This article is more than 1 year old

Apple sued for collecting user data despite opt-outs

Doesn't matter what the data is, they thought they pushed the off switch, argues complaint

Apple is facing another lawsuit, this time over allegations it's tracking iOS users and turning that data into profit, even if said users have selected "do not track" options. 

The suit alleges that Apple has continuously lied about its tracking system by exempting itself from the rules. According to lawyers [PDF], even if consumers follow Apple's own instructions, they're still being tracked – only by one entity instead of many.

The defendant and his legal team hope to turn the suit into a class action centered around Apple's "Share iPhone/iPad Analytics" and "Allow Apps to Request to Track" settings. The argument is that iOS users have a reasonable expectation that if they opt not to share data or allow apps to request it, Apple will not do so. 

However, Apple does collect that data, its accusers say. In the case of app analytics data, the suit alleges that App Store, Apple Music, Apple TV, Books, and Stocks broadcast the exact same info back to Cupertino whether the option is toggled on or off. 

According to the suit, the tracking data sent is detailed. For example, it alleges the Stocks app collects users' lists of watch stocks, names of stocks that were viewed or searched for, time stamps, and records of news articles read in the app.

"There is no justification for Apple's secret, misleading, and unauthorized recording and collection of consumers' private communications and app activity," lawyers wrote in the suit. 

Much ado?

At the heart of the lawsuit is research from a pair of iOS developers who operate a company known as Mysk. In early November, Mysk tweeted out the results of some research done on a jailbroken iPhone running iOS 14.6 in which they found the offending behavior. 

Their research was picked up by Gizmodo, which ran its story only a few days before the lawsuit was filed late last week. It was reported at that time that iOS 16 was sending data under the same circumstances and to the same Apple web addresses, but encryption in iOS 16 prevented them from determining whether the data was identical.

However, according to lawyers critical of the argument, the case might not make it to certification because the argument might not extend to server-side data collection.

The data being collected in this case, some experts argue, might be tied to functions for operating the App Store as a given user, rather than (for example) being collected for the purposes of advertising, meaning it would potentially have no commercial value to Apple or be critical to functioning.

According to Apple's Privacy Policy, it does not share user or device data with data brokers.

The suit itself cites the California Invasion of Privacy Act, focusing less on the data itself than on the collection of it despite users who've toggled the off button perceiving that they have disabled any and all tracking.

However, it does attach a value to the data – saying demographic and browsing data has an intrinsic worth and seeking damages of $5,000 for the plaintiff, and presumably for any class members who join after him.

Whether this suit will stand up to such scrutiny remains to be seen: Apple has yet to file a response to the accusations or respond to our questions. ®

More about


Send us news

Other stories you might like