You are very true!
Also I still believe anyone who really values their privacy should use Graphene OS instead.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Research Reveals How iPhone Push Notifications Leak User Data
- Thread starter MacRumors
- Start date
- Sort by reaction score
Also I still believe anyone who really values their privacy should use Graphene OS instead.
... and, in some cases, an almost psychopathic deficiency in morality and consideration for others.
If the user decides to, yes, I agree. I'm all about choice, even if it's a negative (in my view) choice that the end-user is making.
I think the iPhone (or other iDevice) should be the sandboxed firewall. Not the App store.
Last edited by a moderator:
I know some apps also send "silent push notifications" every night to track if an app is still installed by the end user. The logic is basically like "if the user was not reached and the notification bounced back with an error = app got uninstalled" You don't even know, as nothing will pop up on your lock screen.
It’s forcing Apple to strengthen its sandbox security and its on-device checks, at least I hope so. That’s how security should be achieved, through clear technical restrictions, not through a bespoke app review process. In addition, any automated check Apple performs as part of the app review process can also performed on device. So they should just do that.
if these apps have notifications turned off, do they still have the tracking ability?
EU would never admit that
Apple has been always pushing against app tracking and also use it as a marketing point.
However, it puzzle me why they allow so much information about the device to be acceded by apps.
The EXACTLY boot time is just one of them...IF this information is (in one rare case) needed by an app,
why not use an approximation (like "around 200 minutes ago")?
An article published a few years ago details that Apple allows apps to read a massive and strangely accurate amount of device data:
"We observed that they received an egregious amount of data, including a user’s accessibility settings, the exact time that the user last restarted the device (down to the second), the device’s current battery level and screen brightness (both with a precision of 15 decimals), the user’s exact latitude and longitude, installed keyboards, time zone, current speaker and microphone settings, currency, volume level, and much much more"
Imagine why an app would need to know the screen brightness level value with an accuracy of 15 decimals...
Apple should provide an approximate value for any kind of device data prone to be used to track users.
However, it puzzle me why they allow so much information about the device to be acceded by apps.
The EXACTLY boot time is just one of them...IF this information is (in one rare case) needed by an app,
why not use an approximation (like "around 200 minutes ago")?
An article published a few years ago details that Apple allows apps to read a massive and strangely accurate amount of device data:
"We observed that they received an egregious amount of data, including a user’s accessibility settings, the exact time that the user last restarted the device (down to the second), the device’s current battery level and screen brightness (both with a precision of 15 decimals), the user’s exact latitude and longitude, installed keyboards, time zone, current speaker and microphone settings, currency, volume level, and much much more"
Study: Effectiveness of Apple’s App Tracking Transparency
Does it stop third-party tracking? Or is it just an illusion of privacy?
blog.lockdownprivacy.com
Imagine why an app would need to know the screen brightness level value with an accuracy of 15 decimals...
Apple should provide an approximate value for any kind of device data prone to be used to track users.
Correct. It really annoys me when a company asks if I want to send info, I say no, and they do it some backdoor way. I think it's criminal.
Oh yah, developers are such a great bunch, let's totally bypass protections and allow unfettered side loading. If they bypass the security without side loading, side loading will be just more secure, right? If I wanted a mess, I would just go android.
Why isn't this form of hacking considered a crime with mandatory sentencing? We should be spending our time on making things more secure. I don't object to side loading, as long as it comes with stricter laws and protections and we lock up more of these criminal elements
Why isn't this form of hacking considered a crime with mandatory sentencing? We should be spending our time on making things more secure. I don't object to side loading, as long as it comes with stricter laws and protections and we lock up more of these criminal elements
What actual data is being sent? AFAIK, when you receive a push notification, you're able to create a network request to download data. If that network request exists, I'd be shocked if there's a developer in the world who isn't using it for analytics in some way. I know my company (small, 40 people in my group) would use it for analytics, just to make sure that the push notifications are being sent, and to make sure that it's not overloading our server... that's sort of standard monitoring practice these days.
Nevermind that if an app receives a push notification, it also means that the company knows it sent a push notification and exactly what it contained, without it even needing to "spy" on the user. They sent it!
Macrumors, where's the link to the research? I looked at the article, but there was only a link to the MR iPhone guide.
Edit: Turns out there's a video with Very Scary Music.
It looks like standard analytics that get collected when you run an app. Which makes sense, since the app needs to start up when it receives the data, in order to process it. I think the bigger mistake here is assuming that because you don't manually open an app up doesn't mean it won't get launched by the system for background processing.
This sort of functionality where the app is auto-launched without user intervention has existed in one form or another for almost a decade (that I know of) in Windows and Android too.
Nevermind that if an app receives a push notification, it also means that the company knows it sent a push notification and exactly what it contained, without it even needing to "spy" on the user. They sent it!
Macrumors, where's the link to the research? I looked at the article, but there was only a link to the MR iPhone guide.
Edit: Turns out there's a video with Very Scary Music.
It looks like standard analytics that get collected when you run an app. Which makes sense, since the app needs to start up when it receives the data, in order to process it. I think the bigger mistake here is assuming that because you don't manually open an app up doesn't mean it won't get launched by the system for background processing.
This sort of functionality where the app is auto-launched without user intervention has existed in one form or another for almost a decade (that I know of) in Windows and Android too.
Last edited:
I agree, nothing a few years of mandatory incarceration would help curtail the bad actors. lock em up!
Yes, Apple will shut it down eventually, because only Apple can legally collect user data. No one else can and must be prosecuted if they do so.
This is the kind of things that actually matters: what’s happening behind the scenes and what has been sent?
Instead, “megacorp apple rival sends information for analytical services” and everyone freaks out without understanding what and why. Those other megacorps ain’t gonna go anywhere you know.
It’s not even super clear if those are exploits or not, at least not what I can find. What I know is Apple will shut it down because only Apple can legally collect user data.
By the way, you should permanently enable lockdown mode to better protect yourself.
Browser sends such data more freely than app id argue.
I don’t know which piece of law mandates it. But if everyone else collecting user data receives huge backlash, but Apple collecting user data is ok, there must be some legal justification behind it no?
Collecting it isn't as important as how it's used, but I'd rather most data not be collected at all....especially for ad placement and tracking.
Yes, I’m okay with apple collecting my data that enhances my apple ecosystem interactions.
That said if we find out apple is selling our data for advertisements I will join the dissenters in criticizing apple.