Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Perhaps not much to stop, but there are a couple of serious problems with this, one of which is the transparency. Were people using those apps aware the apps were sharing data with FB? Was Apple? Heck, was Facebook?

I agree there's not much to be done to stop the sharing, but transparency would be a good step in the right direction.


Agree. Not much you can do to stop it. BUT you can delete the apps once you find out they do it. At least that could send a message if enough people do it and no longer download the apps.

I had 2 of the 3 apps mentioned in the story and had no idea whatsoever they sent data to Facebook. Maybe my fault if it was buried somewhere deep in some documentation for the app. But you would think especially with things like health data, there would be big notifications about this. I work in health care and you might not believe the seemingly unimportant data that is actually protected via HIPPA.
 
Folks need to relax. Apple's privacy protections are the greatest they've every been. Apple's privacy work has gotten so precise that they are now able to set privacy prevision within .00001 micron. That is the most precision they have every provided in privacy. With that, you ain't seen nothing yet. This is the year that Apple re-invents privacy, all over again. It's the biggest thing to happen to privacy since privacy.
 
Imagine if iOS wasn't just a toy OS, but an OS that allowed you to actually be the administrator of your device.

All you need to do with a proper OS (and no, (unrooted) Android isn't that much better in this regard, I see this mostly as a smartphone/tablet vs. desktop OS kind of comparison) is fire up a firewall and deny outgoing traffic to Facebook domains per app.

On iOS the best you'll get is something like connecting to a PiHole or setting up VPN-based solutions for filtering ALL traffic regardless of app, so when you block Facebook domains because you don't want third-party apps phoning home you'll also be inable to share to Facebook, use their apps, website etc...

Pretty ridiculous. I understand that working a Firewall isn't for everyone, but as the generational shift continues technical literacy advances and just because some users are overwhelmed by it doesn't mean everyone who knows their way around shouldn't be able to gain access to means to rid themselves of these practices.

Make it hidden like Android's developer options. People who blindly follow online tutorials messing up their systems doesn't stop desktop OS manufacturers from providing advanced administrative tools to everyone, why is a smartphone any different? Exactly, it isn't and matter of fact, in the case of iOS you usually have a much better backup too, so if you mess something up badly, rolling back is relatively easy.

You could also disable unlocking advanced options until backup is set up and a recent one exists.

There's many ways you could implement that smartly, the problem isn't user confusion, the problem is Apple doesn't bother and they probably low key despise the liberties in macOS as well and merely see them as security vectors needing constant oversight.

Locking down the OS is easy, the end result is little difference to uninitiated people without assistance, but major handicapping of folks who know what they are doing or people who know people who know what they are doing.

Stuff like this is what drives me crazy about the implied power of iOS devices these days. RAW power means jack all when the device doesn't let you work in the ways you desire, setting it up in advanced ways, etc...

What is a computer? A device I can administer for starters.

[doublepost=1550985778][/doublepost]
That's the way facebook would like you to frame the issue.

The problem is Facebook Is Evil.
[doublepost=1550858409][/doublepost]

How is Apple supposed to prevent this? Spend a week analyzing each release of each app, after it has been released (because developers can change the behavior on-the-fly by building in date checks or server checks), and from random coffee shops (because developers can detect Apple's IP range and prevent bad behavior while the reviewers are reviewing the app)?
It's utterly simple, really.

iOS needs a proper, mighty Firewall that works on a per-app basis.

Added bonus: you get to see which games want and which ones NEED an internet connection. Single player games without multiplayer requiring online? Uninstall.

Flashlight app requesting outbound access? No, thank you.

etc...

But we all know why Apple can't pull that off so easily... Ads. You may think Apple is against ads, but they really aren't. They are against ads in Safari or embedded webviews, hence why the adblocker only works there.

A website owner doesn't publish their website with Apple.

App developers suddenly losing ad revenue would upset them considerably, suddenly Apple is the bad guy...

However, I believe they should bite that bullet. Google will certainly not start that trend, however ironically a rooted Android device (which is a lot easier to accomplish than jailbreaking iOS and staying up to date with security patches there...) lets you control outgoing traffic a LOT better. There's a bunch of free and even open-source firewalls out there for it and they work really well, even letting you analyze per-app traffic and controlling access per connection type, like roaming cellular data being restricted to essentials, WiFi being for "everything", mobile maybe restricted for some apps, etc...

I'm not saying Google is doing a better job, the granular control on Android really is merely thanks to OEM implementations or third-party firewall apps with rooting, however if you're privacy-cautious Android isn't the hot mess it is often claimed to be if you're willing to invest some work. It can be in some ways a lot better, in others less so depending on your technical savviness.

