1. Forum
  2. Usenet
  3. MISC.PHONE.MOBILE.IPHONE

  • iPhone Apps Secretly Harvest Data When They Send You Notifications

    From Wolf Greenblatt@21:1/5 to All on Fri Jan 26 23:52:00 2024
    XPost: alt.privacy

    https://gizmodo.com/iphone-apps-can-harvest-data-from-notifications-1851194537

    iPhone apps are skirting Apple's privacy rules to collect user data through notifications, according to tests by security researchers at Mysk Inc., an
    app development company.

    Users sometimes close apps to stop them from collecting data in the
    background, but this technique gets around that protection.

    The data is unnecessary for processing notifications, the researchers said,
    and seems related to analytics, advertising, and tracking users across different apps and devices.

    "Who would have known that an innocuous action as simple as dismissing a notification would trigger sending a lot of unique device information to
    remote servers? It is worrying when you think about the fact that
    developers can do that on-demand."

    According to the researchers, it's a widespread problem plaguing the iPhone ecosystem.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alan Browne@21:1/5 to Wolf Greenblatt on Sat Jan 27 09:11:43 2024
    XPost: alt.privacy

    On 2024-01-26 23:52, Wolf Greenblatt wrote:
    https://gizmodo.com/iphone-apps-can-harvest-data-from-notifications-1851194537

    iPhone apps are skirting Apple's privacy rules to collect user data through notifications, according to tests by security researchers at Mysk Inc., an app development company.

    Users sometimes close apps to stop them from collecting data in the background, but this technique gets around that protection.

    The data is unnecessary for processing notifications, the researchers said, and seems related to analytics, advertising, and tracking users across different apps and devices.

    "Who would have known that an innocuous action as simple as dismissing a notification would trigger sending a lot of unique device information to remote servers? It is worrying when you think about the fact that
    developers can do that on-demand."

    According to the researchers, it's a widespread problem plaguing the iPhone ecosystem.

    If that is an issue, then they would not be in compliance with Apple's
    rules and as such could have their apps withdrawn until fixed.
    Hopefully Apple come down on them hard.

    --
    “Markets can remain irrational longer than your can remain solvent.”
    - John Maynard Keynes.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Frankie@21:1/5 to Alan Browne on Sat Jan 27 09:45:56 2024
    XPost: alt.privacy

    On 27/1/2024, Alan Browne wrote:

    Hopefully Apple come down on them hard.

    I agree with you as the articles I saw said the frequency at which many iOS apps collect device information is "mind-blowing" so Apple should put a
    stop to it as they said the practice goes against Apple's terms of service. (https://www.techradar.com/pro/security/some-of-the-most-popular-iphone-apps-are-stealing-your-data-using-ios-push-notifications)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jolly Roger@21:1/5 to Alan Browne on Sat Jan 27 16:26:14 2024
    XPost: alt.privacy

    On 2024-01-27, Alan Browne <[email protected]> wrote:
    On 2024-01-26 23:52, Wolf Greenblatt wrote:
    https://gizmodo.com/iphone-apps-can-harvest-data-from-notifications-1851194537

    iPhone apps are skirting Apple's privacy rules to collect user data through >> notifications, according to tests by security researchers at Mysk Inc., an >> app development company.

    Users sometimes close apps to stop them from collecting data in the
    background, but this technique gets around that protection.

    The data is unnecessary for processing notifications, the researchers said, >> and seems related to analytics, advertising, and tracking users across
    different apps and devices.

    "Who would have known that an innocuous action as simple as dismissing a
    notification would trigger sending a lot of unique device information to
    remote servers? It is worrying when you think about the fact that
    developers can do that on-demand."

    According to the researchers, it's a widespread problem plaguing the iPhone >> ecosystem.

    If that is an issue, then they would not be in compliance with Apple's
    rules and as such could have their apps withdrawn until fixed.
    Hopefully Apple come down on them hard.

    Apple's on record stating they are addressing this:

    <https://www.bleepingcomputer.com/news/security/iphone-apps-abuse-ios-push-notifications-to-collect-user-data/>
    ---
    Mitigating the issue

    Apple will plug the gap and prevent further abuse of push notification
    wake-ups by tightening restrictions on using APIs for device signals.

    Mysk told BleepingComputer that starting in Spring 2024, apps will be
    required to declare precisely why they need to use APIs that can be
    abused for fingerprinting.

    These APIs are used to retrieve information about a device, such as its
    disk space, system boot time, file timestamps, active keyboards, and
    user defaults.

    If apps do not properly declare their use of these APIs and what they
    are being used for, Apple says that they will be rejected from the App
    Store.
    ---

    Also for some perspective, it's perfectly normal for apps to gather some details about devices during operation, and a lot of that information is legitimately needed by app developers. In this case, this is the type of
    data that is being transmitted during notification processing:

    ---
    Depending on the app, this includes:
    * system uptime
    * locale
    * k