Dozens of iPhone Apps 'Constantly' Sending Location Data to Data Monetization Firms

[Spendlove]

Thanks for everyone linking Pihole. I have never heard of it before.

As a total computer noob though I haven't got a clue about Linux or anything if it doesn't auto install as an App or work on Airport routers!

 

[bluecoast]

It feels if Apple needs to both:

- Really audit app submissions and app updates and get a lot more rigorous and smarter about what it detects. And what it lets apps do
- Update iOS privacy controls. Many apps only require ‘write’ permissions to work regarding your info. At the moment, to use things like camera apps etc you have to trust that they are not harvesting your photos etc. I think that this is so important that it should be an update for this March with app developers told its happening before the end of this year.

 

[Delgibbons]

It feels if Apple needs to both:

- Really audit app submissions and app updates and get a lot more rigorous and smarter about what it detects. And what it lets apps do
- Update iOS privacy controls. Many apps only require ‘write’ permissions to work regarding your info. At the moment, to use things like camera apps etc you have to trust that they are not harvesting your photos etc. I think that this is so important that it should be an update for this March with app developers told its happening before the end of this year.

I kept hearing how much Apple value security and privacy, and how much better the app vetting process is on iOS, and how much better it is than Android on the Google Play store.

Turns out that's all utter b***ocks after all.

 

[Iconoclysm]

I have nothing that uses Bluetooth, so I keep it off mainly for the power, but there are always vulnerabilities found in Bluetooth from time to time. I wouldn't consider it a big risk; haven't heard of any big exploits of iPhones through BT.

IDK why they say to use generic wifi SSIDs.
[doublepost=1536365744][/doublepost]
Definitely never give "always on" location to anything except maybe Google Maps. On top of that I always kill apps rather than letting them background. Besides power usage, I'd rather not keep track of what the privacy settings do exactly and just give them zero chance instead. Apps can wake up for a variety of reasons if they're not killed.

They are suggesting generic wifi SSIDs so that wifi networks can't be distinguishable enough to track people.
[doublepost=1536501856][/doublepost]

I kept hearing how much Apple value security and privacy, and how much better the app vetting process is on iOS, and how much better it is than Android on the Google Play store.

Turns out that's all utter b***ocks after all.

Right, an incident like this is equal to a decade of them on Android...

FYI, Apple can't catch everything that apps do but they at least TRY.

 

[redgreenski]

I didn't think Apple allowed this sort of thing.

I did. I looked at the privacy policy of those 3rd party email clients with violations ranging from grossly scanning emails to sharing data with Facebook. I now only use Apple apps with very few exceptions.

 

[jctevere]

Why are people surprised by this? Mobile advertisers don’t even need to get it from applications.

In the United States your cell phone carriers are already selling your latitude and longitude location coordinates.

 

[DailySlow]

Bluetooth is always required with an Apple Watch. Hardly a practical recommendation.

Hey, and as what about my bluetooth MFI hearing aids.

 

[upandown]

Why are people surprised by this? Mobile advertisers don’t even need to get it from applications.

In the United States your cell phone carriers are already selling your latitude and longitude location coordinates.

And much more!

 

[antonis]

So privacy on iOS is fake

Yes and no. There's no doubt that apple does indeed care about it, I'll give them that (ex iOS user, using android for the last 2 years and I'm not going back, so I'm not favouring apple here, but I have to give them that). There's no doubt as well, though, that they cannot fully control what 3rd party apps are doing - maybe it is impossible to do it in the first place given the vast number and the variety of them. I'm not even sure if they are willing to ban every single app that is not within their guidelines, as that would leave the app store without some very common apps.

 

[rafark]

Ironically, the Waze UI is so bad that "just kill the app (and relaunch it from scratch)" is my default technique for navigating through the app.

lol this reminds me of most websites I use, instead of using their ui, I rather go do a google search with the website's page name I want to go to. For example, If I wanted to go to the mac mini section here, it's faster for me to open a new tab and write "mac mini macrumors".

 

[Morgenland]

The best way to be able to still use some of these apps (like Pay By Phone parking) that need your location to work well, but not share your location all the time, is to make sure Location Privacy is set to "While Using".