That being said, Apple has the keys to solving this problem, they aren't using them.

SECONDLY, they could start testing apps post-release and outside of their known address space. They probably are already doing that to some extend, but as you can see all it is is a cat and mouse game, relegating power to users would be a good way to strengthen user control, obviously something they aren't opposed to on principle. (e.g. permission requests)

Glassed Silver:mac
 
Last edited:
  • Like
Reactions: cwwilson
What Apple should do is ban the apps from facebook. If people want to use facebook from their devices, just use the Safari app. This also includes the other apps that loves to phone facebook, they should be banned also.
[doublepost=1550986741][/doublepost]Another thing I don't like is websites that have facebook links in them. I wonder if they also provide data to facebook. If they have a facebook link or any facebook logo, should they be trusted. I'm not a member of facebook but just wondering if any of my personal data is shared to them.

Above all, when the websites that have facebook links or and facebook logos spattered throughout their website, I wonder if they are looking out for us.
 
If you use an iPhone that's stock and has no third-party apps, you'd likely safe. If you use any app, presume your data is being sent regardless of secret frolicking garden or not.
 
Woof, and people keep talking about the walled garden protecting them
The walled garden pertains to Apple itself and not other companies who’s T&A mentions what is being sent to facebook. Apple is not forcing users to hit Accept on an app.
 
Before 75% of you people jump to conclusions as usual and once again blame Tim Cook for everything from Facebook to Imagine Dragons, do these apps in question ask for permission?

They ask for permission to record the data, but they certainly don't tell you that they are going to sell that data to Facebook and/or Google. Basically both those businesses are creating permanent data files full of information for every American. What they are going to do with that Data once Wall Street demands more revenue than either company can generate from their add services, is unclear.

But I will tell you that Facebook running algorithms to predict when you will become pregnant based on your menstruation is darn creepy.
 
Need a some sort of system firewall or maybe something like the uMatrix extension but system wide and catered for apps.
Lock down tight all apps that doesn't require a network connection, and for those that do, let the user be in control of what to let thru. I don't know if that is technically possible though.
 
If you use an iPhone that's stock and has no third-party apps, you'd likely safe. If you use any app, presume your data is being sent regardless of secret frolicking garden or not.
It’s not whether my data is sent anywhere, for me it’s about the transparency, so I can decline the app if I don’t like the policy. It’s this ninja data movement that has be remediated.
 
  • Like
Reactions: 0388631
It’s not whether my data is sent anywhere, for me it’s about the transparency, so I can decline the app if I don’t like the policy. It’s this ninja data movement that has be remediated.
Well, unfortunately it isn't easy to overcome this. I've used the same argument in years prior when discussing server software. Up to date software is secure, but as soon as you introduce another layer, such as a script like WordPress or this forum software, XenForo, you introduce a possible hole. On top of this second layer you introduce mods/modifications that can also cause their own security nightmares.

There's always the risk of software phoning home when it's not meant to. I can't speak for iOS, but there's some software on Android that can auto-revoke permissions and suspend/disable/uninstall apps when they're not needed or shouldn't have X permissions, and also clean out the ghost directories to keep the fluff down.

In the last month or two we've seen iOS and Android see security risks from otherwise safe apps. Question is what's being done with the data, even if it's scrubbed, and whether or not these organizations have been breached themselves.


One you hang out in a few IRC or private chat groups for blackhatters you quickly realize barebones and up to date is about the safest you can be, provided the base product isn't breached, too.
 
What is a computer? A device I can administer for starters.

I think it's the "for starters" that gives me pause here, but ultimately this just highlights different users' different needs. When I'm buying a computer, "device I can administer" has literally never been on my list of needs. Mileage varies.

What doesn't vary, though -- and what I think you ultimately got at -- is that more robust and transparent permission requests would be a good step. It's like any app -- particularly cameras -- that give me a "this app is requesting location data" request. I like that one, because it easily lets me say "No, Instagram, I don't want you having access to that data, thanks. But sure, Carrot, you're a weather app so you need to know where I am, but how about only when I'm actively using you."

The 11 apps (the handful we know of and the half dozen that haven't yet been revealed) should have had those permission requests. "Hey we just measured your heartbeat. Do you mind if we share with Facebook now?"
 
Facebook is freakin creepy.


Stop using it people. Just stop.

The massive amount of people using Facebook is what has allowed it to garner this type of power with third parties. Facebook continues to have massive scandals and the same people who are outraged go and check on it two minutes later. People need to stop using it, delete their accounts, and eventually it will not have this kind of power.
I think you are right. Might be time to get off Facebook for sure.
 
