Rendered at 12:24:59 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
throwaway27448 1 days ago [-]
I don't understand why internet access isn't opt-in for apps. Preventing exfiltration would prevent much of this harm, and most apps don't have any need to access the internet in the first place. Why am I creating a GE account to read my blood pressure? At least I know it's taking advantage of me. But this is clearly abusive behavior
fizwidget 1 days ago [-]
Because 99% of apps would request it & not function without it, desensitising users into blindly accepting it. Most apps do have a legitimate reason for accessing the internet, so a binary yes/no wouldn’t achieve much anyway.
I just don’t think it’s an effective way of solving the problem.
fauigerzigerk 23 hours ago [-]
100% of users have legitimate reasons to block internet access for some apps.
If internet access wasn't granted by default, a lot more apps would function without it.
Many other apps wouldn't exist at all, because their only reason to exist is to spy on users.
tokioyoyo 16 hours ago [-]
Not going to lie, it would be an absolute hell to develop an app that's actually used without getting crash/analytics.
AlecSchueler 6 hours ago [-]
Sounds like normal development up until ten years ago. Somehow we managed.
kevincox 2 hours ago [-]
We do it. We give the user the option to export debugging information and send it to us.
throwaway27448 14 hours ago [-]
Surely this could (or should) be facilitated through the app store.
BergaDev 12 hours ago [-]
That'd just be kicking up another lawsuit for giving app stores too much control
evanjrowley 22 hours ago [-]
The internet access permission should be implemented. Users of macOS are already accustomed to the local network access permission.
Even if it's not the most effective way to raise awareness, it does put pressure on developers to be explicit about the connectivity requirements with users. It would also be a great way to audit an app's local-first / offline-first claim without having to do a network packet capture.
Want telemetry? Send it through Apple and Google. Given Apple's late history and latest trends in Android development, I see them both favoring this approach.
RedComet 19 hours ago [-]
"99% of apps would request it & not function without it"
Apple could refuse to publish them, then. Isn't that why we are forced to go through the App Store? Because Apple ensures every app there works in the best interest of the user?
abecedarius 22 hours ago [-]
Permission should be in the form of a capability, which need not end up on the built-in OS network capability. If an app insists on your car's steering wheel, you can be like "sure, kid, here's your Help Daddy Drive(TM)".
jooize 13 hours ago [-]
Internet access could be on by default for apps, with no prompt, but a toggle in Settings.
15 hours ago [-]
18 hours ago [-]
throwaway27448 20 hours ago [-]
> Most apps do have a legitimate reason for accessing the internet
Most of the apps on my phone do not need internet access.
runjake 18 hours ago [-]
Almost all of the apps you mentioned sync data to, or access data from iCloud in the vast majority of use cases. I mention iCloud here because this submission is about iOS.
That said, I'd love to have a new "Internet access" permission for apps, so users had the choice. Perhaps even separate "Allow iCloud" and "Allow Internet" but that's probably too granular for Apple's taste.
arcanemachiner 18 hours ago [-]
For that case, iOS could just run a system daemon to shuttle the app data to/from iCloud. The app itself should not need internet access for this.
I have no idea if this is what already happens, but I feel like it might be. (Why would each app have all these network connections when the system could just manage it instead?)
Larrikin 16 hours ago [-]
Every single one of those, except for the games, is a pre-installed built in app. It seems like you just don't use apps.
rationalist 11 hours ago [-]
> is a … app
> you just don't use apps.
An app isn't an "app" if I don't install it?
I have banking "apps" and others which obviously do require internet access to function properly, but the hundreds of flashlight apps in the app store should not need the internet.
The app I use to back up my text messages and contacts does not need internet, but the other app that I use to copy those backup files and pictures off my phone to other computers does.
The sad thing is, even if I take steps to prevent others getting access to my contacts or text messages, sketchy companies will still get those same contacts and quite possibly most of those messages from everyone else.
We need "herd immunity" when it comes to digital privacy, but it's unlikely to ever happen.
gyomu 1 days ago [-]
Better yet, a tool like Little Snitch should be built into the OS. Give me a detailed log of every network requests, to which domains, with what data.
