All Your Apple are Belong to Us: Unique Identification and Cross-Device Tracking of Apple Devices

Conference:  BlackHat USA 2019



The presentation discusses vulnerabilities in Apple devices and proposes solutions to prevent unique identification and cross-device tracking through probabilistic data and differential privacy.
  • Vulnerabilities in Apple devices can be exploited to read, write, and query arbitrary circle ID files outside the sandbox.
  • Probabilistic data can be used to connect a device to a person based on characteristics such as IP addresses, device names, URLs, and coordination information.
  • Feasible solutions to prevent unique identification and cross-device tracking include instrumentation and differential privacy.
  • Differential privacy provides a means to maximize the accuracy of theories from step-by-step decode database while mirroring the privacy impacted are individuals who the information is in the database.
  • Apple plans to add more mechanisms to protect user privacy, such as providing developers with unique random IDs and preventing users from using Wi-Fi and Bluetooth to approximate their location without permission.
The presentation provides an example of an app that collects sensitive information such as system version and SSID, and how instrumentation can be used to locate the function that collects this information. Differential privacy can also be used to add noise to data to prevent cross-device tracking.


Privacy is about people. Smartphones and laptops (e.g., iPhone, iPad, and MacBooks) are the most frequently used personal devices. Consequently, people with ulterior motives (e.g., advertisers) can easily connect to individuals through these devices. Although Apple is trying to provide the best protection of personal information on Apple devices, many approaches (e.g., private APIs and vulnerabilities) are being abused to uniquely identify users. Besides, identifying and correlating people's devices allows cross-device companies to track one person and target operations (e.g., advertising) on both of his/her devices. However, such cross-device tracking can principally reveal a complete picture of a person and become more privacy-invasive than the simple tracking.In this talk, we will show a study of unique identification and cross-device tracking technologies of Apple devices. We first list several approaches (e.g., public APIs and vulnerabilities like CVE-2018-4322) to uniquely identify the Apple device even after a system rebooting or resetting. Moreover, we present advanced algorithms and vulnerabilities (e.g., CVE-2018-4321) to associate Apple device through deterministic user IDs (e.g., Apple IDs and phone numbers) and probabilistic data (e.g., device names, coordinate information, and IP addresses). Last but not least, we discuss feasible solutions (e.g., instrumentation and differential privacy) to prevent unique identification and cross-device tracking. It is worth noting that all vulnerabilities we found were reported to Apple (follow-up id: 710526756) and we believe our study can help Apple to maintain and improve the privacy of their products.