Analytics data help

this is all under sirisearchfeedback

and basically everything else inside my analytics data has something roots installed bug type .. someone please help explaining what all this is


{"bug_type":"313","timestamp":"2024-01-10 17:19:41.00 -0500","os_version":"iPhone OS 17.2.1 (21C66)","roots_installed":0,"incident_id":"56A037FF-E266-41B5-BACA-5E676B9B11ED"}

{"agent":"parsecd\/1 (iPhone16,2; iPhone OS 17.2.1 21C66) safari\/1","country_code":"US","user_guid":"941EDA20-3EC6-4083-AD55-EA155689971D","session_start":170492518



and also this one


bug_type":"225","timestamp":"2024-01-14 12:07:52.00 -0500","os_version":"iPhone OS 17.2.1 (21C66)","roots_installed":0,"incident_id":"89251EB0-2723-4DE7-9442-3C77724C1744"}

[{"osVersion":"17.2.1","rangeEndTime":1705252071,"eventType":"installs","eventVersion":1,"itemId":"1160481993","topic":"xp_amp_app_usage_dnu","bundleId":"com.apple.Passbook","shortAppVersion":"1.0","anonymous":true,"installType":"prior","count":1,"appVersion":"1.0","baseVersion":1,"bundleVersion":"1552.3.6.4","eventTime":1705252071936,"clientEventId":"D52DED8A-87FE-4CC8-B627-AEB919CE24FD","isSystemApp":true,"usageClientId":"13EC856B-0C33-462F-B320-26F0580A894A","clientOnlyProperties":{},"timezoneOffset":300,"app":"com.apple.appstored","rangeStartTime":1705209528},{"osVersion":"17.2.1","rangeEndTime":1705252071,"eventType":"installs","eventVersion":1,"itemId":"1069511488","topic":"xp_amp_app_usage_dnu","bundleId":"com.apple.calculator","shortAppVersion":"1.0.0","anonymous":true,"installType":"prior","count":1,"appVersion":"1.0","baseVersion":1,"bundleVersion":"1.0","eventTime":1705252071937,"clientEventId":"51E6714B-6079-4D1B-91C5-D5C206C14908","isSystemApp":true,"usageClientId":"13EC856B-0C33-462F-B320-26F0580A894A","clientOnlyProperties":{},"timezoneOffset":300,"app":"com.apple.appstored","rangeStartTime":1705209528},{"osVersion":"17.2.1","rangeEndTime":1705252071,"eventType":"installs","eventVersion":1,"itemId":"454638411","topic":"xp_amp_app_usage_dnu","bundleId":"com.facebook.Messenger","shortAppVersion":"440.0.0","anonymous":true,"installType":"prior","count":1,"appVersion":"1.0","externalVersionId":"862339141","storefront":143441,"baseVersion":1,"bundleVersion":"554568373","eventTime":1705252071937,"clientEventId":"EC85A591-AB75-45D5-917D-398F1AF41248","usageClientId":"13EC856B-0C33-462F-B320-26F0580A894A","clientOnlyProperties":{},"timezoneOffset":300,"app":"com.apple.appstored","rangeStartTime":1705209528},{"osVersion":"17.2.1","rangeEndTime":1705252071,"eventType":"installs","eventVersion":1,"itemId":"544007664","topic":"xp_amp_app_usage_dnu","bundleId":"com.google.ios.youtube","shortAppVersion":"19.01.1","anonymous":true,"installType":"prior","count":1,"appVersion":"1.0","externalVersionId":"862708842","storefront":143441,"baseVersion":1,"bundleVersion":"19.01.1","eventTime":1705252071937,"clientEventId":"5099EEFE-4427-44A8-A08C-3B9AC2A40A52","usageClientId":"13EC856B-0C33-462F-B320-26F0580A894A","clientOnlyProperties":{},"timezoneOffset":300,"app":"com.apple.appstored","rangeStartTime":1705209528},{"osVersion":"17.2.1","rangeEndTime":1705252071,"eventType":"installs","eventVersion":1,"itemId":"351727428","topic":"xp_amp_app_usage_dnu","bundleId":"net.kortina.labs.Venmo","shortAppVersion":"10.32.0","anonymous":true,"installType":"prior","count":1,"appVersion":"1.0","externalVersionId":"862018682","storefront":143441,"baseVersion":1,"bundleVersion":"7","eventTime":1705252071938,"clientEventId":"3BEF426A-DEEC-4488-935F-E4E7B9E58BAA","usageClientId":"13EC856B-0C33-462F-B320-26F0580A894A","clientOnlyProperties": if everything is fine perfect if not then guys help me and let’s smash this guys