Cider9986 1 days ago [-]
This isn't effective because Little Snitch only sees the domains so apps can just serve the trackers on the same domain as essential services making blocking impossible.
The only way to prevent malicious apps from affecting your privacy is to not install them or not give them network access.
gyomu 1 days ago [-]
I derive lots of value from Little Snitch on my Mac, so this approach is more effective than not having anything.
And yes, having the ability to deny any app network access on iOS would be great.
amelius 1 days ago [-]
Yeah but it might be because you are part of a minority. Once/if this is built into the OS, the app builders will have a strong incentive to do things differently.
inigyou 24 hours ago [-]
Can, but they don't, because app developers are just as lazy and don't waste time to hide their trackers
360MustangScope 23 hours ago [-]
They don’t because there is no reason to currently.
If this was added then they would have a reason to and do it.
YouTube used to be separate domains for ads and then it got merged together so that you can’t block the ads network wide without blocking YouTube videos.
inigyou 22 hours ago [-]
That's YouTube. One of the unlaziest dev teams. Spiderman Solitaire isn't going to bother.
saagarjha 24 hours ago [-]
Yet.
physhster 4 hours ago [-]
I use DNS-level blocking and audit, a bit like Pi-hole, but as a commercial service I can use anywhere. Definitely blocks a lot of trackers, but probably not all.
prime17569 1 days ago [-]
This exists already! You can see it by going to Settings > Privacy & Security and turning on the App Privacy Report at the bottom.
jtmarl1n 1 days ago [-]
Thanks, I did not know about this setting. Curious to see what will show up now that it’s on.
CTDOCodebases 1 days ago [-]
If I remember correctly iPhone apps used to use the devices SSL certificates so you as a user could install your own and man-in-the-middle the traffic to see what was being sent. AFAIK now the apps use certificate pinning.
floam 19 hours ago [-]
Certificate pinning is actually rarer today than it was a few years ago. You see it mostly in bank apps, and some system services. It’s not a best practice.
saagarjha 24 hours ago [-]
Apps can choose to do what they want.
Barbing 21 hours ago [-]
Yes and it should work properly instead of making unwanted initial outbound connections (macOS firewalls are broken).
fizwidget 1 days ago [-]
It’s not quite that detailed but iOS’s builtin “app privacy report” does give a fair amount of info, including a list of domains accessed.
23 hours ago [-]
henryhchchc 1 days ago [-]
iPhones purchased in mainland China (with model number ending in CH/A) do provide options for setting per-app Internet access permissions. There are three options [0]: Off, WLAN only, WLAN and Cellular.
Crazy. So they're explicitly selling crippled devices to most of the world.
ksec 20 hours ago [-]
What? Why is this Chinese market only? This is exactly what I wanted. There are Apps I simply don't want them to touch internet.
thewebguyd 18 hours ago [-]
Its Chinese market only because of regulation. China mandates it. Don't implement it = you don't get to sell in China.
If Apple wanted to provide this willingly they would. That its only available in China due to government regulation tells you all you need to know.
tancop 17 hours ago [-]
i got an old EU market redmi (yes im broke) and you can turn off either wifi or cellular or both for any non system app. remember apple had to put in work to actively block the feature outside of china.
reorder9695 1 days ago [-]
AOSP has network as a regular permission for apps, so on Lineage at least (idk about Graphene as I haven't used it) you can disable network for any app including google play services etc. I have no idea why most phone companies remove this permission from their roms but android itself supports it perfectly fine.
microtonal 1 days ago [-]
It's nice to be able to toggle it (it's also possible to revoke this permission on GrapheneOS). However, it is imperfect, since apps within the same profile can still communicate through IPC, so if apps cooperate, network access can still be achieved. I would guess that Play Services is one of the larger offenders, since many apps communicate with Play Services and as far as I understand (but I may be mistaken) Play Services does work that involves internet access on behalf of other apps.
You could of course disable network access to Play Services, but at least for me that broke a bunch of apps or made them unreliable.
What AOSP ROMs need besides the network permission toggle is IPC scopes functionality, akin to storage scopes.
inigyou 24 hours ago [-]
GrapheneOS has user profiles, but they're too heavyweight for most uses.
