Here is all of the data Apple has about you
AppleInsider used Apple's request data form to find out what they've got on one of our staffers, and it's probably worth you doing the same, when you can.
In May, Apple launched its Data and Privacy portal, enabling customers to request their personal data collected by Apple and held on its servers. The tool lets users select different categories of data to request, which is then compiled by Apple and made available to download at a later time.
Apple claims the process can take up to seven days to complete, but AppleInsider's request took a slightly longer eight days. It is likely that a higher level of users than Apple anticipated requested data at launch, in turn lengthening the waiting time, but it is probable other similar requests made in the future will happen within one week.
When the data is ready to collect, Apple sends an email to the user to remind them the data is available to download, when the request was initially made, and the categories of data that were requested. The message also warns if any data could not be acquired during the time.
Apple's descriptions for each category of data are relatively broad, and the data received and ordered into separate files reflects this. Rather than making all the data available in a single download, users still have to manually download each category's data separately.
The information received in the download is offered in a few easy-to-use formats, such as spreadsheets, PDF files, and vCards. Apple warns beforehand that content purchased from Apple's online marketplaces are not included in the supplied data, and while the Apple Online Store transaction history and Marketing communication history are not included, they can be requested by other means.
While there are options concerning iCloud Drive files and documents, iCloud Photos, and iCloud Mail, a request was not made for this data, as it is easily accessible by conventional means, and would take a lot longer to download.
AppleInsider made a request for data from the 12 main categories offered by the tool, but Apple warns the Maps Report an Issue data is unavailable to download at the time of writing. The files in the remaining 11 categories total 7.64 megabytes in size according to the website, 8.02 megabytes on local storage, a seemingly small amount of data that is largely made up of compact spreadsheets.
It appears the two archives with the same name are almost exact copies, with one including an "In Progress" file suggesting it to have been a folder used for compiling the files while the other is completed. It is likely the in-progress version was meant to be deleted.
These folders also hold other nested files, with the first relating to Apple Music.
Apple Music Activity
As expected, this folder contains a list of tracks included within the user's library, as well as separate files detailing songs they like and dislike, and even individual actions like scrubbing through tracks to specific points, timed down to a millisecond level.
A partial list of items in "Apple Music Play Activity.csv"
Some "Onboarding" data is also included from when a user first signs up to Apple Music, including songs they listened to and preferred musical genres. The last Apple Music element is the Social and Connect Post Information file, which lists various artists and bands the user has listened to, and identifier codes for following their music through the service.
Apps and Services Analytics
This folder contains a single Notifications spreadsheet, which seems to list when a notification event was provided to the user, including the device targeted by the notification.
Stores Activity
Multiple folders are held in this section for other online stores data, such as the Apple TV and Podcast Information folder including lists of Apple TV bookmarks, podcasts, and favorites from the TV app. For podcasts, it even includes a historical record of downloaded podcasts, when they were last played, and even how many times they were listened to and the last recorded playback position.
The iBooks Collection folder lists books the user owns and annotations for each title. Play Position Information advises of videos played back by the user in iTunes, again including activity timestamps, play counts, and other details.
Filed under Other Activity are files pertaining to Apps and Service Analytics, a small file named Limit Ad Tracking Information, another Apple Podcast activity file, details about media previews, and a Playlist Moderation file.
A Review Profile contains limited information about the user when providing app reviews, while a Reviews file lists items the user has reviewed.
Accounts and Transaction History
The last and probably most revealing folder in the Stores Activity section is Account and Transaction History, which gives a wealth of information about the user's store habits. For example, Billing Info History details when the user changes their billing information, as well as their name, address, email address, phone number, what kind of payment card is registered, and other fields relating to PayPal and other important areas.
A list of files in the "Account and Transaction History" folder
Account History - Account Details advises of a few basic details when the user first signed up for an account, while Account History - Apple Media Products Welcome Page Action lists the first time the user did something in each of Apple's online stores. Account History - TV Provider Opt-In History simply lists TV providers that the user has logged in with via the TV app.
