Apple's Secret API - The [REDACTED] Hacker - Episode 001 #cybersecurity

Apple has a secret API to spy on you and the reports coming in are not pretty...

According to Gizmodo:

A new test of how Apple gathers usage data from iPhones has found that the company collects personally identifiable information while explicitly promising not to.

The privacy policy governing Apple’s device analytics says "none of the collected information identifies you personally".

But an analysis of the data sent to Apple shows it includes a permanent, unchangeable ID number called a Directory Services Identifier, or DSID, according to researchers from the software company Mysk.

Apple collects that same ID number along with information for your Apple ID, which means the DSID is directly tied to your full name, phone number, birth date, email address and more, according to Mysk’s tests.

The iPhone Analytics setting makes an explicit promise: Turn it off, and Apple says that it will "disable the sharing of Device Analytics altogether".

However, two app developers and security researchers at the software company Mysk, took a look at the data collected by a number of Apple iPhone apps including the App Store, Apple Music, Apple TV, Books, and Stocks.

They found the analytics control and other privacy settings had no obvious effect on Apple’s data collection. The tracking remained the same whether iPhone Analytics was switched on or off.

According to Apple’s analytics policy, "Personal data is either not logged at all, is subject to privacy-preserving techniques such as differential privacy, or is removed from any reports before they’re sent to Apple"

But Mysk’s tests show that the DSID, which is directly tied to your name, is sent to Apple in the same packet as all the other analytics information.

▬▬▬▬▬ 🔵 BONUS LINKS 🔵 ▬▬▬▬▬

▬▬▬▬▬ 🟣 API SECURITY 🟣 ▬▬▬▬▬
APIs are everywhere and API Security has never been more important than it is right now. API abuses have risen in the past few years and it is difficult to go even a week without reading about another API that has been attacked. By securing your APIs using API Security solutions and API Management best practices, you can mitigate attacks and protect your organization, your customers, your data, and your reputation from API Hackers.

▬▬▬▬▬ 🟢 WHAT IS OWASP? 🟢 ▬▬▬▬▬
OWASP stands for "Open Web Application Security Project" and they are an international non-profit organization dedicated to web application security.

It is important to apply API Security best practices to your cybersecurity strategy.

▬▬▬▬▬ 🔴 WHAT IS API Penetration Testing? 🔴 ▬▬▬▬▬
API penetration testing (or API Pentesting) is an ethical hacking process to assess the security of the API design. API tests involve attempting to exploit identified issues and reporting them to strengthen the API to prevent unauthorized access or a data breach.

▬▬▬▬▬ 🟡 OWASP API SECURITY 🟡 ▬▬▬▬▬
What is the OWASP Top 10 for API Security?
⭐ Broken Object Level Authorization
⭐ Broken User Authentication
⭐ Excessive Data Exposure
⭐ Lack of Resources & Rate Limiting
⭐ Broken Function Level Authorization
⭐ Mass Assignment
⭐ Security Misconfiguration
⭐ Injection
⭐ Improper Assets Management
⭐ Insufficient Logging & Monitoring

▬▬▬▬▬ 💀 API Hacker Resources 💀 ▬▬▬▬▬
💀 Postman
💀 Charles Proxy
💀 MobSF
💀 Frida
💀 MITM
💀 OSINT Tools

▬▬▬▬▬ ❤️ LEVEL-UP ❤️ ▬▬▬▬▬
🔔 Subscribe ▪ Get notified when new content is available!
👍🏻 Thumbs Up! ▪ Love APIs? 😍 Like our video and share it!
💬 Comment ▪ Let us know what you think of this episode!

▬▬▬▬▬ 👀 LET'S CONNECT 👀 ▬▬▬▬▬

▬▬▬▬▬ ⚡ SUPERCHARGE ⚡ ▬▬▬▬▬

▬▬▬▬▬ 🎬 DIGITAL TOOLS 🎬 ▬▬▬▬▬