Hoodedcrow 18 hours ago [-]
Profiles are a thing in "stock" Android too, they just don't have the toggle to disallow them working in the background, the "Install available apps" option and Google services also keep working across profiles.
If you want something less disruptive for isolation, there's Private Space. What I like is that this can stop apps there from working in the background on stock Android as well.
ignoramous 1 days ago [-]
> However, it is imperfect, since apps within the same profile can still communicate through IPC, so if apps cooperate, network access can still be achieved.
Folks brings up 'IPC' as if this is some chink in the armour in AOSP. It isn't. 'Apps' pretty much on most consumer OSes can 'IPC' their way with other co-operating apps to 'achieve' network access from behind a firewall, just the same.
> since many apps communicate with Play Services and as far as I understand (but I may be mistaken) Play Services does work that involves internet access on behalf of other apps
If the OS or its privileged component will fchown the socket to the origin app, think the INTERNET permission will be enforced as expected.
saagarjha 24 hours ago [-]
There is very little IPC that is allowed for apps that do not share a development team on iOS.
ignoramous 16 hours ago [-]
> There is very little IPC
I am not familiar with iOS internals, but does "very little IPC" mean "zero IPC"? Because if we are talking IPC in the context of bypassing permission checks, I imagine, 'very little' doesn't cut it?
saagarjha 5 hours ago [-]
I said "very little" because someone is probably going to be like "oh well you can have app A start allocating a bunch of memory and then app B gets a memory warning and this passes 1 bit of information"
ignoramous 38 minutes ago [-]
Exactly: Some will use "IPC" as a stand in for side channels / memory safety, if it suits their agenda. I don't think it is a valid argument to make that the permission model is broken because "IPC".
fragmede 16 hours ago [-]
What stops the app from opening a link in Safari to trackmyshit.com/uuid-uuid-uuid-uuid that closes itself.
saagarjha 5 hours ago [-]
You'd need Safari to keep cookies and other persistent storage for the site.
inigyou 24 hours ago [-]
GrapheneOS not only has this permission, but it asks you every time you install an app.
Hoodedcrow 1 days ago [-]
Can confirm Graphene also has it
nobody42 23 hours ago [-]
Because exposed, non-private, abused by-default is a business model. The company is incentivised to not provide restricted access - otherwise you can't have a cut from apps revenue. It's defective by design.
Barbing 21 hours ago [-]
Shocked to see iPhones sold in China are less defective by design on this one point, from another comment. It has surely reduced Genius Bar visits but it’s also harmed my privacy.
dessimus 16 hours ago [-]
>most apps don't have any need to access the internet in the first place.
It would severely depend on how you categorize "most apps" because I would say I pretty much only use apps that need the Internet, barring Calculator, Camera, and a PDF reader (only because I prefer how it zooms books vs browser. Everything else implicitly needs the Internet as that app is just a better UI to using their mobile web site, if they even offer one.
throwaway27448 15 hours ago [-]
Apps are more than just a gateway to content. Your phone is also useful as a tool in itself. Most health, hardware, creative, and productivity apps do not need access to the internet. Even downloading, say, content packs could be done via icloud if apple cared about privacy. Syncing with icloud and not some rando company's probably insecure webapp is a great deal of the appeal of an app store in the first place.
hellcow 1 days ago [-]
GrapheneOS lets you restrict the internet access of any app on install.
But yes, agreed it should be everywhere.
microtonal 1 days ago [-]
See my comment upthread, it helps a bit, but does not close this hole since apps within the same profile can communicate through IPC, so other apps could provide network access on their behalf. I think the best example is probably Play Services, which provides functionality for a lot of apps and will communicate with Google, etc.
(Yes, you can disable network access to Play Services, but it sometimes breaks things and the general point of IPC as a hole still stands.)
deanishe 1 days ago [-]
I'm not an Android user. What's a profile? Is that a user thing or a developer thing?
Cider9986 1 days ago [-]
You can make different profiles. They can have different unlock methods and can have different apps installed. If you have one app installed in both it's shared.
They were designed so multiple people could use one device.
Some people use them to separate identities or contain apps they view as bad. I'm not sure if the efficacy of this.
