Apple of course prioritizes the privacy of customer data, but a new analysis takes a deeper look at what Apple does and does not know about you.
Tech giant pitches itself as the most privacy-minded of the big tech companies and indeed it goes to great lengths to collect less data than its rivals. Nevertheless, the iPhone maker giant will still know numerous about you if you use many of its services…
The Axios has been running a series of analyses on what different big tech companies know about you. So far it has covered Google, Facebook, Amazon, Tesla, and Intuit. Axios now today turned its attention to Apple.
Apple uses two main approaches to protect your data;
First, it aims to collect as little information as possible. Wherever it can, it processes sensitive data on your device, so it is never passed to Apple’s servers.
Second, Apple encrypts data as standard. Though to one of two different levels.
The Axios report does not tell us anything new. But it does make for a nice summary of what Apple does and does not know about us.
Face and fingerprint data:
Company uses the Secure Enclave to store our most sensitive data: our face or fingerprint data. These would permit access to everything else, so Apple not only stores them on the device, but on a chip which cannot be directly accessed even by iOS. All iOS can do is ask the Secure Enclave for a yes or no on authentication and that is all the data that ever gets released from the chip.
Face-recognition in the Photos apps on Mac and iOS is also done on the device, not on Apple’s servers.
Saved locations (like home and work) are stored on the device. All location data that is sent to Apple servers is tied to an anonymized unique identifier, not your Apple ID.
Apple doesn’t store your transaction history except for purchases from Apple.
Messages and FaceTime:
Both use end-to-end encryption, which means Apple has no ability to intercept your communications, even if faced with a court order.
Encrypted, but Apple knows the key
This is currently the greatest vulnerability. iCloud backups contain a copy of almost all the data on your devices, and although they are encrypted, Apple does hold the key. This means that it can disclose data to law enforcement when served with a court order, but it also leaves the data potentially vulnerable to rogue employees (though Apple likely has significant protections in place to minimize that risk).
This is encrypted in transit, but decrypted by Apple for processing. As with Maps, all your Siri data is associated with a unique identifier, not your Apple ID.
This is encrypted where both sending and receiving systems support TLS encryption, which most do. However, Apple again holds the key.
These are encrypted but Apple knows the key. However, end-to-end encryption is used for all browser data from iOS 13 and macOS Catalina, so then Apple will have no access.
Data Apple specifically holds on you
Apple of course knows your full purchase history for all physical and digital products. In addition to hardware, this includes music, movies, books, and apps. Apple does store and process this data in order to make recommendations among other things and Apple also has access to the billing and physical address information used for these purchases.
What you can do?
Users have number of choices to minimize what Apple knows.
- Choose to download an encrypted iCloud backup only to your Mac or PC rather than keep it on Apple’s servers, but if you lose that device or forget the password for the backup file, Apple will not be able to help recover lost data.
- Also download the information Apple has on you at privacy.apple.com.
- Delete data stored on your device, such as e-mail, messages, photos and Safari data like history and bookmarks.
- Delete your data stored on iCloud.
- Reset your Siri identifier by turning Siri and Dictation off and back on, which effectively restarts your relationship with Siri and Dictation.
Source: Axios, 9to5mac