Auditing Apple's DifferentialPrivacy.framework: Implementation Bugs, Misconfigurations, and Practical Risks
arXiv SecurityArchived May 21, 2026✓ Full text saved
arXiv:2605.21378v1 Announce Type: new Abstract: Since 2016, Apple has claimed that device analytics collected to improve user experience are protected by differential privacy (DP). Apple's DifferentialPrivacy.framework is deployed across its operating systems and handles sensitive signals such as Safari domains, keyboard events, photo attributes, and health-related reports. Because Apple has not open-sourced its privatization algorithms, these privacy claims have been difficult to verify indepen
Full text archived locally
✦ AI Summary· Claude Sonnet
Computer Science > Cryptography and Security
[Submitted on 20 May 2026]
Auditing Apple's DifferentialPrivacy.framework: Implementation Bugs, Misconfigurations, and Practical Risks
Rishav Chourasia, Ergute Bao, Uzair Javaid, Xiaokui Xiao
Since 2016, Apple has claimed that device analytics collected to improve user experience are protected by differential privacy (DP). Apple's this http URL is deployed across its operating systems and handles sensitive signals such as Safari domains, keyboard events, photo attributes, and health-related reports. Because Apple has not open-sourced its privatization algorithms, these privacy claims have been difficult to verify independently.
We present a client-side audit of Apple's DP framework on macOS Sonoma 14.2 and Sequoia 15.6. We reverse engineer the shipped binaries, recover Objective-C interfaces, build runtime harnesses that execute Apple's deployed mechanisms, and test whether their outputs match the advertised privacy guarantees. Our audit covers nearly all active deployed mechanisms, including Count Median Sketch, Hadamard-CMS, randomized-response mechanisms, and Prio-style secure aggregation.
We find multiple implementation bugs and misconfigurations. Every audited mechanism that relies on floating-point noise fails to meet its advertised DP or zero-knowledge proof guarantee, due to insecure samplers with known floating-point vulnerabilities. We also find secure-aggregation configurations with local DP disabled, exposing pre-aggregation records to any party with access to those logs. Overall, we find DP violations in 5 of 9 audited mechanisms, affecting 87% of data collection in macOS Sonoma and 68% in Sequoia. We also identify public leaked iPhone logs that can be decoded to recover private information, including Safari domains and keyboard emoji signals.
Comments: 19 pages, 9 figures, 1 table. Accepted at the 47th IEEE Symposium on Security and Privacy (IEEE S&P 2026); Distinguished Paper Award
Subjects: Cryptography and Security (cs.CR); Computers and Society (cs.CY)
Cite as: arXiv:2605.21378 [cs.CR]
(or arXiv:2605.21378v1 [cs.CR] for this version)
https://doi.org/10.48550/arXiv.2605.21378
Focus to learn more
Journal reference: Proceedings of the 47th IEEE Symposium on Security and Privacy (IEEE S&P), 2026
Related DOI:
https://doi.org/10.1109/SP63933.2026.00225
Focus to learn more
Submission history
From: Rishav Chourasia [view email]
[v1] Wed, 20 May 2026 16:40:02 UTC (2,807 KB)
Access Paper:
view license
Current browse context:
cs.CR
< prev | next >
new | recent | 2026-05
Change to browse by:
cs
cs.CY
References & Citations
NASA ADS
Google Scholar
Semantic Scholar
Export BibTeX Citation
Bookmark
Bibliographic Tools
Bibliographic and Citation Tools
Bibliographic Explorer Toggle
Bibliographic Explorer (What is the Explorer?)
Connected Papers Toggle
Connected Papers (What is Connected Papers?)
Litmaps Toggle
Litmaps (What is Litmaps?)
scite.ai Toggle
scite Smart Citations (What are Smart Citations?)
Code, Data, Media
Demos
Related Papers
About arXivLabs
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)