Any app that tries to keep using your location in the background when set to "While Using" will pop up a big blue banner saying "<app> is currently using your location." You can then remove the offending app, or at least kill it. Waze has this issue, but I suspect it's a longstanding bug and not intentional.

The article points out another problem: There are some apps that only work well and satisfactorily if you set Location to permanently active. For example apps for navigation or timestamps for specific task locations 24/7 (e.g. "C-Time"-APP). With these, the user must be able to rely on Apple's careful control of built-in data protocols. This is the advantage of closed systems in which Apple prevents the sale of dangerous things. Apple can do that and should be encouraged to do so by this article.

 

[baryon]

Just by looking at the apps' names, they look shady enough. This is why it's best to only have apps you really need and use regularly on your phone. Do you really need "Coupon Sherpa" to be on your phone? And do regular cleaning and remove any apps you may have forgotten about that you don't use. "Just in case I may need it one day" is not a reason to keep it.

 

[acgmph]

I see a lot of references to Pi-Hole, but not everyone knows or can set this up in their home networks. I use OpenDNS, the free version, which allows manual blacklist and whitelist management, aside from their standard URL filtering categories. No software to install or manage, just point your router to their IPs and create a free account. Done.

 

[fairuz]

They are suggesting generic wifi SSIDs so that wifi networks can't be distinguishable enough to track people.

Hmm, I'd have to see more context. Some malicious software running on a machine and taking note of SSIDs? Seems like many other things present the same risk, like unique MAC addresses, and anyway there will always be someone nearby with a unique wifi SSID.

 

[thadoggfather]

I used my radar to check the weather radar

What’s a good substitute ?

Don’t say stock weather app either haha

 

[NT1440]

I kept hearing how much Apple value security and privacy, and how much better the app vetting process is on iOS, and how much better it is than Android on the Google Play store.

Turns out that's all utter b***ocks after all.

It is better. It’s not perfect and practices should be updated and enforced more diligently, but to take away from these reports that the security and privacy paractices if Android and iOS are on par with each other is to misunderstand what is happening here.

 

[zorinlynx]

Just by looking at the apps' names, they look shady enough. This is why it's best to only have apps you really need and use regularly on your phone. Do you really need "Coupon Sherpa" to be on your phone? And do regular cleaning and remove any apps you may have forgotten about that you don't use. "Just in case I may need it one day" is not a reason to keep it.

This is one reason I'm thinking of wiping my phone fresh soon.

I have so many apps installed, but have a hard time deleting them because "I might use it someday". It's a mental block. If I reset my device as new and start over installing apps, there will be a lot of stuff I won't install again. I know it.
[doublepost=1536593686][/doublepost]

I used my radar to check the weather radar

What’s a good substitute ?

Don’t say stock weather app either haha

The best weather radar app, by far, is RadarScope.

It's a paid app, but I've found it to be worth every penny. It does one thing, weather radar, and does it extremely well.

 

[bluecoast]

Instead of having to set up your own home DNS filtering server, how about Apple properly vet what apps are on their stores and what exactly they are doing?

Presumably Apple can quite easily work out what network calls submitted apps are trying to make.

Then if someone tries to turn on functionality when apps are in the wild, operate a ‘one strike and you’re out’ rule.

And finally, as I’ve written in another post on this thread, implement a proper separation of ‘read/write’ to information stores on your phone/Mac.

Most apps will only need ‘write’ - then Apple can really focus all of their attention on the apps that request ‘read’ access.

The Mac is trickier, but again, if apps request read access to your user account (post Mojave) they can focus on what they’re doing (admittedly, I’m no expert on the Mac security model.

Finally, all of this makes me loathe to trust any third party apps from anyone other than established publishers. Sad, as I’m sure that there are lots of devs out there who are doing the right thing.

 

[thadoggfather]

This is one reason I'm thinking of wiping my phone fresh soon.

I have so many apps installed, but have a hard time deleting them because "I might use it someday". It's a mental block. If I reset my device as new and start over installing apps, there will be a lot of stuff I won't install again. I know it.
[doublepost=1536593686][/doublepost]

The best weather radar app, by far, is RadarScope.

It's a paid app, but I've found it to be worth every penny. It does one thing, weather radar, and does it extremely well.