A list of items in "Account History - Apple Media Products Welcome Page Action.csv"
There are three files prefixed with Customer Device History, which includes limited data about general device authorizations to use an Apple ID, iTunes in the Cloud authorizations, and one relating to push notifications.
The iTunes and App Store Hidden Purchases lists off files that were hidden in the iTunes store or App Store, including when they were removed from view. There are also lists for a user's subscriptions, pre-orders, and re-downloads from iTunes Match.
Three Store Transaction History files provide detailed information about store purchases, free downloads, and redownloaded items. All largely cover the name of the item downloaded, the seller, when and on what device the transaction took place, and other basic details, but the main transaction list also includes how much was paid, the type of payment, and if there was a chargeback.
The last file in the Account and Transaction History folder is titled "U2 Songs of Innocence Album Information," listing when the user received the individual tracks from the U2 album given away to all iTunes customers in 2014. The promotion that led to criticism from users and an apology from the band's frontman Bono, due to it automatically downloading to devices.
Testflight
A Testflight folder provides a history for the user when using apps in the testing program. The information included in this folder ranges from whether the user had accepted the terms of service, a list of beta apps, app crashes, devices used for testing, installations, and usage sessions.
iTunes gift cards
Rounding out the App Store archive is the iTunes Gift Card Redemption History file, which simply lists when purchases were put against a user's gift card-derived balance. This includes when gift cards are applied to the account, the balance, and transactions against said balance.
iTunes gift card redemption history
Apple ID Account Information provides details about the user, including a redacted email address, name, gender, referred language, phonetic versions of their name, legal name, time zone, Apple ID alias, last time they changed their password, payment types, minimal billing and shipping information, and if they are enrolled into various services.
Apple ID Device Information lists the devices registered to an account, including serial number, when they were added, their last heartbeat IP address, and headers suggesting the collection of the phone number, ICCID, and MEID, among other information.
The Apple ID SignOn Information file reveals when the user logged in to various services, such as iCloud, iTunes, and FaceTime, complete with the IP address it was last used with.
Apple ID sign-in data
A small section of the data stored in "Game Center Data.json"
Two folders contain .ics files that can be opened and added to Calendar, if they are not already included. The Calendars folder contains calendars that are shared with other users, while Reminders contains files that can add appointments and other items to a designated calendar.
Opening any of the contact cards will attempt to import the card into the Contacts app, with the files themselves containing all the contact information added by the user.
The notes themselves are divided up into text files containing typed elements, while Sketches include image files generated in the note, like doodles produced using an Apple Pencil.
Demonstrating the folder structure of the iCloud Notes archive
The Software Downloads spreadsheet includes customer name, email address, localization, device details, and a download timestamp, with the latter in this case referring to downloads from 2011 and 2012. The device details also relate to the browser, including versions used at the time of the transaction.
"Device Registration History Pre iOS 8 and Yosemite" is self-explanatory, with table headers again mentioning registration and activation timestamps, product names, the user's email and name, mailing address, and other hardware and software-related details.
The simply-named Additional Subscriptions file again includes references to recording the user's name, date of birth, address, browser, phone numbers, email preferences, and various timestamps. While the file is empty, its position next to two files that deal with older data suggests this to be historical in nature as well.
The Apple Features Using iCloud folder appears to contain a grab bag of items that are handy for a number of applications and services. This includes recent changes for Calendar, Call History, locations for EventKit, FaceTime logs, contacts used in Mail, and locations for Wallet.
Example of followed subject area data included in "News.json"
The more detailed sections in this bit include a list of known Wi-Fi networks, followed topics in Apple's News app, a list of recent searches in the Maps app, and a few listings under Safari Browsing History.
Devices Registered with Apple Messaging is a single-file folder that contains a list of all devices registered to an Apple ID, services the device is enabled to use, and user handles associated with the account.