Just imagine what’s going on behind the scenes on Android devices

/cringe
No need to imagine, AOSP is open-source, you can inspect the code unlike iOS.

And if you don't like how your OEM does things, switch to another manufacturer, maybe even one that endorses unlocking the bootloader and installing your own ROM like LineageOS. You can even opt to not install Google Play Services. Sure, a lot of apps depend on it, but then again with iOS you literally don't even have the option to decide which frameworks run or don't run on your device, unless you want to jailbreak, but then all you do is bank on using a device with unpatched security holes (the vectors used to jailbreak are in actuality security exploits, keep that in mind).

You can, if you want to, shut down an Android device pretty tightly, more than iOS.

There is no magic powder that Apple is using that only grows on apple trees in the inner yard of Infinite Loop 1, Cupertino.

Glassed Silver:mac
 
  • Like
Reactions: mrex
That's the way facebook would like you to frame the issue.

The problem is Facebook Is Evil.
[doublepost=1550858409][/doublepost]

How is Apple supposed to prevent this? Spend a week analyzing each release of each app, after it has been released (because developers can change the behavior on-the-fly by building in date checks or server checks), and from random coffee shops (because developers can detect Apple's IP range and prevent bad behavior while the reviewers are reviewing the app)?
[doublepost=1551051176][/doublepost]How is Apple supposed to prevent this? They can have policies that prohibit privacy violations, and when an app is found to be in deliberate breach then that app (maybe all apps from the developer) can be banned from the Apple app store. That simple step would at least make developers think twice before playing fast and loose with other people's private data.
 
  • Like
Reactions: hagjohn
I know a lot of people use the Facebook SSO but they need to stop doing it. I always use email for apps, if an app only offers FB, it's deleted and never used. It seems that alone won't mitigate this data sharing :(
 
At first, I wasn't going to get into the discussion because some people think the length I go to makes me a paranoid. Some people seems to argue that because we used Facebook and Google before, it's pointless to try to stop since they already have your profile anyway. I actually didn't have an Apple device for awhile, but because of all the privacy issues that come up lately, I bought an iPhone again and reduced as much of my Google services dependency as I can. Yeah I know Apple isn't perfect either, and I can't be 100% protected, but still feel it's worth making some changes and choosing the company that value privacy more.

I know a lot of people use the Facebook SSO but they need to stop doing it. I always use email for apps, if an app only offers FB, it's deleted and never used. It seems that alone won't mitigate this data sharing :(
Personally I use AdGuard Pro, it let you add custom filters (user filter) which I use to block facebook servers. It's a long list so I just use wildcard (*) and the domain names. It's not practicable if you're still using facebook in some form, but I don't so it's no problem for me. AdGuard also log network activities, although for the most part it doesn't always make clear which app made the request. Still, from this I found certain apps I use that make a connection to facebook everytime I run it.

I believe AdGuard stopped developing their app for iOS, but it's still useful for now.
 

Attachments

  • facebook.gif
    facebook.gif
    4.7 MB · Views: 138
Last edited:
They can't? Then they can't say their system is secure and they care about privacy. Same for their users. The end.

Not "the end", what you stated comes from ignorance of how technology works (I'm not saying that in a mean way).

Apple can only do so much, users give these apps all kinds of data which goes onto the servers the app makers own. There is nothing Apple can do about that at all.

What Apple can and does do, is limit what the app can get ahold of. Let me give you an example:

Those annoying boxes that pop up asking if you want to allow an app to use the camera/gps/whatever? That's one feature. The dev has to embed a string into their app requesting the use of that feature and can only ever prompt once, which prevents spamming of the box or tricking the user. The OS itself presents the alert to the user and the dev can never access that feature unless it's turned on. Apple also rigorously checks apps who have these embedded strings to make sure they know what the app is doing what it says it's doing.

Now let's say a user downloads Snapchat, the user wants to take their picture and show up on the map, and whatnot, so they allow the device to capture that data. That data needs sent to Snapchat's servers to work so guess what, bye bye to your data. Is Apple to stop all that from happening? If they did most apps wouldn't even have any kind of functionality. Apple has no way to access Snapchat's servers or data center, they don't know what Snapchat is doing with that data, they just know whatever it is the user agreed to it when they accepted the terms and conditions of Snapchat, and allowed Snapchat access to the iOS device hardware.

Long story short Apple can protect what's on the device, they can't protect users from sharing their info with companies.
 
  • Like
Reactions: decafjava
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.