Ancestors

Written by Mysk🇨🇦🇩🇪 on 2024-11-22 at 15:12

This is an example of what the App Store app shares with #Apple when you search for an app. Everything you type in the search field is recorded as an event and associated with your Apple ID before it is sent to Apple. When I search for "Google Authenticator," events are recorded as I type character by character. The leap between rows 78 and 79 is when I picked a suggestion. The timestamp of every event is recorded, i.e. Apple can calculate my typing speed 🙃.

[#]Privacy

[#]infosec #privacymatters

=> View attached media | View attached media | View attached media | View attached media

=> More informations about this toot | More toots from mysk@mastodon.social

Written by David on 2024-11-22 at 15:17

@mysk Collecting data a user inputs into a form and never sends is evil, period. There is no excuse for it.

=> More informations about this toot | More toots from freeagent@mastodon.sdf.org

Toot

Written by JJTech on 2024-11-22 at 16:09

@freeagent @mysk I mean... "no excuse" is a little harsh, after all, this is a search box. Every modern search with autocomplete does this.

=> More informations about this toot | More toots from jjtech@infosec.exchange

Descendants

Written by JJTech on 2024-11-22 at 16:12

@freeagent @mysk for example, DuckDuckGo

=> View attached media

=> More informations about this toot | More toots from jjtech@infosec.exchange

Written by Mysk🇨🇦🇩🇪 on 2024-11-22 at 16:15

@jjtech @freeagent

Apple Maps does the same, but it never associates the requests with the user's ID when sending the search requests, and never records them as app analytics. I answered here:

https://mastodon.social/@mysk/113527490874201110

=> More informations about this toot | More toots from mysk@mastodon.social

Written by Mysk🇨🇦🇩🇪 on 2024-11-22 at 16:13

@jjtech @freeagent Oh no, this is not the autocomplete requests you're looking at. This is the app analytics endpoint. The search query is sent to another endpoint. As you see in the screenshot shot, the "Post Time" of all the shown request is the same because they were sent as a batch to the analytics endpoint.

=> More informations about this toot | More toots from mysk@mastodon.social

Written by Gianmarco Gargiulo :tux: :kde: on 2024-11-23 at 18:06

@mysk @jjtech @freeagent can you show that the requests are going to an analytics endpoint?

=> More informations about this toot | More toots from gianmarcogg03@mastodon.uno

Written by Mysk🇨🇦🇩🇪 on 2024-11-23 at 18:18

@gianmarcogg03 @jjtech @freeagent We showed this some time ago, but the data in the screenshot is obtained from Apple when you request a copy of your data.

This video shows the requests:

https://youtu.be/8JxvH80Rrcw?feature=shared

=> More informations about this toot | More toots from mysk@mastodon.social