Presumably the first of what could've been multiple files, the "iCloud Usage Data Set 1" spreadsheet lists when actions relating to iCloud is performed. This includes uploading photos and files, downloading them, modifying, and also deleting, among other elements.
Partial list of items included in "iCloudUsageData Set1.csv"
The lists are ordered by date and time, and list the device and pertinent details about it, and where the action was physically requested from. In some cases, such as photographs and videos, it can also detail items like the dimensions of the image, the duration in seconds, if there's a Live Photo effect, and the file size.
Lastly, there is a file called Recovery Devices, which lists a serial number for a device connected to the account, and whether it was successfully recovered.
For example, knowing the kinds of apps a user buys or music they listen to can improve recommendations in the App Store or Apple Music. Knowing the purchasing habits of all users can help guide marketing efforts for upcoming products. Seeing changes in the photograph and video file details could help advise on what kind of camera sensor to include in a new device.
A partial list of items from "Store Transactions History.csv"
What is notable is the age of some of the data on hand, including the logs of when services started to be used and the initial registration date. It doesn't seem apparent why Apple would want to retain details before the release of iOS 8 and Mac OS X Yosemite, but it probably has a reason for doing so.
It is also unexpected that Apple decided to create a separate table dedicated to the U2 album. This information could easily have been included in the rest of the transaction logs, but instead it was kept separate.
As for the security of the process, it seems there is little for curious users to be worried about, even if the data gets into the wrong hands. While address information does appear, this is relatively simple for a determined attacker to find out by other means, while the payment details are limited to things like whether the card is Mastercard or Visa.
Even so, the chance of this data being acquired by an unscrupulous third party is unlikely. Aside from having to authenticate to make the request, and details of the request being emailed to the user effectively a week before it is issued, Apple also advises it attempts to verify the request has come from the user themselves before compiling the data.
Given what was ultimately received, it is more likely anyone wanting to acquire sensitive details to launch some kind of attack would have better luck and a far quicker result if they went along alternate existing routes. Or, just prowled through a Facebook user's public data.
In May, Apple launched its Data and Privacy portal, enabling customers to request their personal data collected by Apple and held on its servers. The tool lets users select different categories of data to request, which is then compiled by Apple and made available to download at a later time.
Apple claims the process can take up to seven days to complete, but AppleInsider's request took a slightly longer eight days. It is likely that a higher level of users than Apple anticipated requested data at launch, in turn lengthening the waiting time, but it is probable other similar requests made in the future will happen within one week.
When the data is ready to collect, Apple sends an email to the user to remind them the data is available to download, when the request was initially made, and the categories of data that were requested. The message also warns if any data could not be acquired during the time.
Apple's descriptions for each category of data are relatively broad, and the data received and ordered into separate files reflects this. Rather than making all the data available in a single download, users still have to manually download each category's data separately.
The information received in the download is offered in a few easy-to-use formats, such as spreadsheets, PDF files, and vCards. Apple warns beforehand that content purchased from Apple's online marketplaces are not included in the supplied data, and while the Apple Online Store transaction history and Marketing communication history are not included, they can be requested by other means.
While there are options concerning iCloud Drive files and documents, iCloud Photos, and iCloud Mail, a request was not made for this data, as it is easily accessible by conventional means, and would take a lot longer to download.
AppleInsider made a request for data from the 12 main categories offered by the tool, but Apple warns the Maps Report an Issue data is unavailable to download at the time of writing. The files in the remaining 11 categories total 7.64 megabytes in size according to the website, 8.02 megabytes on local storage, a seemingly small amount of data that is largely made up of compact spreadsheets.
