Privacy, Research

What does Apple Know About You?

If you're using an iPhone, Mac, or iPad, chances are that you are connected to an Apple Id, and therefore allow Apple to collect a good chunk of personal information about you. In this article, we will see what Apple stores about you, and in a future article, what measures you can take to avoid that as much as possible.

This article is based on the archive Apple provides you when asking them for a copy of your data (which you can do here). Once you log in to this page, submit the request, and you will have to wait a few days before being able to download everything online.

When the data is ready, you will get an email and be able to download everything from a list, as shown in the following service. At least one of the rows had "no data" to download (while the other rows would indicate the weight of the archive we can download).

Apple Download Personal Archive Page

Let's go through the different files, and see what interesting things we can find. Note that I will not mention obvious things (e.g., if you use Apple calendar, you will be able to download calendar files, if you backup your Whats App conversations, Apple will have that unencrypted on iCloud as well), or things I don't think are interesting to mention, and that this analysis is based on my archive, so some people might have data I don't have if they use services or features I don't. Note also that it seems the Apple will keep some information for a very long time (a couple of years to forever), according to what I could see in my files.

Apple Media Services Information

Apple Music

First off, there is a large quantity of data related to your listening activity if you are using Apple Music. Without surprise, Apple stores the titles, articles and genres you liked and disliked. What is more surprising is the information they keep about the titled you played: kind of everything. In my case, I tested the service years ago, and the history is still there, containing (for each tracked listened to):

  • The artist and track name, as well as the music genre
  • A unique identifier of the device you used to play the song, as well as it's IP address
  • The build version of Apple Music, and the brand, model, and OS version of the device you used
  • The position in milliseconds of where you started/stopped the track you were listening to, and the reason (e.g., skipped forward)
  • The time where you started and stopped listing to the device
  • If you were listening offline

This is already creepy, but we can observe on the sample obtained from Apple that some line does not have information about the track (name, genre, artist, ...), so I assume that Apple would still record all of this information if you are listening to something local to your device which is not on the store.

Stores Activity

Applications

As any merchant, Apple will keep a record of whatever you are doing at its stores. They will keep all the billing information you ever had with them (considering the age of the ones on my sample, I'd expect them to keep that forever). It includes:

  • The email address and phone number
  • Billing name and address
  • Type of payment
  • Address IP (likely at the time the change was made)
  • Device details (phone model and OS version)
  • If you registered as a student (to obtain discount such as with Apple Music)

Every time you allowed a machine to use your billing information (i.e., you purchasd something or logged into the store), they will keep the device name and a unique device identifier. If you use iTunes, it will also keep the user agent string. They will keep all this information if you allow push notification (and the device serial number if this is an Apple product) as well.

Every time you install an application, they will keep the name of the item, the timestamp, the application provider, the unique device identifiers and details (app used, model and OS version of the device), and the IP address. They will also keep this information (as well as the application version) every time you make an update. Similarly, they will keep information on when you downloaded songs for offline usage.

If you purchase a subscription, they will keep the same information, and when is the last time you enabled or disabled the auto-renewal. And of course, for every payment, they will link to a specific billing identifier, and keep the price.

Other Activity

Let's continue with creepy things by looking at this directory. There are two files: "Apps And Service Analytics.csv" which weights 60 Mo in my case, and "App Store Click Activity.csv" which weights 11 Mo (there is the same for the BookStore) which are worst that the others.

What these files are doing is somewhat obscure, and they are hard to analyse (about a hundred columns), but it seems that Apple is storing all your activity in relation with the stores and Music apps (and I would guess Apple watch as well), such as where you clicked, what you saw, ...These files store what you searched in the store, the action you took, your IP, the hardware you used (and its OS version), and the language(s) your system is using, and a device's unique ID.

Also, if you ever used Testflight (an application to enable developers to have a restricted beta), it seems like Apple will store all the information related to crashes and sessions. I never used it, so I have no data to compare and can't, therefore, know how bad it is regarding the level of shared information

Apple ID and account Information

Apple will store when you added a device to your account, its serial, last heartbeat's timestamp and originating IP, its serial number and, if relevant, IMEI code.

Apple will also track if you download your archive data (specifically which part, and when).

Apple Pay Activity

In here apple will store information about the cards you added to Apple Pay, the serial number of the device, the time, how the card was input (e.g., manually or through the API), the last digits of the card, its type, the card network. Surprisingly, it doesn't seem that any IP addresses are stored.

There is a file containing the "Apple Pay In App Purchases", but surprisingly I just had one row, which might need that when you use the Apple Pay, they only store this information for a related short period of time.

Other data

Last part of the export this article will cover, the "other data" directory, which is storing some interesting information.

There are multiple parts of various software. One of them is the devices registered with Apple messaging (with all the usual details such as device name, OS version, ...), as well as the handles people can use to contact you. So far, nothing too surprising.

There is one file for your iCloud usage. It will store when you uploaded or deleted picture to/from Apple Photo, as well as the date (but not time), device type (but nothing as intrusive as before - no unique ID and such), the city IP (but no the IP), and the size (in PX) of the pictures, as well as their weight (and if relevant, the video duration). The same kind of information will be stored when editing some files in the Cloud Drive, connected to a new WiFi successfully, or "added a call entry in the recent list of Phone/Facetime app". Surprisingly it seems that this history is only kept for a couple of months at most.

There is also a JSON file containing all your known WiFi networks. For each entry, it includes the name of the network, the date added, and a mac address (maybe the access's point one). The passwords don't appear to be stored here.

Last but not least, for any email you send with the built-in mail client, Apple will keep the to and from addresses, as well as recipients and sender names, even if you are not using an iCloud email address! It, however, seems that they are just keeping a history limited to a certain number of entries.

To conclude this article, we observed that Apple is storing a bunch of unnecessary and private information about you. To mention just a couple: the people you are exchanging emails with, your IP addresses over the years, and all of your very actions on the stores. The fact that they store the devices serial numbers is also terrible. It means that Apple will have a history of any device connected to Apple Ids forever. Even if you create a new account on a device you used before, the company will be able to find relationships between your different accounts. This could however be much worst. For instance, Apple is not storing (at least on the archive) some information about your apps usage (e.g., when you open an app, for how long you use it, ...).

From this article, we can know that Apple stores at least the information we mentioned, but there is no guarantee that they only have this information, and that they will not have more in the future. Also, due to my usage of Apple's services, some data might not have been there, and the storage time might sometimes be limited (or not) to a range that I couldn't observe due to my activity on that specific account.

In a further article, we will investigate the potential measures you can take to limit Apple's tracking.


Credits:

Author image

About Ixonae