Apple App Store Personalized Recommendations Tracking Explained: Opt-Out Gaps

Security researchers published findings today claiming Apple's App Store logs every individual tap a user makes and transmits that data to Apple as behavioral analytics. The gap between that characterization and Apple's own personalization disclosure is now the center of a privacy dispute that raises a direct question: when Apple says users can opt out, what exactly are they opting out of?

Apple's App Store personalization disclosure describes the inputs in familiar terms: purchases, downloads, searches, viewed items, purchase history, payment methods, and information derived from a user's Apple Account. Security researchers Mysk say the actual instrumentation is considerably finer-grained. The App Store app, they say, logs individual taps as analytics events and transmits them to Apple, with timing resolution detailed enough to calculate a user's typing speed, 9to5Mac reported.

Apple has not responded to the researchers' findings.

What researchers say about App Store analytics tracking

Apple's disclosure says users can opt out of "the use of this data for this purpose." That language is precise in a specific way: it describes opting out of an application of data, not a halt to collection. The disclosure does not say the underlying data stops being gathered when a user disables Personalized Recommendations.

Mysk's characterization of what is being gathered sits in different territory from the disclosure's list of signals. Responding to a commenter, Mysk clarified that the tap logging is not a byproduct of search functionality returning results as a user types. It is analytics data sent to Apple, 9to5Mac reported. The timing resolution of those captured events is reportedly sufficient to calculate typing speed.

That is a different category of signal from "you searched for this app." A search record captures intent. Typing speed captures behavior at the interface level: how a person moves through a screen, not what they chose. A user reading "purchases, downloads, searches, and viewed items" would not reasonably expect that their moment-to-moment navigation is being timestamped and transmitted.

The opt-out: what it covers and what it doesn't

Disabling Personalized Recommendations in Apple Account settings is the available action, and Apple's disclosure confirms it opts users out of having their data applied toward personalized app suggestions. That opt-out is real. Its scope is the dispute.

Mysk's position, as reported, is that no available setting in the App Store app stops the tap-level data capture itself. Users who disable the setting change how the data is used; the underlying event logging, according to Mysk, continues regardless. Apple has not addressed that characterization publicly.

Several material questions follow from this and remain unanswered. It has not been established whether the telemetry is linked to a named Apple Account or pseudonymized. Retention period is unknown. Whether disabling Personalized Recommendations has any effect on the event logging itself is unresolved. These are not peripheral details. They determine whether the collection carries regulatory exposure under GDPR or CPRA, and they are precisely the questions Apple's current disclosure language leaves open.

What is verified and what isn't

Mysk's core finding, that App Store interaction events are logged as analytics and transmitted to Apple with no in-app setting to disable the capture, is the best-supported claim in the available reporting, according to 9to5Mac.

A separate account from OSnews goes further, characterizing the behavior as a "taplogger" transmitting data without encryption and tying it directly to the user's Apple Account. Those claims, particularly the unencrypted transmission, have not been corroborated by independent packet capture analysis or any source outside that reporting. They should be treated as unverified until independently confirmed.

Apple requires disclosure from developers that it hasn't provided for itself

Since May 2024, every app and third-party SDK submitted to the App Store has been required to include a privacy manifest: a structured, machine-readable file declaring what data the app collects, which privacy-sensitive APIs it accesses, and the approved reason for each. Apps that omit the manifest or use a privacy-sensitive API without a declared reason are rejected at submission, according to a technical analysis published last month. The manifest feeds directly into the user-facing privacy nutrition label and functions, per that analysis, as a "structured contract between the app and Apple" in machine-readable form.

The privacy manifest system is a requirement Apple imposes on developers, not one it has applied to its own first-party apps. That distinction matters legally. But it also reveals something about Apple's capabilities: the framework gives developers a precise, auditable vocabulary for describing collected data types, API access, and declared purpose. Apple built this system, enforces it at submission, and applies it across every third-party app in the store.

Apple's consumer-facing personalization disclosure describes outcomes, relevant app suggestions, rather than the instrumentation that produces them. If the App Store were a third-party submission, tap-level behavioral telemetry of the kind Mysk describes would require an explicit declaration of data type, purpose, and API use. As Apple's own product, it operates under a different set of rules. The gap between the framework's precision and the App Store's plain-language disclosure is harder to dismiss when Apple demonstrably knows how to do the more granular version.

Whether regulators eventually require Apple to apply that standard to itself is an open question. For now, the asymmetry stands.

Where this leaves users

The mismatch between Apple's disclosure language and Mysk's characterization is now a matter of record. It will not resolve without a direct response from Apple.

The concrete action available is disabling Personalized Recommendations in Apple Account settings. Based on Apple's own disclosure, that stops the data from being used to surface personalized app suggestions. Its effect on the underlying event logging is unknown. Users who want to understand their exposure should treat the opt-out as a use restriction until Apple says otherwise.

The questions that would materially change the picture: Is the tap-level telemetry linked to a named Apple Account or pseudonymized? How long is it retained? Is the transmission encrypted? Does disabling Personalized Recommendations affect collection at all, or only downstream application of that data? Apple has not commented. Those questions are still waiting.