This study presents the first systematic client-side audit of Apple’s DifferentialPrivacy.framework in macOS, addressing concerns about the opacity of its closed-source implementation despite claims of differential privacy (DP) protection. Combining binary reverse engineering, Objective-C interface reconstruction, and runtime testing, the authors evaluate the actual privacy guarantees provided in practice. Their analysis reveals that 5 out of 9 deployed DP mechanisms violate theoretical DP assurances, affecting 87% of data collection tasks in macOS Sonoma and 68% in Sequoia. Critical vulnerabilities include flawed floating-point noise generation and misconfigured local DP parameters. Furthermore, by analyzing publicly available iPhone logs, the study successfully reconstructs sensitive user data—such as Safari-browsed domains and keyboard emoji usage—demonstrating tangible privacy risks stemming from these implementation flaws.

Since 2016, Apple has claimed that device analytics collected to improve user experience are protected by differential privacy (DP). Apple's DifferentialPrivacy.framework is deployed across its operating systems and handles sensitive signals such as Safari domains, keyboard events, photo attributes, and health-related reports. Because Apple has not open-sourced its privatization algorithms, these privacy claims have been difficult to verify independently. We present a client-side audit of Apple's DP framework on macOS Sonoma 14.2 and Sequoia 15.6. We reverse engineer the shipped binaries, recover Objective-C interfaces, build runtime harnesses that execute Apple's deployed mechanisms, and test whether their outputs match the advertised privacy guarantees. Our audit covers nearly all active deployed mechanisms, including Count Median Sketch, Hadamard-CMS, randomized-response mechanisms, and Prio-style secure aggregation. We find multiple implementation bugs and misconfigurations. Every audited mechanism that relies on floating-point noise fails to meet its advertised DP or zero-knowledge proof guarantee, due to insecure samplers with known floating-point vulnerabilities. We also find secure-aggregation configurations with local DP disabled, exposing pre-aggregation records to any party with access to those logs. Overall, we find DP violations in 5 of 9 audited mechanisms, affecting 87% of data collection in macOS Sonoma and 68% in Sequoia. We also identify public leaked iPhone logs that can be decoded to recover private information, including Safari domains and keyboard emoji signals.