App Store, iTunes Store, iBooks Store, and Apple Music activity
The first category has a lengthy name and a total capacity to match. Delivered in a 6.7-megabyte zip file, the archive actually contains three other archives within it. Two are labeled "App Store iTunes Store iBooks Store Apple Music," while the third is an iTunes Gift Card Credit Redemption History.It appears the two archives with the same name are almost exact copies, with one including an "In Progress" file suggesting it to have been a folder used for compiling the files while the other is completed. It is likely the in-progress version was meant to be deleted.
These folders also hold other nested files, with the first relating to Apple Music.
Apple Music Activity
As expected, this folder contains a list of tracks included within the user's library, as well as separate files detailing songs they like and dislike, and even individual actions like scrubbing through tracks to specific points, timed down to a millisecond level.
A partial list of items in "Apple Music Play Activity.csv"
Some "Onboarding" data is also included from when a user first signs up to Apple Music, including songs they listened to and preferred musical genres. The last Apple Music element is the Social and Connect Post Information file, which lists various artists and bands the user has listened to, and identifier codes for following their music through the service.
Apps and Services Analytics
This folder contains a single Notifications spreadsheet, which seems to list when a notification event was provided to the user, including the device targeted by the notification.
Stores Activity
Multiple folders are held in this section for other online stores data, such as the Apple TV and Podcast Information folder including lists of Apple TV bookmarks, podcasts, and favorites from the TV app. For podcasts, it even includes a historical record of downloaded podcasts, when they were last played, and even how many times they were listened to and the last recorded playback position.
The iBooks Collection folder lists books the user owns and annotations for each title. Play Position Information advises of videos played back by the user in iTunes, again including activity timestamps, play counts, and other details.
Filed under Other Activity are files pertaining to Apps and Service Analytics, a small file named Limit Ad Tracking Information, another Apple Podcast activity file, details about media previews, and a Playlist Moderation file.
A Review Profile contains limited information about the user when providing app reviews, while a Reviews file lists items the user has reviewed.
Accounts and Transaction History
The last and probably most revealing folder in the Stores Activity section is Account and Transaction History, which gives a wealth of information about the user's store habits. For example, Billing Info History details when the user changes their billing information, as well as their name, address, email address, phone number, what kind of payment card is registered, and other fields relating to PayPal and other important areas.
A list of files in the "Account and Transaction History" folder
Account History - Account Details advises of a few basic details when the user first signed up for an account, while Account History - Apple Media Products Welcome Page Action lists the first time the user did something in each of Apple's online stores. Account History - TV Provider Opt-In History simply lists TV providers that the user has logged in with via the TV app.
A list of items in "Account History - Apple Media Products Welcome Page Action.csv"
There are three files prefixed with Customer Device History, which includes limited data about general device authorizations to use an Apple ID, iTunes in the Cloud authorizations, and one relating to push notifications.
The iTunes and App Store Hidden Purchases lists off files that were hidden in the iTunes store or App Store, including when they were removed from view. There are also lists for a user's subscriptions, pre-orders, and re-downloads from iTunes Match.
Three Store Transaction History files provide detailed information about store purchases, free downloads, and redownloaded items. All largely cover the name of the item downloaded, the seller, when and on what device the transaction took place, and other basic details, but the main transaction list also includes how much was paid, the type of payment, and if there was a chargeback.
The last file in the Account and Transaction History folder is titled "U2 Songs of Innocence Album Information," listing when the user received the individual tracks from the U2 album given away to all iTunes customers in 2014. The promotion that led to criticism from users and an apology from the band's frontman Bono, due to it automatically downloading to devices.
Testflight
A Testflight folder provides a history for the user when using apps in the testing program. The information included in this folder ranges from whether the user had accepted the terms of service, a list of beta apps, app crashes, devices used for testing, installations, and usage sessions.
iTunes gift cards
Rounding out the App Store archive is the iTunes Gift Card Redemption History file, which simply lists when purchases were put against a user's gift card-derived balance. This includes when gift cards are applied to the account, the balance, and transactions against said balance.
iTunes gift card redemption history
Apple ID Account and Device Information
This archive contains six files, but it appears to be three files and their duplicates. It is likely this is another artifact of the compilation process.Apple ID Account Information provides details about the user, including a redacted email address, name, gender, referred language, phonetic versions of their name, legal name, time zone, Apple ID alias, last time they changed their password, payment types, minimal billing and shipping information, and if they are enrolled into various services.