It is a user thing, you can set up multiple profiles and install apps into each of them. These profiles are isolated from each other. I think they started out as a way of separating private and work apps/data, but you can have many of them. See e.g.:
On GrapheneOS, it's like a container, or a virtual phone. Apps in different profiles (and you can install the same app in more than one profile) can't see each other and theoretically can't even tell they're running on the same phone (although I'm sure there are leaks like IP address)
backscratches 1 days ago [-]
And you can limit which contacts you share with nosy app like WhatsApp, and give access to only specific scope of file folders. Horrifying to think all the years every app got everything it wanted and did not have to ask and couldn't be stopped (I had a rooted phone for firewall capability for a while )
Cider9986 1 days ago [-]
Yeah it asks on app install if you want to grant network permissions. It's just a little checkbox. You can of course manage it afterwards in app settings or permissions manager.
They also added the sensors permission.
nubinetwork 1 days ago [-]
You don't need graphene for this, I've been able to do this on plain android for ages.
iLoveOncall 1 days ago [-]
iOS lets you turn off data access (so outside of wifi) for apps as well, it's just not asked at install, which honestly makes sense given the demographics of iPhone users.
DavideNL 24 hours ago [-]
Which is useless for 99% of users since they use Wi-Fi at some point in the entire phones lifetime….
mazzystar 1 days ago [-]
This resonates from the dev side. I made an offline photo search app a while back — you search your library in plain language ("a boy and a girl by the river"), CLIP embeddings all computed on device. It needs full photo access but I deliberately requested zero network permission. Was kind of proud of that.
Problem is there's no way for users to actually know that. iOS has no "this app can't reach the internet" indicator, so the whole guarantee is invisible. I even had people assume the opposite — app reads your whole library, therefore it must be uploading it somewhere. Exactly backwards.
subscribed 1 days ago [-]
Fantastic work. I regret I can't use it, because this is exactly what I'm looking for for quite a while, but it seems to be an impossible task (I need it on android).
nashashmi 22 hours ago [-]
The evolution of development was to make things easy and simple for the consumer. If internet was an opt-in (and it cannot be opt-out), then app function would be ostensibly limited. And the user would be given a harder time setting things up.
This is the Apple mindset. Make things easy. Do not make things complicated.
throwaway27448 20 hours ago [-]
The attitude was never "don't give the user control", though. Until ios.
yftsui 17 hours ago [-]
iPhones sold in China have that in settings, you can block both WLAN(Wi-Fi) and Cellular data per app. Why that turned out to be a nightmare is a different story
fragmede 16 hours ago [-]
What's the story?
1 days ago [-]
nodamage 17 hours ago [-]
> most apps don't have any need to access the internet in the first place
Citation needed.
Looking through my phone the vast majority of third party apps I have installed obviously require internet access:
- Social media
- Travel (rideshare/airlines/hotels)
- Streaming
- Finance (credit cards/banks)
- Shopping
Not counting built-in apps like the calculator I'd estimate 80-90% of the apps I have installed require internet access.
throwaway27448 10 hours ago [-]
I suppose i use a computer for all of this. Do you not get any utility out of your phone beyond being a glorified frontend to a browser? I use it to track my health, to take and organize photos, to document my life in myriad ways, to compose and edit text/video/music, and virtually none of this requires internet beyond icloud syncing/drive.
coffeecoders 16 hours ago [-]
It's a selection bias issue. The categories you have listed are essentially web services wrapped in an app shell. Of course they need the internet. Consider these examples:
- Photo/Video editors - Snapsheed, Lightroom, Video trimmers etc.
We've just become conditioned to accept that every app needs to phone home for tracking and ad-delivery.
jamessb 2 hours ago [-]
A photo/video editor may include the ability to upload images to a sharing service/social media.
PDF viewers (like GoodReader) can download a PDF from a URL, or read it from a network drive.
Obsidian has functions that need internet access (e.g., connecting to the Obsidian sync servers, installing community plugins).
Password managers often have a sync feature.
A video player may be able to play files hosted on remote servers or network drives.
They should be useable without an internet connection, but it's entirely reasonable for them to request permissions for network access.
