Hacker News new | ask | show | jobs
by koluna 1907 days ago
> The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc. are shared with Apple ...

You’ll also be surprised to learn that Apple gets to know your phone number when you set up iMessage. Really? This is basic information they need for operations. I’m all for privacy and not giving Big Tech access to unnecessary telemetry but this ain’t it.
4 comments
mfer 1907 days ago
Some monitoring is for operations. Apple needs to know your phone number of iMessage (if you have that enabled with most people do). Google and Apple will track the location for the "find my device" features that many of us use.

There are potential security reasons Apple may be using the information, too. For example, if more than one phone has the same phone number, IMEI, etc... it may be that one is spoofing the other. Do they look to catch that?

One of the things we don't talk enough about (or look into) is what info is being collected and how it is or can be used. Some of this is a black box at the companies and we need to go on reputation. It would be great if more of that use was opened up to people.

For reputation, Google is known to use all the data they can to influence behavior to make money. There have been books and papers written on this and the history of it. Apple is not known for this. So, their reputation is a little different. Just for context.

link
boston_clone 1907 days ago
I agree; this article feels like FUD and needs more evidence to back its claims.

I know that Apple alerts you if a new phone number is used, or you sign in from a new device, or a bunch of other indicators of compromise.

link
morsch 1907 days ago
What operations? Do users opt-in to these operations?
link
koluna 1907 days ago
You opt in when you choose to buy a piece of hardware from a vendor, and when you sign up for a carrier. Apple needs to identify phones that are flagged as stolen. They also need to connect the user to the carrier through their software and hardware, which means they must have a level of visibility as to who the user is.
link
morsch 1907 days ago
Not sure (IANAL) if buying a piece of hardware constitutes "freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her" (GDPR).

"Consent means giving people genuine choice and control over how you use their data. If the individual has no real choice, consent is not freely given and it will be invalid." and "This means people must be able to refuse consent without detriment, and must be able to withdraw consent easily at any time. It also means consent should be unbundled from other terms and conditions (including giving separate granular consent options for different types of processing) wherever possible." (ICO commentary)

Of course, this only applies wherever the GDPR applies.

https://ico.org.uk/for-organisations/guide-to-data-protectio...

link
Aloisius 1907 days ago
Legitimate interest, not consent.

Organizations can have a legitimate interest to process data in order to provide a user with the data service they signed up for.

link
m463 1907 days ago
You can use imessage without a phone number.
link
Aloisius 1907 days ago
Apple needs to know whether or not your phone number is registered with another phone in order to deregister it.

Otherwise people texting your number could have their messages sent via iMessage to the previous owner of your phone number.

link