But a content-hash would have given them a release ID (i.e. which specific version of the app bundle you're running.)
A series of {release hash, launch timestamp} events could be used to build a much more precise profile of your computing habits than just {app ID, launch timestamp} events would.
Also, you're ignoring the power-law: while yes, the majority of software exists in a long-tail of ISVs, most of the apps that people use are made by big corps that make a lot of apps each. 80% of the apps on any computer (Windows or macOS) are Microsoft or Apple or Adobe apps. When you're using any of those, all Apple gets is {Apple, timestamp} or {Google, timestamp} or {Adobe, timestamp}. That's... not very useful for profiling. Especially the first two. Safari and iTunes are both just "Apple" through this system. Are you working? Relaxing? Who knows?
Those are fair points. The original report was much more serious before Apple changed policies to make the reports encrypted in transit and stopped logging IPs.
A series of {release hash, launch timestamp} events could be used to build a much more precise profile of your computing habits than just {app ID, launch timestamp} events would.
Also, you're ignoring the power-law: while yes, the majority of software exists in a long-tail of ISVs, most of the apps that people use are made by big corps that make a lot of apps each. 80% of the apps on any computer (Windows or macOS) are Microsoft or Apple or Adobe apps. When you're using any of those, all Apple gets is {Apple, timestamp} or {Google, timestamp} or {Adobe, timestamp}. That's... not very useful for profiling. Especially the first two. Safari and iTunes are both just "Apple" through this system. Are you working? Relaxing? Who knows?