Apple Tracks You More Than You Think

Cybersecurity startup Corellium offered or sold its software to spyware and hacking-tool creators in multiple repressive countries, a WIRED investigation revealed this week. A previously unreported 507-page document, believed to have been prepared by Apple, details how Corellium offered a trial of its products to the controversial spyware firm NSO Group, to a cybersecurity company with ties to the UAE government, and to a firm in China that also has government links. In response, Corellium, which makes phone-virtualization software that can help find security bugs in iOS and Android, published a blog post detailing how it now vets potential customers.

As millions of people across the US celebrated Thanksgiving and attended parades, we looked at the US shortage of bomb-sniffing dogs. Experts say the pandemic has led to a drop in the supply of dogs in the country—85 to 90 percent of them come from overseas—and that the lack of trainer animals is fueling national security concerns.

In other national security news, US lawmakers are calling for stricter rules on autonomous vehicles (AVs), which are able to gather reams of real-time data about their environment. China is a chief concern. In a letter shared exclusively with WIRED, Republican congressman August Pfluger said, “AV technology has opened the door for a foreign nation to spy on American soil, as Chinese companies potentially transfer critical data to the People’s Republic of China.”

We also looked at how hidden data stored in PDF files helped researchers reveal names that had been redacted. Court filings, national security files, and responses to Freedom of Information Act requests have all exposed such information in this way. And we heard the cautionary tale of how one person lost $17,000 in crypto—and how you can avoid the same fate. 

Finally, we published part five of the series “The Hunt for the Dark Web’s Biggest Kingpin,” which chronicles the downfall of AlphaBay, the world’s largest dark-web marketplace. In this installment, investigators in Thailand swoop in on AlphaBay’s mastermind, Alexandre Cazes, and discover he had a fortune topping $20 million. 

But wait, there’s more! Each week, we highlight news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

Apple’s privacy policy for analytics services on its devices, which gather data about how you use its products, claims the information collected isn’t used to identify you. However, a new analysis of the tools, reported by Gizmodo, claims a permanent ID number within the service is “tied to your full name, phone number, birth date, email address and more.” This ID number is sent to Apple alongside the analytics data about how you use your device, researchers from the software company Mysk told the publication. 

The findings appear to contradict the company’s privacy promises. Apple did not answer Gizmodo’s questions on the report. In recent years, Apple has pushed a pro-privacy stance, using it as an advantage over competitors, and it has run ads saying the data on people’s iPhones stays on their devices. However, experts have increasingly questioned some of Apple’s practices. (At the same time, Apple has been growing its advertising business.) In separate research published earlier in November, Mysk researchers claimed that Apple collects detailed information on people using its products through its own apps, even when they turn tracking off.

In June, the UK government approved the extradition of WikiLeaks founder Julian Assange to the United States. While Assange waits on an appeal in the case, the website he created is falling apart. At one point, WikiLeaks hosted more than 10 million leaked documents. However, according to an analysis by the Daily Dot, fewer than 3,000 of the files are now available. Aside from the drop-in documents, the website also has technical issues: It is frequently inaccessible, people have problems searching its content, and parts of its navigation have vanished. 

Meta’s Pixel, formerly known as the Facebook Pixel, is a snippet of code that websites can install to track their visitors. The tool is useful for advertisers. Millions of websites use the tracking tool, and the data is sent back to Meta. This week, The Markup revealed that major US tax websites are using the Pixel and sending financial information to Meta. Some of the data transferred includes names, email addresses, income information, and tax filing status. Some tax websites stopped using Meta’s Pixel following the report. A spokesperson for Meta, Dale Hogan, said that advertisers “should not send sensitive information” about people through its tools. 

And finally, in a major blow to scammers, an international police operation took down the iSpoof website, which let people disguise their phone numbers and show fake caller IDs when making phone calls. It’s estimated that people using iSpoof were contacting up to 20 people every minute of the day as they used false identities to try and trick people into handing over their money. One person was tricked out of £3 million ($3.6 million), reports say. The website now shows a notice saying it has been seized by the FBI and United States Secret Service. In total, 142 people were arrested in the operation, including the alleged administrator of the website, who was arrested in the UK. Police from the UK, US, Ukraine, France, Germany, and five other countries were involved.