Security researchers say apps including Facebook, LinkedIn, TikTok, Twitter, and countless others collect data in surprising ways.

cross-posted from: https://lemmy.world/post/11219865

TL;DR version:

Several popular iOS apps, including Facebook, LinkedIn, TikTok, and Twitter, have been found to be collecting user data through notifications, even when the app is closed, according to tests conducted by security researchers at Mysk Inc. The data collected includes IP addresses, device information, and other identifiable details, which can be used for targeted advertising and tracking purposes. While some of the companies involved have denied the allegations, the researchers claim that the data collection is unnecessary for notification processing and appears to be related to analytics and tracking. The issue is believed to be widespread among iOS apps, and Apple’s lack of enforcement of its own privacy rules has been criticized. Upcoming changes to the iPhone operating system’s rules may help address the problem, but it remains to be seen how effectively they will be enforced.

Mitigating the issue:

  • According to a reply from the researchers under their video:

Disabling the notifications prevents this from happening, but you have to toggle the option “Allow Notifications” of the app off. Allowing the notifications while disabling the alerts isn’t enough.

  • Another article from BleepingComputer similarly notes that:

iPhone users who want to evade this fingerprinting should disable push notifications entirely. Unfortunately, making notifications silent will not prevent abuse. To disable notifications, open ‘Settings,’ head to ‘Notifications,’ select the app you want to manage notifications for and tap the toggle to disable ‘Allow Notifications.’

  • nfsu2@feddit.clEnglish
    0·
    7 months ago

    Apple goint out of its way to harvest data behind people’s back? Impossible

    • Deceptichum@kbin.social
      0·
      7 months ago

      Several popular iOS apps, including Facebook, LinkedIn, TikTok, and Twitter, have been found to be collecting user data through notifications

      Come on mate, it’s literally right there. Youd have had to scroll past it to make your comment.

      Read the fucking article before commenting, its the least you can do as a functioning human being.

      • nfsu2@feddit.clEnglish
        0·
        7 months ago

        Yeah and? I read the article… Thats the point, if you have software that protects (or should) you from data harvest Apple should have safety methods in place. But they do not care since they do the same… Maybe next time don’t be a fucking prick to someone just because.

  • Gork@lemm.eeEnglish
    0·
    7 months ago

    That thumbnail makes me nauseous. Imagine getting phone notifications when Elon Musk of all people decides to post on X (formerly known as Twitter but decided to torpedo an entire decade of effective company branding).

  • kirklennon@kbin.social
    0·
    7 months ago

    I’m going to go ahead and just call this a nothingburger. The context is that you’re already a registered user signed into the Facebook, etc. app. You’ve already volunteered the valuable profile data and the analytics data from actually using the app. If you’re already OK with all of that, there’s effectively no additional concern with the relatively minor data that can be collected or inferred from the notifications. The very idea that someone should or would turn notifications off on, for example, Instagram because they’re concerned about privacy is ridiculous. It’s like telling someone not to crack the windows on their car because it might rain, but they’re in a convertible with the top down.

    • KelsonV@lemmy.worldEnglish
      0·
      7 months ago

      Someone’s concern for privacy can change throughout the day or at different locations. To keep the metaphor going, they might be fine with the top being open while they’re driving, but want it closed when the car is parked.

  • Copernican@lemmy.worldEnglish
    0·
    7 months ago

    Data includes ip addresses, etc… is that a surprise? How do most notifications work? Is the device client polling status updates to retrieve status changes to trigger a notification? If that occurs isn’t it obvious the user IP would be known?

    • Dave@lemmy.worldEnglish
      0·
      7 months ago

      Apps can get woken up when a remote notification arrives that has the content-available key. Apps are woken up in background mode, at which point they have a few seconds to do whatever they need to do to refresh their content cache. This, of course, often leads to the app making a connection to the server, which exposes the user’s IP address.

      I think the sin here is that some apps always set the content-available key regardless of whether there is content to be retrieved or not. That turns the notification into a surveillance tool, allowing the app to check in periodically.

  • sayitghoul@lemmy.worldEnglish
    0·
    7 months ago

    I guess this has been going on for some time and not only on iPhone but also Android.

    I’m not liking the way things are going with mobile. Tracking, ads and now bloody AI everywhere.

    I don’t think anyone wants AI enhanced photos and all that crap.

    I was looking at phone shops the other day, and all you can buy (mainstream) is Apple and Samsung. Different shops stock a variety of other brands, such as Sony (what’s left of it) Motorola and Xiaomi here and there.

    There is no variation, everything looks the same and they’re not being challenged. Mobile is now officially boring.

    We need a new platform again to challenge the status quo. It was a real shame that Microsoft messed up Windows phone. WP8 was the best operating system in my opinion. Unfortunately no support from developers killed it (and later by Microsoft messing it up with Windows 10)…

  • AutoTL;DR@lemmings.worldBEnglish
    0·
    7 months ago

    This is the best summary I could come up with:

    The data is unnecessary for processing notifications, the researchers said, and seems related to analytics, advertising, and tracking users across different apps and devices.

    It’s par for the course that apps would find opportunities to sneak in more data collection, but “we were surprised to learn that this practice is widely used,” said Tommy Mysk, who conducted the tests along with Talal Haj Bakry.

    For one, Apple gives app developers details about what’s going on with notifications directly, so there’s no need to collect additional information if you know what happened after you pinged your users.

    Furthermore, a lot of the data that apps are collecting seems unrelated to analyzing how well notifications are working, like your phone’s available disk space or the time since your last reboot, Mysk said.

    Mysk said if a company like Google can send you a notification without snooping on other details, that suggests there are ulterior motives for the data collection he spotted.

    Unfortunately, you might have heard that big companies sometimes tell lies, which would get in the way of that solution, and Apple doesn’t have a stellar track record of enforcing similar rules.

    The original article contains 1,384 words, the summary contains 191 words. Saved 86%. I’m a bot and I’m open source!