cross-posted from: https://lemmy.world/post/11219865

TL;DR version:

Several popular iOS apps, including Facebook, LinkedIn, TikTok, and Twitter, have been found to be collecting user data through notifications, even when the app is closed, according to tests conducted by security researchers at Mysk Inc. The data collected includes IP addresses, device information, and other identifiable details, which can be used for targeted advertising and tracking purposes. While some of the companies involved have denied the allegations, the researchers claim that the data collection is unnecessary for notification processing and appears to be related to analytics and tracking. The issue is believed to be widespread among iOS apps, and Apple’s lack of enforcement of its own privacy rules has been criticized. Upcoming changes to the iPhone operating system’s rules may help address the problem, but it remains to be seen how effectively they will be enforced.

Mitigating the issue:

  • According to a reply from the researchers under their video:

Disabling the notifications prevents this from happening, but you have to toggle the option “Allow Notifications” of the app off. Allowing the notifications while disabling the alerts isn’t enough.

  • Another article from BleepingComputer similarly notes that:

iPhone users who want to evade this fingerprinting should disable push notifications entirely. Unfortunately, making notifications silent will not prevent abuse. To disable notifications, open ‘Settings,’ head to ‘Notifications,’ select the app you want to manage notifications for and tap the toggle to disable ‘Allow Notifications.’

Link to the researchers’ original post on Mastodon: https://mastodon.social/@mysk/111816751385137545

  • randomperson@lemmy.today
    link
    fedilink
    English
    arrow-up
    22
    ·
    edit-2
    9 months ago

    yup. if you’re running untrusted apps on your phone, make sure to turn off background refresh AND notifications. apps can run arbitrary code when they receive a push message. usually its so they can provide a better notification for the user, but they can collect data and phone back to the mothership too.

  • Optional@lemmy.world
    link
    fedilink
    arrow-up
    18
    arrow-down
    6
    ·
    9 months ago

    Headline: iPhone is harvesting your data!

    Article: Facebook, LinkedIn, and TikTok are harvesting your data.

    • solarvector@lemmy.ml
      link
      fedilink
      arrow-up
      22
      arrow-down
      3
      ·
      9 months ago

      It’s pretty clear that it’s Apps, not iPhone. But also… iPhone is responsible for holding application developers to their terms of service. It’s absolutely appropriate to criticize them for failing to deliver what they’re selling in terms of claims to a more private ecosystem.

      • Optional@lemmy.world
        link
        fedilink
        arrow-up
        3
        arrow-down
        5
        ·
        9 months ago

        Do the android versions also harvest data?

        They do.

        So why call out iphone? Because they’re supposed to manage every telemetric aspect of the 2.24 million apps on the app store?

        Sure, ok. This connectivity is allowed, This connectivity isn’t. Sounds great, how do they find that information out? Super magical quantum computers probably.

        • Alexstarfire@lemmy.world
          link
          fedilink
          arrow-up
          7
          arrow-down
          1
          ·
          9 months ago

          Why call out the company that claims they protect privacy when they fail to protect privacy? No idea.

          • Optional@lemmy.world
            link
            fedilink
            arrow-up
            2
            arrow-down
            3
            ·
            9 months ago

            Privacy isn’t a concrete object. Like you can buy a six pack of freedom and a bag of privacy. Pretending Apple’s responsible for all apps’ behavior is bullshit.

            • Alexstarfire@lemmy.world
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              9 months ago

              It’s fine if you’re cool being lied to. I’m not. Though, it’s hard to find any company that isn’t lying to you one way or another.

        • helpImTrappedOnline@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          9 months ago

          If they make an example of the big rule breakers, the rest will fall into line, making it easier to spot the little trouble makers…think of it like form mods. Sure they can’t catch everything, but by constantly allowing garbage through, that’s all they’ll get. If they enforce the rules then less will attempt to break them.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    9 months ago

    This is the best summary I could come up with:


    The data is unnecessary for processing notifications, the researchers said, and seems related to analytics, advertising, and tracking users across different apps and devices.

    It’s par for the course that apps would find opportunities to sneak in more data collection, but “we were surprised to learn that this practice is widely used,” said Tommy Mysk, who conducted the tests along with Talal Haj Bakry.

    For one, Apple gives app developers details about what’s going on with notifications directly, so there’s no need to collect additional information if you know what happened after you pinged your users.

    Furthermore, a lot of the data that apps are collecting seems unrelated to analyzing how well notifications are working, like your phone’s available disk space or the time since your last reboot, Mysk said.

    Mysk said if a company like Google can send you a notification without snooping on other details, that suggests there are ulterior motives for the data collection he spotted.

    Unfortunately, you might have heard that big companies sometimes tell lies, which would get in the way of that solution, and Apple doesn’t have a stellar track record of enforcing similar rules.


    The original article contains 1,384 words, the summary contains 191 words. Saved 86%. I’m a bot and I’m open source!

  • ForestOrca@kbin.social
    link
    fedilink
    arrow-up
    4
    ·
    9 months ago

    I had the ones mentioned off already, but just went and shut off all the ones that I don’t absolutely need notifications active. Good reminder.