10 hours ago [-]
lapcat 24 hours ago [-]
Curiously, the Mac App Store sandbox has a com.apple.security.network.client entitlement that a developer must justify to Apple, whereas the iOS App Store does not, allowing unrestricted access to the internet.
regecks 1 days ago [-]
Damn. The "iPhone last setup or erased on ..." is really nasty. What can a user really do about that? I feel like this should be fudged somehow by the OS.
Gigachad 1 days ago [-]
Seems like in general the iPhone was not designed to avoid fingerprinting from installed apps. Only protection would be avoid installing apps and use the web browser when possible.
camkego 1 days ago [-]
This. This is why everyone who wants to fingerprint and collect tons of data on end users pushes them hard on installing an app. The amount of valuable data is 10x what’s available in the browser
microtonal 1 days ago [-]
And it is not just the fingerprinting, it is also that a good number of people will install an ad/tracker blocker in their browser, but almost nobody knows or cares about the multiple trackers that most apps have.
To make it worse, Apple's naming undermines consciousness about this issue, since they have an option to block cross-app/site tracking (which IIRC blocks access to the advertising identifier), but called it "Allow Apps to Request to Track". A lot of people seem to hold the belief that disabling this option blocks all in-app trackers. It just blocks one way to correlate, but as this app shows, there are other ways to correlate (as well as correlating server-side using IP addresses, etc.).
On this topic, I somehow missed that Apple added a generic URL filtering API to macOS/iOS 26, which extends Safari filtering to the whole OS (well, as long as apps are using Apple's APIs). It's not perfect, but a nice addition to DNS-based blocking:
Aside from technical methods to address this, all this in-app tracking must be a violation of the GDPR, no? I can't imagine this all falls under legitimate interest.
1 days ago [-]
deanishe 1 days ago [-]
> all this in-app tracking must be a violation of the GDPR, no?
Probably, but we're gonna have to wait for the courts to weigh in for a definitive answer.
Same with the very popular pay-or-accept-tracking model. An Austrian court found it illegal, but we'll probably have to wait for a case to make it all the way to the ECJ.
saturn8601 1 days ago [-]
Cut your selection of apps and find/build privacy respecting alternatives for the remainder. Im trying to do this. Music is now locally hosted, Youtube is sorta kinda coming along. I've been working on reversing some of my more basic iOS apps to extract the data/endpoints they use and write my own apps. Fable really helped with this and Opus just does not cut the mustard. I hope it comes back. :/
p-e-w 1 days ago [-]
The intended “protection” is the ToS, which requires apps to disclose what they are tracking and whether they perform cross-premise tracking.
Barbing 1 days ago [-]
Ah, that’s funny. Too bad those privacy nutrition labels are only honor system.
They give that one completely up to businesses, then, to devs. They also thought they should let an app maker prohibit screen recording, which might promote development since it protects revenue of e.g. subtitling apps as one example. But end result is you even end up with a black screen when recording the iPhone Mirroring app from a Mac.
Apple owes us a better balance here. iCloud Private Relay for all apps (why only Safari?! and Mail and HTTP) as a start, and plugging some of the privacy holes Loupe exposes. They don’t want us abusing free trials I suppose.
paytonjjones 1 days ago [-]
Often it's not the app itself doing tracking or cross-premise tracking, but data is passed to installed third party SDKs that do.
cute_boi 1 days ago [-]
These days many things don't work on browser. Even reddit is very difficult as we get constant nagging.
Gigachad 1 days ago [-]
That’s usually a warning the service is malware that wants you to install an app for deeper tracking.
water-drummer 1 days ago [-]
LinkedIn is the worst offender imo. I am not gonna list every shitty thing they do that goes away the moment you switch to desktop mode but the worst one is that they keep showing you the same feed for weeks if you're on mobile web.
.EU? I'd be scared to publish something like that under EU jurisdiction. I could be fined for full actual damages to Microsoft's reputation and I might even be jailed for defamation.