Thanks! is there anything you'd recommend <$9.99

$4.99 was kinda my psychological cap for this sorta thing

 

[clauzzz203]

The best way to be able to still use some of these apps (like Pay By Phone parking) that need your location to work well, but not share your location all the time, is to make sure Location Privacy is set to "While Using".

Any app that tries to keep using your location in the background when set to "While Using" will pop up a big blue banner saying "<app> is currently using your location." You can then remove the offending app, or at least kill it. Waze has this issue, but I suspect it's a longstanding bug and not intentional.

Haha lol, good one. It’s owned by Google, right?

 

[JackANSI]

Because Tim said the customer was not the product and that's why iOS is so much better than Android

Next myth up to bust: turns out iOS RAM management isn't so magical that it can outperform Android phones with 8 times as much RAM as standard and Apple was just price gouging all along

I didn't believe him... why did you?

When you have to show profits or your shares drop (and almost your entire measure of personal wealth if you're Tim)... Promises to others and principles are the first thing the wealthy and/or powerful sacrifice to maintain their own personal standard of living.

 

[thadoggfather]

I didn't believe him... why did you?

Between this and Mac App Store top apps containing straight up malware to send user browser history and other things ... Apple needs to get it together

The tight knit ecosystem is supposed to be a competitive advantage. It’s increasingly looking like it’s not in actuality. Regardless of who is to blame (Apple has stringent guidelines for submissions, they need to be more careful at minimum)

They also need to release a PR statement outlining all affected iOS and Mac apps so the customer isn’t further harmed. And activate a kill switch so those apps can’t be opened anymore for people that don’t keep up. And remove the affected ones until they fix it on iOS side. What the heck

How is all of this not
Common sense

 

[JackANSI]

Between this and Mac App Store top apps containing straight up malware to send user browser history and other things ... Apple needs to get it together

The tight knit ecosystem is supposed to be a competitive advantage. It’s increasingly looking like it’s not in actuality. Regardless of who is to blame (Apple has stringent guidelines for submissions, they need to be more careful)

When your ship has a hole in it, you just need to get it pointed in the right direction and everything will be ok...

This is what happens in a megacorp when you turn from a congregation of master craftsmen into a cult of personality. You have a great ideal you hold up, but no one has the ability to reach it.

Also, unscrupulous developers chasing that 70% will do what they can to make up for that 30% they lose automatically. Selling your data is a good way to do that.

 

[S.B.G]

In the last week or so I switched to Safari from Firefox and have been browsing the Internet with no browser extensions and letting the Pi-Hole do its job. With Firefox I had several extensions that complimented the Pi-Hole for blocking trackers and whatnot.

Since I've been relying solely on the Pi-Hole to block everything I've noticed that there is a lot more crap websites are trying to sneak by us. The browser extensions I was using in Firefox didn't really give stats on what they were doing, or if they did I wasn't paying close attention to them.

However, as you can see the Pi-Hole is blocking 60% of queries now on my normal daily browsing. Before, it was blocking about 20% of queries and the Firefox extensions apparently were handling about 40% of the load.

It's insane how the data mining of users has become.

 

[tex210]

Never noticed Background App Rrefresh is just about wi-fi according to settings. I thought that it would keep a non Apple app from refreshing in the background. Go figure. Had noaa and gas buddy. Deleted for now. Using dark sky(tho I’m not crazy about it’s wildly swinging forecasts) for now. Also I ride a motorcycle, so when I need gas, I need gas.
-edit: cellular data should be more granular than off or on for an app, like while using or never

[doublepost=1540262282][/doublepost]

Between this and Mac App Store top apps containing straight up malware to send user browser history and other things ... Apple needs to get it together

The tight knit ecosystem is supposed to be a competitive advantage. It’s increasingly looking like it’s not in actuality. Regardless of who is to blame (Apple has stringent guidelines for submissions, they need to be more careful at minimum)

They also need to release a PR statement outlining all affected iOS and Mac apps so the customer isn’t further harmed. And activate a kill switch so those apps can’t be opened anymore for people that don’t keep up. And remove the affected ones until they fix it on iOS side. What the heck

How is all of this not
Common sense

We are coming to the time of a paywalled / subscription internet. The free stuff isn’t going to be around. Separate lanes for speed are already all around us. Then just like cable tv went from no commercials to what it is today, and we will again be paying to have our data still mined anyway.