanced Data Protection - Device Serial Number
Automatic CAPTCHA Verification
Apple Newsletters Preference Opted-In
Apple Newsletters Preference Opted-Out
Advanced Data Protection Data Collection Disclosure
iCloud Cross Border Consent
iCloud Cross Border Consent Date
Apple Cross Border Consent
Apple Cross Border Consent DateSeemingly nothing strange, a company should store such data, however, this is the entire history of changes to my Apple ID since 2010. Does Apple really need this? (rhetorical question). Here’s what they themselves say:
Apple retains personal data only for so long as necessary to fulfill the purposes for which it was collected
Interesting, what purpose is there to store data about my Apple ID in 2010? (rhetorical question)
Moving on — Apple ID Device Information.csv
This file contains information about devices that are currently linked and have ever been linked to your Apple ID. It’s unclear why devices that have long been unlinked and sold are stored. The oldest record dates back to 2019, I think either they clean it up once every 5 years, or they only started collecting this information 5 years ago. (Update: the rest, which is older, is in a separate file — read on).
List of fields:
Device Name
Device Added Date
Device IMEI
Device Serial Number
Device Last Heartbeat IP
Device Last Heartbeat Timestamp
Device Model Name
Device Phone Number
Device ICCID
Device MEID
Device Time Zone
Device Locale LanguageData & Privacy Request History.csv
This file contains information about information requests under GDPR. Currently, it includes records of 2 requests made by me.
Fields:
Request ID
Category Name
Request Time
Activity Type
Apple ID Number
Access Category Completed Time
Request Completed Time
Archive Size
Maximum File Size
Transfer Success Count
Transfer Failure Count
Developer Name
Request Status
Transfer Type
Schedule TypeNow we’re delving into the Apple Media Services Information folder. This is essentially the App Store, the former iTunes, and everything that brings Apple money. And here, the folks at Apple have really gone all out.
Inside, you’ll find a lot of information, such as:
The entire history of Apple Music, even if you no longer use it and have deleted your library. Likes go all the way back to 2015!
Some tracking in notifications-userJourneys.csv and tagging in notifications-userTags.csv — profiling or A/B testing is clearly evident. These experiments were conducted on me in 2022, and the data is still being retained.
In GameCenter Friend Count.csv, the history of changes to the counter of my friends goes back to 2021. Why does Apple need this (rhetorical question)?
Billing Information History.csv stores the history of changes to all your billing addresses since the creation of your Apple ID. Since 2010.
In Customer Device History — Computer Authorizations.csv — similarly, the devices that I have removed from my Apple ID, no longer use, or sold — since 2010 — are all stored.
App Install Activity.csv contains information about the apps you have installed, both from the App Store and elsewhere. Yes, if you use ad-hoc installation or your company distributes in-house apps, Apple keeps an eye on it. Why does Apple track installations of apps that don’t belong to them, especially in external companies, governments and institutions, violating basic privacy principles? Well, because they can, right? I’ve reported this to Apple Product Security — awaiting a response.
Next up, possibly the most entertaining file of them all — App Store Click Activity.csv — 39 megabytes for every tap I’ve made inside the App Store since 2022. It’s simply mind-boggling; this file can’t even be opened in macOS preview!
39 megabytes of every tap
Just imagine the volume of data being collected:
AB Test
Account Match
Action Context
Action Details
Action Type
Action URL
App
Apple ID Number
Application Name
AppStore Referral ID
Billing Currency Code
Channel Partner
Channel Partner ID
Channel Partner Type
Channel Product Code
Click Target
Click Target Type
Client ID
Content Location
Contingent Price ID
Event Date Time
Event Type
External Referral App Name
External Referral URL
Final Search Term
Free App Adam ID
Free App Amount
Free App Content ID
Free App Currency Code
Free App Developer ID
Free App Genre
Free App Product Type
Free App Timestamp
Free App Transaction ID
Hardware Model
Hardware Type
Host App Name
Impressed Content Names
IP City
IP Country Code
Is Apple One Subscription
Is Arcade Subscription
Is Personalized
Is Purchase
Is Redownload
Item Descriptions
Item ID
Language ID
Location
Major OS Version
Offer Eligibility Type
Offer Placement
Offer Placement Type
Offer Trial ID
Offer Type
Offer Variant
Operating System Languages
OS
OS Build Number
OS Version
Page
Page Context
Page Custom ID
Page Details
Page Display Type
Page History
Page ID
Page Reason Type
Page Type
Page URL
Page Variant ID
Platform
Post Time
Pre-Tax Price
Price
Purchase Date
Purchased Item Descriptions
Purchased List
Referral App Name
Referral URL
Referring URL
Search Filters
Search Tab Term
Search Term
Search Term Source
Search Terms Selected
Software
Store Front
Store Front Header
Subscription State
Tab
Tab Indicator
Term
Timezone Offset Min
Total Amount
Transaction ID
URL
User Agent
Widget Name
Widget Size
Widget TypeA similar file — Apple Music Click Activity V3.csv — is only 24 megabytes. I believe if you use other Apple services like TV, Fitness, Arcade, etc., you’re probably profiled even more there. More services mean more data (and more money).