iPhone 15 Pro Max, iOS 17

Posted on Jan 14, 2024 5:26 PM

Reply
Question marked as Top-ranking reply

Posted on Jan 14, 2024 6:45 PM

Looks like normal log chatter.


Property lists, telemetry data, and log files are just chock-filled with arcane and ominously- or scarily-worded and utterly benign text. None of which is documented by Apple. Rummaging telemetry and rummaging logs is akin to searching infinite haystacks, without knowing what the needles might look like, or whether there are any needles even present.


Symbols and telemetry screenshots and property list settings and log dumps are not the path to identify and isolate a purported security compromise, either. Yes, there might be evidence in a log somewhere (if there is a compromise), but I’ve yet to see anybody actually capture evidence of a compromise in their logs or property lists or telemetry. I have encountered a whole lot of “is this normal?” followed by multiple screenshots of what was benign data. Not a very efficient or effective approach.


Usual security suggestions apply, of course: running Safety Check, enabling two-factor authentication, and other such steps. How to learn more about this? How to find and gather evidence of a comprmise?


Acquire and read the three volumes of MacOS and iOS Internals by Jonathan Levin (moxii) and read through them. That document is probably the best available description of how the pieces fit together.


Here is a digital forensics class for macOS, iOS, and iPadOS:

https://www.sans.org/cyber-security-courses/mac-and-ios-forensic-analysis-and-incident-response/


There are other materials around, as well.


It is unlikely that someone will do forensics for free, which means either you pay for forensics, or you learn about and collect enough forensics to interest others in your particular case, or you are a likely target of high-level exploit tooling. If you are an investigative journalist, senior in government or private, with access to financial or confidential or sensitive or classified data, rich, or otherwise of interest to some very well-funded folks, you might be a target. And this forensics collection and examination involves your own personal information, and direct device access. And all this effort may or may not find a compromise, even if one is present.

Similar questions

1 reply
Question marked as Top-ranking reply

Jan 14, 2024 6:45 PM in response to Bozz7

Looks like normal log chatter.


Property lists, telemetry data, and log files are just chock-filled with arcane and ominously- or scarily-worded and utterly benign text. None of which is documented by Apple. Rummaging telemetry and rummaging logs is akin to searching infinite haystacks, without knowing what the needles might look like, or whether there are any needles even present.


Symbols and telemetry screenshots and property list settings and log dumps are not the path to identify and isolate a purported security compromise, either. Yes, there might be evidence in a log somewhere (if there is a compromise), but I’ve yet to see anybody actually capture evidence of a compromise in their logs or property lists or telemetry. I have encountered a whole lot of “is this normal?” followed by multiple screenshots of what was benign data. Not a very efficient or effective approach.


Usual security suggestions apply, of course: running Safety Check, enabling two-factor authentication, and other such steps. How to learn more about this? How to find and gather evidence of a comprmise?


Acquire and read the three volumes of MacOS and iOS Internals by Jonathan Levin (moxii) and read through them. That document is probably the best available description of how the pieces fit together.


Here is a digital forensics class for macOS, iOS, and iPadOS:

https://www.sans.org/cyber-security-courses/mac-and-ios-forensic-analysis-and-incident-response/


There are other materials around, as well.


It is unlikely that someone will do forensics for free, which means either you pay for forensics, or you learn about and collect enough forensics to interest others in your particular case, or you are a likely target of high-level exploit tooling. If you are an investigative journalist, senior in government or private, with access to financial or confidential or sensitive or classified data, rich, or otherwise of interest to some very well-funded folks, you might be a target. And this forensics collection and examination involves your own personal information, and direct device access. And all this effort may or may not find a compromise, even if one is present.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Analytics data help

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.