Security researchers say apps including Facebook, LinkedIn, TikTok, Twitter, and countless others collect data in surprising ways.

cross-posted from: https://lemmy.world/post/11219865

TL;DR version:

Several popular iOS apps, including Facebook, LinkedIn, TikTok, and Twitter, have been found to be collecting user data through notifications, even when the app is closed, according to tests conducted by security researchers at Mysk Inc. The data collected includes IP addresses, device information, and other identifiable details, which can be used for targeted advertising and tracking purposes. While some of the companies involved have denied the allegations, the researchers claim that the data collection is unnecessary for notification processing and appears to be related to analytics and tracking. The issue is believed to be widespread among iOS apps, and Apple’s lack of enforcement of its own privacy rules has been criticized. Upcoming changes to the iPhone operating system’s rules may help address the problem, but it remains to be seen how effectively they will be enforced.

Mitigating the issue:

  • According to a reply from the researchers under their video:

Disabling the notifications prevents this from happening, but you have to toggle the option “Allow Notifications” of the app off. Allowing the notifications while disabling the alerts isn’t enough.

  • Another article from BleepingComputer similarly notes that:

iPhone users who want to evade this fingerprinting should disable push notifications entirely. Unfortunately, making notifications silent will not prevent abuse. To disable notifications, open ‘Settings,’ head to ‘Notifications,’ select the app you want to manage notifications for and tap the toggle to disable ‘Allow Notifications.’

  • Copernican@lemmy.worldEnglish
    0·
    8 months ago

    Data includes ip addresses, etc… is that a surprise? How do most notifications work? Is the device client polling status updates to retrieve status changes to trigger a notification? If that occurs isn’t it obvious the user IP would be known?

    • Dave@lemmy.worldEnglish
      0·
      8 months ago

      Apps can get woken up when a remote notification arrives that has the content-available key. Apps are woken up in background mode, at which point they have a few seconds to do whatever they need to do to refresh their content cache. This, of course, often leads to the app making a connection to the server, which exposes the user’s IP address.

      I think the sin here is that some apps always set the content-available key regardless of whether there is content to be retrieved or not. That turns the notification into a surveillance tool, allowing the app to check in periodically.