Just a reminder:
Apple strives to collect and store the minimum amount of data required to provide the services you use.
Here they are, the most interesting services for Apple. And you know what? You can’t opt out of collecting such information! Nowhere does it say exactly what they collect; if you were to take their recommendations^W requirements for App Privacy, they themselves violate everything.
The next file looks like a joke — Limit Ad Tracking Information.csv -
Sure, let’s take a breather. Here’s a divider for you:
Do you agree that it’s normal to collect and store information about what you bought… no, sorry, rented (Apple Media Services EULA)?:
Apps made available through the App Store are licensed, not sold, to you…
Scope of License: Licensor grants to you a nontransferable license to use the Licensed Application on any Apple-branded products that you own or control and as permitted by the Usage Rules.
And what if I tell you that they store information about how exactly you did it?
Action Context
Action Details
Action Type
Adjusted Event Time
Apple ID Number
Application Name
ASN State
Authorization List
Billing Information
BuyInfo Country
BuyInfo Price
BuyInfo Subscription Catalog Name
Click Target
Click Target Type
Client ID
Commerce Application Name
Commerce Event-Ask To Buy?
Commerce Event-Head of Household ID
Commerce Event-Head of Household?
Commerce Flow
Commerce Flow Type
Commerce Purchase List
Data Location
Dialog Application ID
Dialog Application Name
Dialog Code
Dialog ID
Dialog Price
Dialog Type
Event Date Time
Event Type
Family Status
Fraud Check Result
Fraud Check Status
Free Application Name
Hardware Family
Hardware Model
Head of Household ID
Host App Name
Operating System
Operating System Version
Page
Page Details
Page ID
Page Type
Page URL
Paid Purchased Price
Payment Method Added
Purchase List
Purchased Price
Recovery Category
Recovery Optimization
Recovery Recommendation
Recovery Sub Category
Reference
Result Error Key
Result type
Store Front
Store Front Header
Topic
User Actions
Visit End Time
Visit ID
Visit Start TimePurchase Flow Events.csv — all information about how I made purchases, what I clicked, how long I thought about it — since 2021.
Redemption Click Activity.csv — same story. Profiling at Apple is strong, comrades.
Let’s move on. I’ve already mentioned that Apple stores information about all devices (and their serial numbers) ever used by you. There’s even a separate file for old devices — Device Registration History Pre iOS8 and Yosemite.csv — it has all the serial numbers and accounts — everything is there.
Dump does not include your purchased apps or books or whatever you purchased from Apple — because it was not a purchase — it was rent.
Conclusions
Apple boasts about its data collection policy, claiming to respect privacy and confidentiality and to collect only the necessary minimum amount of data — but in reality, using its monopoly and control over the “ecosystem,” it collects a huge amount of information, stores it indefinitely, and uses it for analytics and profiling of its customers.
This fact is hidden behind closed operating system that is beyond normal research — you have to jailbreak your device to get access to such information. For example, on Windows or Android, you can turn such tracking off by usage of 3rd party apps or instructions.
The collection of customer data has grown to such an extent that it includes data on the use of systems and applications from third-party companies, for the collection of which Apple certainly did not obtain any permissions. This violates the privacy of individuals and companies not affiliated with Apple.
Thanks to European lawmakers, I personally learned, and everyone can learn, what the reality is with your data at Apple.
<sarcasm>Advice to cyber criminals— if you illegally gain access to an Apple ID, immediately download the data dump — only records in government registries could be better than this database.</sarcasm>
I have been a registered Apple Developer for many years, however, there is no information from this service in the data dump; I requested it separately from Apple — so far, there’s been no response.
This dump should contain information about profiling me as both a user and a developer, as I conducted a very interesting investigation using a jailbroken device and found out how exactly Apple tracks almost every tap on your devices, every app opening; from their high horse, they allow or disallow you to use them. Investigating was quite difficult because the closed nature of the operating system and the opacity of Apple make it challenging. But that’s for the next article.
A moment for advertising:
I am the CEO of appdb, an independent alternative platform for distributing applications. We are currently preparing for the release of the official publication of applications from verified developers. If you are a developer and are interested in how everything works with us and how it will work, please register your interest (or comment that you want an article on how everything is set up) — release in May.
If you found this article interesting — please — share your opinion about it.
PS: If by chance this article is read by a representative of Apple — I would like to receive your official comment.