Laurel1234 16 hours ago [-]
.
inigyou 15 hours ago [-]
I live in Germany. It's extremely repressive here, especially around Palestine, or any criticism of ruling politicians or rich people.
potatoproduct 1 days ago [-]
old.reddit.com
brador 1 days ago [-]
For now but you know they’re coming for that ass.
inigyou 24 hours ago [-]
It used to be widely thought they were keeping it around because the most important users who actually posted the content preferred it. But they drove all those people away in 2023 by blocking apps except for their spyware one, and everything is posted by LLMs now anyway.
Cider9986 1 days ago [-]
Brave blocks those switch to app notices by default.
dylan604 1 days ago [-]
Maybe I'm being really thick, but why is this information that the OS would make available to apps?
lunar_rover 14 hours ago [-]
It's likely allowed in some miscellaneous permissions file from a bygone era. The lines are probably over a decade old now.
UqWBcuFx6NV4r 1 days ago [-]
Maybe it’s derived
LoganDark 1 days ago [-]
It's probably the app checking the last modified timestamp on some filesystem location that's only touched during setup.
Again, why is this something that an app would need access? The next test under the creation timestamp value is a test for getting the UUID of the volume. Again, why is an app allowed to access the unique identifier? Apple knows this type of thing is precisely what deanonymizing people would drool over, so why is this accessible. What part of iOS would even need to know this for a legitimate purpose? Are these calls using private methods that Apple does not intend for use being abused for purpose? I'm not an iOS dev, so I have no familiarity with this.
fragmede 16 hours ago [-]
To stop people from using apps they haven't paid for. As an honest person, if you want to use an app, you'd pay for it. Unfortunately, not everyone out there is honest, and there are various ways to get around having to pay for an app that costs money. Fingerprinting the device lets sellers of software find people who didn't pay for the software but are somehow using it.
dylan604 14 hours ago [-]
I really hope you're being facetious. It' be pretty clever if you were, but for those that think this is serious...
If you want someone to pay for an app, don't make it free with in-app purchases. This is not something allowing for the OS to provide a unique identifier that can be abused available to app developers. App developers cannot be trusted. At. All. Ever.
matthewfcarlson 1 days ago [-]
Is the threat model tracking across multiple apps to correlate what you're doing? In that case, a single app wouldn't show you the fudging.
ramses0 1 days ago [-]
```Based on a binomial/Poisson distribution and a baseline of 21 million U.S. device sales per release, a fingerprint relying on "seconds since setup" fails to uniquely identify individuals. In the high-density Early Adopter phase, you will share your exact setup second with an average of 1.01 other people (a total matching pool of ~2 people). Six months into the cycle, you will still share that second with an average of 0.68 other people.```
In the U.S., device setup time (to the second) very conservatively gets you clubbed into a single group of 100 individuals as an "advanced persistent threat" tracker. Even compressing activations to "80/20 during business hours" the math kindof maxes out at a pool of ~5 people, and assuming worst case "20x" of that still means you're still pretty darned identifiable.
If you get ~6-8 more bits of entropy (eg: Device Type + Capacity is easily 2-3 bits, and Time Zone is probably another 2-3 bits) you're cooked!
withinboredom 1 days ago [-]
Reminds me of a meeting I was party to with the Safari team. We worked with them on some standards stuff at an old job. They claimed to have creepy-level tracking of users back then. We were discussing how to identify users for an A/B test across millions of sites and comparing what fingerprints we could both derive to most likely end up on the same user.
If you use a closed source browser. That’s the kinda shit they do.
saagarjha 24 hours ago [-]
Are you claiming the Safari team is fingerprinting their users?
cute_boi 1 days ago [-]
Just using IP address, device storage, device name, and similar signals, we can identify a user. It isn’t difficult to correlate these data points. Apps like Facebook also force developers to use their SDKs for even small features.
ramses0 24 hours ago [-]
Yeah, but IP address is "obviously" correlated with a distinct/persistent tranche of users. It's surprising that volume c_time is both more persistent as well as more unique than IP.
RedComet 1 days ago [-]
Volume creation date is pretty egregious. I don't see any reason that and Pasteboard changeCount should be so granular.
The "Installed Apps Probe" leak also surprised me. It is better than the current state of Android, though.
xenator 1 days ago [-]
Pasteboard counter exists to help apps to not ask again about the same item in the buffer.