Apple ID Device Information lists the devices registered to an account, including serial number, when they were added, their last heartbeat IP address, and headers suggesting the collection of the phone number, ICCID, and MEID, among other information.
The Apple ID SignOn Information file reveals when the user logged in to various services, such as iCloud, iTunes, and FaceTime, complete with the IP address it was last used with.
Apple ID sign-in data
Apple Online and Retail Stores
Only one file was included in this archive, titled Apple Store Push Notifications. The file contained a single listing advising when the user subscribed to an "Order Status Notification Subscription" service.AppleCare
Similar to the last, AppleCare contains a single folder named AppleCare Support, containing a single file. The AppleCare Device Details file spreadsheet lists devices bought from Apple, their serial number, warranty start and end dates, partially redacted user details, and if AppleCare was acquired.Game Center
A single-file archive again, containing a JSON file named Game Center Data. Analysis reveals it contains a list of achievements for games, the achievement status, when said status was last updated, leaderboard scores, and any friends the user interacts with in Game Center apps.A small section of the data stored in "Game Center Data.json"
iCloud Bookmarks
Relatively self-explanatory, this is a list of bookmarks and Reading List items from Safari that have been stored in iCloud. The list is presented as a HTML file openable in a browser.iCloud Calendars and Reminders
The first viewable file in the archive is Preferences, which contains al the various options the user has selected in Apple's Calendar apps, such as date and time formats, showing or hiding birthdays and the lunar calendar, and the default calendar view. It is probable this data is being shared across all devices so that the user has the same familiar settings wherever they use the app.Two folders contain .ics files that can be opened and added to Calendar, if they are not already included. The Calendars folder contains calendars that are shared with other users, while Reminders contains files that can add appointments and other items to a designated calendar.
iCloud Contacts
This archive expands out to a folder named vCards, which contains individual contact files for people the user has manually added within the Contacts apps on macOS and iOS, that have been stored on iCloud. This does not include contacts that are stored on other services, such as FaceBook or Google.Opening any of the contact cards will attempt to import the card into the Contacts app, with the files themselves containing all the contact information added by the user.
iCloud Notes
This archive contains any notes created within the Notes app for iOS, that have been synchronized with iCloud. There are two sections, covering notes retained at the time of the data request, and a "Recently Deleted" folder that contains previously-purged notes that have yet to be properly deleted.The notes themselves are divided up into text files containing typed elements, while Sketches include image files generated in the note, like doodles produced using an Apple Pencil.
Demonstrating the folder structure of the iCloud Notes archive
Marketing Subscriptions, Downloads, and Other Activity
There are three files within the folder, with all three seeming to relate to historical account usage, rather than recent transactions.The Software Downloads spreadsheet includes customer name, email address, localization, device details, and a download timestamp, with the latter in this case referring to downloads from 2011 and 2012. The device details also relate to the browser, including versions used at the time of the transaction.
"Device Registration History Pre iOS 8 and Yosemite" is self-explanatory, with table headers again mentioning registration and activation timestamps, product names, the user's email and name, mailing address, and other hardware and software-related details.
The simply-named Additional Subscriptions file again includes references to recording the user's name, date of birth, address, browser, phone numbers, email preferences, and various timestamps. While the file is empty, its position next to two files that deal with older data suggests this to be historical in nature as well.
Other Data
The last section details data that doesn't necessarily fit elsewhere. This is split into four general areas.The Apple Features Using iCloud folder appears to contain a grab bag of items that are handy for a number of applications and services. This includes recent changes for Calendar, Call History, locations for EventKit, FaceTime logs, contacts used in Mail, and locations for Wallet.
