[Updated] Users blame Apple for collecting data without consent

Update: Further investigation into the two reports reveal these are not open and shut cases. While the first case is likely by design, the second case may be because of a user error.

Thanks Mike Wuerthele!!!

Original story follows:

Thanks to GDPR, Apple started allowing users to download all the data the company has about them. While that’s no doubt a good move from privacy perspective (even if a law forced Apple to do this), the functionality may have opened a can of worms for the company.

Case in point: a couple of users who downloaded their data found some really unexpected things. Let’s talk about them one by one.

Apple stores your contact email addresses

This first piece of information comes from developer and privacy advocate Sabri Haddouche, who says he stopped using Gmail long ago (deleted all emails and contacts), but kept the email service connected to their Mail app. Later on, while entering a recipient email address in the Mail app, he could see the contact’s email address (which was deleted earlier) showing up as an auto complete suggestion.

Now, when Apple recently gave users the option to download their data, Sabri launched an investigation into all this, and found iCloud Mail discreetly stores metadata for emails you send through the official Mail application.

Apparently used for the “Recent” feature to auto complete emails, here I am with 1.2 MB of metadata which is around more than 700 contacts, which is roughly about every email that I could contact from any mailboxes since the iCloud launch up to somewhere in 2017, which collides with my migration to ProtonMail which uses an external app.

Following a screenshot proof (click to enlarge) of data Sabri downloaded from Apple servers revealing email addresses (blurred for obvious reasons) and other information like timestamps.

apple-mail-icloud-email

As Sabri pointed out, Apple recently confirmed this behavior in a support page they published in March.

Mail keeps a record of the email addresses you send email to, and uses these recent recipients to suggest or complete addresses for you when you send new email.

The question is why it took Apple so long to officially acknowledge this behavior?

Safari retains your browsing history no matter what

This next case comes from photographer Denis Bosnic, who was surprised to find years worth of Safari browsing history in their data they downloaded from Apple servers.

https://twitter.com/dnsbsnc/status/1002053811253399553

https://twitter.com/dnsbsnc/status/1002064318714662917

https://twitter.com/dnsbsnc/status/1002064325337497600

What makes this revelation even more important is this is not the first time Apple has been caught doing this – last year, Russian company ElcomSoft managed to extract deleted Safari browser history from iCloud.

Denis also started a Reddit thread, which has since gained quite a traction. There’s also another thread where he is promptly replying to people countering his claims.

If you remember, Apple CEO Tim Cook recently slammed Facebook for user data misuse saying privacy “is a human right, it’s a civil liberty.” And here we are …

Stay connected with us on Twitter (@PiunikaWeb) to hear about all related developments as and when they occur

Want to work for PiunikaWeb and enjoy best-in-industry compensation & benefits? You'll be glad to know we're hiring experienced candidates.

Tags :

Dr. Aparajita Sharma

A budding entrepreneur by profession, and a psychologist by education. As a founding member of PiunikaWeb, I am nurturing this firstborn with my sharp-eyed expertise and even journalistic writing when needed.