Privacy gaps in Apple’s data collection scheme revealed

(Image: Pixabay CC0) - Researchers have demonstrated how Apple's use of a widely adopted data protection model could expose individuals to privacy attacks. By investigating Apple's use of the model, called local differential privacy (LDP), the researchers found that individuals' preferred emoji skin tone and political leanings could be inferred from the company's data. Companies collect behavioural data generated by users' devices at scale to improve apps and services. These data, however, contain fine-grained records and can reveal sensitive information about individual users. "Our results emphasise the need for more research on how to apply these safeguards effectively in practice to protect users' data." Dr Yves-Alexandre de Montjoye Department of Computing - Companies such as Apple and Microsoft use LDP to collect user data without learning private information that could be traced back to individuals. However, the new paper, presented at the peer-reviewed USENIX Security Symposium, reveals how individuals' emoji and website usage patterns collected using LDP can be used to collect information about an individual's use of emoji skin tones and political affiliations. The Imperial College London researchers say that this violates the guarantees that LDP is supposed to offer, and that more must be done to protect Apple customers' data.