Example of followed subject area data included in "News.json"
The more detailed sections in this bit include a list of known Wi-Fi networks, followed topics in Apple's News app, a list of recent searches in the Maps app, and a few listings under Safari Browsing History.
Devices Registered with Apple Messaging is a single-file folder that contains a list of all devices registered to an Apple ID, services the device is enabled to use, and user handles associated with the account.
Presumably the first of what could've been multiple files, the "iCloud Usage Data Set 1" spreadsheet lists when actions relating to iCloud is performed. This includes uploading photos and files, downloading them, modifying, and also deleting, among other elements.
Partial list of items included in "iCloudUsageData Set1.csv"
The lists are ordered by date and time, and list the device and pertinent details about it, and where the action was physically requested from. In some cases, such as photographs and videos, it can also detail items like the dimensions of the image, the duration in seconds, if there's a Live Photo effect, and the file size.
Lastly, there is a file called Recovery Devices, which lists a serial number for a device connected to the account, and whether it was successfully recovered.
A pile of data, mostly benign
An examination of the data acquired through the request process shows the data Apple collects about users is relatively similar to what anyone would expect any other technology company to compile about their users. Transaction histories, both for paid and unpaid purchases, and even file transfers, are extremely handy for any company to produce, for a variety of reasons.For example, knowing the kinds of apps a user buys or music they listen to can improve recommendations in the App Store or Apple Music. Knowing the purchasing habits of all users can help guide marketing efforts for upcoming products. Seeing changes in the photograph and video file details could help advise on what kind of camera sensor to include in a new device.
A partial list of items from "Store Transactions History.csv"
What is notable is the age of some of the data on hand, including the logs of when services started to be used and the initial registration date. It doesn't seem apparent why Apple would want to retain details before the release of iOS 8 and Mac OS X Yosemite, but it probably has a reason for doing so.
It is also unexpected that Apple decided to create a separate table dedicated to the U2 album. This information could easily have been included in the rest of the transaction logs, but instead it was kept separate.
As for the security of the process, it seems there is little for curious users to be worried about, even if the data gets into the wrong hands. While address information does appear, this is relatively simple for a determined attacker to find out by other means, while the payment details are limited to things like whether the card is Mastercard or Visa.
Even so, the chance of this data being acquired by an unscrupulous third party is unlikely. Aside from having to authenticate to make the request, and details of the request being emailed to the user effectively a week before it is issued, Apple also advises it attempts to verify the request has come from the user themselves before compiling the data.
Given what was ultimately received, it is more likely anyone wanting to acquire sensitive details to launch some kind of attack would have better luck and a far quicker result if they went along alternate existing routes. Or, just prowled through a Facebook user's public data.
Comments
...I contemplated the U2 push download as one way to get hooks into anyone who may not have agreed to the Apple iTunes EULA ( how many read it or better yet understand it? ) or bought into iTunes licensing, perhaps like the free song of the week... ? Can profiling by musical taste be informative ?
...in suit does the removal of iTunes app management (12.6.3.6+) also offer Apple the ability to track every iOS device connection, app load, download, etc...?
It may all be innocuous in 'civil society' times, and let's hope things stay that way...
... there is of course the 'Patriot Act' to consider, and a read of futurist fiction such as: craphound.com/littlebrother/download/ as recommended by someone I met who was in a first hand position to know more than myself...
...indeed I am reminded of the classic Onion short: www.youtube.com/watch?v=cqggW08BWO0
Let the tinfoil hat flames begin...
I'm surprised and disappointed to see the Game Center developers still using American m/d/y date format instead of the international ISO-8601 Y-M-D format.
Steve Jobs was adamant about privacy and I think Cook got an education when the customers rightly got pissed at that awful U2 album showing up without their consent.
Why?
Honest question.
https://www.androidcentral.com/editors-desk-us-carriers-charge-you-and-then-sell-your-data