Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Research Reveals How iPhone Push Notifications Leak User Data

Timo_Existencia said:
...but hey! Forcing Apple to open up to sideloading and 3rd Party App stores will have zero effect. Right?
Click to expand...
Besides the point, but let’s stick to it for a second.

I’d say it’s the other way around. This case proves that the Apple App Store once again cannot provide the security it promises, rendering the security argument against opening up iOS for 3rd party App stores invalid.
 
  • Haha
  • Like
Reactions: gusmula and iOS Geek
Timo_Existencia said:
But again, you acknowledge that this effort by the EU does nothing to strengthen privacy, and actually makes end users, on the average, more vulnerable?

Imagine a safe with a single door (like every safe ever made). Now, imagine a safe with two entry doors, each with a different mechanism to open it.

Which safe would you buy? Which is more secure?

I just think all of you EU supporters are dancing around obvious truths, ignoring them for your own perceived benefits, without at least acknowledging that there is a downside. At least acknowledging that some of us want an OS that is more locked down, and that YOU are taking away that choice.
Click to expand...
I was never really an advocate of Apple allowing sideloading. I believe the ability for a nefarious entity to direct grandma to download a fake Facebook to syphon her data or a fake bank app to syphon her bank account is a real threat, it may not be in Android world, I don’t know, but suddenly opening the floodgates like this is sure to introduce this type of phishing into the Apple eco system.

But your analogy is massively wrong. Any app installed from whatever source will remain in an iOS sandbox - the safe you refer too, or at least the only relevant safe.

Where you got the app will need to become a user verified experience, should you choose to go outside of the official store, but the apps on your device will be able to do nothing different than what they’ll be able to do now. The sandbox ensures it.
 
Timo_Existencia said:
But again, you acknowledge that this effort by the EU does nothing to strengthen privacy, and actually makes end users, on the average, more vulnerable?

Imagine a safe with a single door (like every safe ever made). Now, imagine a safe with two entry doors, each with a different mechanism to open it.

Which safe would you buy? Which is more secure?

I just think all of you EU supporters are dancing around obvious truths, ignoring them for your own perceived benefits, without at least acknowledging that there is a downside. At least acknowledging that some of us want an OS that is more locked down, and that YOU are taking away that choice.
Click to expand...
Yeah, it doesn’t strengthen privacy and it makes those who choose to use it more vulnerable. But they choose to use it. You don’t have to.

Security isn’t the only factor involved, either.

If there were a safe with one door but it could only be opened if one were wearing gloves approved by the safe manufacturer and another safe which didn’t require using said gloves for one of its different mechanisms, it‘s conceivable that people would choose the one with two doors.
 
Deguello said:
If there were a safe with one door but it could only be opened if one were wearing gloves approved by the safe manufacturer and another safe which didn’t require using said gloves for one of its different mechanisms, it‘s conceivable that people would choose the one with two doors.
Click to expand...
People regularly and overwhelmingly more often already do when they choose something like Dropbox over something e2e encrypted.
 
Sorinut said:
I keep most of my notifications disabled (only enabled for calls, calendar, texts/iMessage and Messenger), are these apps still able to do said tracking with notifications turned off?

I as I understand it, they are still being sent, the iPhone just doesn't pass them along to me.
Click to expand...
The reply to someone asking this question in the youtube comments from the person who made the video implies that you need to set Allow Notifications to off for the app and it prevents it.

Q:
"Disabling the notifications prevents this from happening?"
A:
"Yes, but you have to toggle the option "Allow Notifications" of the app off. Allowing the notifications while disabling the alerts isn't enough."
 
  • Like
Reactions: Populus
Populus said:
And this, my friends, is the one million dollar question. I’m wondering the same. Does disabling push notifications keep you untracked? What about the red badge with the unread messages, does that send info as well?
Click to expand...
Anyone that has the app installed is sharing WAY more than the Push Notification vector exposes simply through the action of using the app. Unless they have it installed and just never use it. And, if they never use it, then why would they have push notifications on for an app they don’t use?
 
  • Wow
Reactions: gusmula
Harry Haller said:
After you give me a link to where MacOS is considered less secure than iOS.
Click to expand...
It’s a well know fact that modern os’ like Android, chromeOS and iOS are leaps and bounds more secure than traditional os’ like Linux macOS and windows.

You don’t have to demand a link and make yourself seem silly. You can just google it and read the info.
 
No company is worried about your privacy. It's a cool story and one of the biggest lies ever told. All companies care about is profit and pleasing their shareholders. Apple is no different.
 
Timo_Existencia said:
I think it should be criminal.
Click to expand...
As in criminal, not civil. “You are under arrest for violation of the national privacy act. Everyone in the chain of command from the correct the CEO goes to jail for3-5 years AND the company is taxed at 100% of revenue for each year of violation (with some language to prevent shell company shenanigans also).”
 
trainwrecka said:
Imagine if this was your job at these companies. Employee, I need you to figure out a way to do something the company and the user does not want.

Everyday... your goal is to deceive. Sad life.
Click to expand...

That seems to be essentially every single software development job today. Especially at video streaming companies.

What the user wants is not part of the question anymore. It's all about meeting management's engagement and growth projections.

Sometimes I get tired of the computer industry.

4AC313A0-25DD-4B0E-822B-E54830019EDD.jpg
 
Sorinut said:
If the user decides to, yes, I agree. I'm all about choice, even if it's a negative (in my view) choice that the end-user is making.

I think the iPhone (or other iDevice) should be the sandboxed firewall. Not the App store.
Click to expand...
Yes but what do you do when apps you use everyday are no longer available on the Apple AppStore and now you have no choice but to download from the less reputable or less strict marketplace. You can’t assume that just because it’s available on one store it will also be in the AppStore.
 
Sorinut said:
If you don't sideload apps, yes.
Click to expand...
If a user used an app that was once in the App Store but is now only available as a sideload, then that user is either forced to sideload or find an alternative app/service—that is not zero effect.
 
Hopefully Apple will be able to do something. Cannot trust apps like Facebook and TikTok
 
subjonas said:
If a user used an app that was once in the App Store but is now only available as a sideload, then that user is either forced to sideload or find an alternative app/service—that is not zero effect.
Click to expand...
That is a fair point. I am worried more about the fragmantation that multiple appstores bring than security.

In so far as security goes though, if you previously used an app that suddenly goes its own way, was it a trustworthy app to begin with? To me this is like a blessing in disguise. The bad actors kinda self-select. Any apps that pull out you just know they are going to do shady stuff. Or its about greed... Spotify leaves, Facebook or Instagram leave... you know they aren't malware (per se for the Meta apps)... you can probably trust them but any unknown one that does so is a hard pass... despite being in the appstore, what were they doing? Lets not forget the appstore/walledgarden isn't fullproof either. This article is about apps that are doing shady things despite being in the appstore

Also note that Apple is making the app store APIs so its not a free-for-all for 3rd parties and the apps they distributed still need to be signed with a cert. Nefarious apps will have the dev certificates pulled and they will be uninstallable, 3rd party store or not...
 
aidler said:
Besides the point, but let’s stick to it for a second.

I’d say it’s the other way around. This case proves that the Apple App Store once again cannot provide the security it promises, rendering the security argument against opening up iOS for 3rd party App stores invalid.
Click to expand...
Point taken, but as I have stated many times I think the EU missed the boat. They should have required something from Apple for the fees they charge in the app store. Specifically, they should have made Apple warranty apps against poor quality and security/privacy issues.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back