this post was submitted on 26 Jan 2024
157 points (95.4% liked)

Technology

56365 readers
5474 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
L4s@lemmy.world
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
157
iPhone Apps Secretly Harvest Data When They Send You Notifications, Researchers Find (gizmodo.com)
submitted 6 months ago* (last edited 6 months ago) by ForgottenFlux@lemmy.world to c/technology@lemmy.world
15 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.world/post/11219865

TL;DR version:

Several popular iOS apps, including Facebook, LinkedIn, TikTok, and Twitter, have been found to be collecting user data through notifications, even when the app is closed, according to tests conducted by security researchers at Mysk Inc. The data collected includes IP addresses, device information, and other identifiable details, which can be used for targeted advertising and tracking purposes. While some of the companies involved have denied the allegations, the researchers claim that the data collection is unnecessary for notification processing and appears to be related to analytics and tracking. The issue is believed to be widespread among iOS apps, and Apple's lack of enforcement of its own privacy rules has been criticized. Upcoming changes to the iPhone operating system's rules may help address the problem, but it remains to be seen how effectively they will be enforced.

Mitigating the issue:

  • According to a reply from the researchers under their video:

Disabling the notifications prevents this from happening, but you have to toggle the option "Allow Notifications" of the app off. Allowing the notifications while disabling the alerts isn't enough.

  • Another article from BleepingComputer similarly notes that:

iPhone users who want to evade this fingerprinting should disable push notifications entirely. Unfortunately, making notifications silent will not prevent abuse. To disable notifications, open 'Settings,' head to 'Notifications,' select the app you want to manage notifications for and tap the toggle to disable 'Allow Notifications.'

Link to the researchers’ original post on Mastodon: https://mastodon.social/@mysk/111816751385137545

top 15 comments
sorted by: hot top controversial new old
[–] kirklennon@kbin.social 22 points 6 months ago (1 children)

I'm going to go ahead and just call this a nothingburger. The context is that you're already a registered user signed into the Facebook, etc. app. You've already volunteered the valuable profile data and the analytics data from actually using the app. If you're already OK with all of that, there's effectively no additional concern with the relatively minor data that can be collected or inferred from the notifications. The very idea that someone should or would turn notifications off on, for example, Instagram because they're concerned about privacy is ridiculous. It's like telling someone not to crack the windows on their car because it might rain, but they're in a convertible with the top down.

[–] KelsonV@lemmy.world 19 points 6 months ago

Someone's concern for privacy can change throughout the day or at different locations. To keep the metaphor going, they might be fine with the top being open while they're driving, but want it closed when the car is parked.

[–] kittenzrulz123@lemmy.world 11 points 6 months ago

Who knew that absolutely proprietary software also tracked you, I'm soooooo shocked

[–] Sanctus@lemmy.world 10 points 6 months ago

Public trust doesnt mean shit anymore

[–] Copernican@lemmy.world 9 points 6 months ago (1 children)

Data includes ip addresses, etc... is that a surprise? How do most notifications work? Is the device client polling status updates to retrieve status changes to trigger a notification? If that occurs isn't it obvious the user IP would be known?

[–] drahardja@lemmy.world 6 points 6 months ago (1 children)

Apps can get woken up when a remote notification arrives that has the content-available key. Apps are woken up in background mode, at which point they have a few seconds to do whatever they need to do to refresh their content cache. This, of course, often leads to the app making a connection to the server, which exposes the user’s IP address.

I think the sin here is that some apps always set the content-available key regardless of whether there is content to be retrieved or not. That turns the notification into a surveillance tool, allowing the app to check in periodically.

[–] Copernican@lemmy.world 2 points 6 months ago (1 children)

So it's not so much what data is shared, but how it's triggered to do this at unnecessary times is where the intent is likely nefarious.

[–] drahardja@lemmy.world 3 points 6 months ago

I think so.

[–] sayitghoul@lemmy.world 5 points 6 months ago

I guess this has been going on for some time and not only on iPhone but also Android.

I'm not liking the way things are going with mobile. Tracking, ads and now bloody AI everywhere.

I don't think anyone wants AI enhanced photos and all that crap.

I was looking at phone shops the other day, and all you can buy (mainstream) is Apple and Samsung. Different shops stock a variety of other brands, such as Sony (what's left of it) Motorola and Xiaomi here and there.

There is no variation, everything looks the same and they're not being challenged. Mobile is now officially boring.

We need a new platform again to challenge the status quo. It was a real shame that Microsoft messed up Windows phone. WP8 was the best operating system in my opinion. Unfortunately no support from developers killed it (and later by Microsoft messing it up with Windows 10)...

[–] autotldr@lemmings.world 3 points 6 months ago

This is the best summary I could come up with:

The data is unnecessary for processing notifications, the researchers said, and seems related to analytics, advertising, and tracking users across different apps and devices.

It’s par for the course that apps would find opportunities to sneak in more data collection, but “we were surprised to learn that this practice is widely used,” said Tommy Mysk, who conducted the tests along with Talal Haj Bakry.

For one, Apple gives app developers details about what’s going on with notifications directly, so there’s no need to collect additional information if you know what happened after you pinged your users.

Furthermore, a lot of the data that apps are collecting seems unrelated to analyzing how well notifications are working, like your phone’s available disk space or the time since your last reboot, Mysk said.

Mysk said if a company like Google can send you a notification without snooping on other details, that suggests there are ulterior motives for the data collection he spotted.

Unfortunately, you might have heard that big companies sometimes tell lies, which would get in the way of that solution, and Apple doesn’t have a stellar track record of enforcing similar rules.

The original article contains 1,384 words, the summary contains 191 words. Saved 86%. I'm a bot and I'm open source!

[–] Gork@lemm.ee 2 points 6 months ago

That thumbnail makes me nauseous. Imagine getting phone notifications when Elon Musk of all people decides to post on X (formerly known as Twitter but decided to torpedo an entire decade of effective company branding).