And nothing stops from using reset it every day.
echoangle 1 days ago [-]
Why do you need a count for that? Couldn’t they just generate a UUID every time the clipboard changes?
jrmg 15 hours ago [-]
That’s even worse - now you have a tracking UUID that only changes when the user copies something.
dylan604 1 days ago [-]
Allowing an app to access the pasteboard without the user explicitly pasting into the app is weird to me. Maybe the thing I have in the pasteboard is not for this app but left over from use in another app. Since there's no easy way to clear the pasteboard, this will happen often. Maybe it's because I'm not an app dev that this doesn't make sense to me????
aalimov_ 1 days ago [-]
iOS will ask for pasteboard permission every time an app wants to read the actual contents.
Barbing 1 days ago [-]
& we can set ask each time, always allow, never allow per app.
Barbing 1 days ago [-]
Would you elaborate on both points?
Any way to reset it as an end user? (Not enough awareness of the issue for search engines to find much.)
RedComet 1 days ago [-]
I think something like a per boot delta added to a (per app?) random base would preserve such functionality.
echoangle 1 days ago [-]
Just generate a new random value instead of incrementing
RedComet 1 days ago [-]
Even that is overkill if all you're interested in is if a change occured.
echoangle 1 days ago [-]
What’s an easier way? I’m assuming they want the app to be able to detect when “a”, was copied, then “b” and then “a” again, so just looking at the value probably isn’t enough.
maccard 1 days ago [-]
I don’t think an app should have access to that (without some sort of very special permission).
backscratches 1 days ago [-]
Graphene is way ahead of this
Cider9986 1 days ago [-]
Apps on grapheneos can see a list of other apps in the same profile.
aggregator-ios 1 days ago [-]
One correction to some comments here: an iOS app cannot list all apps that are installed. You can only check for specific apps/schemes (LSApplicationQueriesSchemes) by specifying apps you are looking to query for installation status or open. You cannot provide a large list of unrelated applications since Apple rejects that during app review.
Apple added these restrictions because installed app lists can be used for fingerprinting and privacy invasive profiling.
nomilk 1 days ago [-]
But a single app can request to know the presence of up to 50 apps, right?
And a data broker/aggregator can purchase such data from many (e.g. thousands) of apps and aggregate it, then sell it.
isodev 1 days ago [-]
Yes indeed, the limit is 50 which is of course enough to fully profile "regular people" who only have a handful of apps. Also don't forget, Meta/Google/TikTok/WhateverPalantir are updated weekly which means they can tweak their LSApplicationQueriesSchemes list and cover even more apps if they want to.
ksec 20 hours ago [-]
Are there legitimate reasons why an App should know I have installed?
isodev 8 hours ago [-]
Interoperability mainly - if you want to deep link into a specific app or show a list of apps to open.
These days we have more modern and privacy protecting APIs for making content available to the system or other apps… but that doesn’t stop the profilers.
developerDan 20 hours ago [-]
Back before Apple allowed users to set the default browser I had a feature in my app that presented a list of installed browsers when a user opens an external link, giving them the option to choose where it opened.
rationalist 18 hours ago [-]
Android gives me that option at the OS level.
hnav 20 hours ago [-]
E.g if gmail knows that you have maps or chrome it can deep link you into a particular view instead of opening safari.
rationalist 18 hours ago [-]
At the OS level, Android gives me the option to open links in the corresponding app.
isodev 7 hours ago [-]
So does iOS, but this is a different feature than what we’re discussing here.
Since Android 11, Google copied the iOS model except Android is a bit more permissive and so you get a bit less privacy out of the box.
xnx 15 hours ago [-]
People think LinkedIn is scummy (they are) for scanning for browser extensions, but what Apple is allowing is even worse.
microtonal 1 days ago [-]
You cannot provide a large list of unrelated applications since Apple rejects that during app review.
Thank you for the clarification!
You cannot provide a large list of unrelated applications since Apple rejects that during app review.
It does not need to be a large list though I think? You just need a small list that is very discriminative and adds enough additional entropy to uniquely identify you in combination with the other data leaked.
solarkraft 1 days ago [-]
It is terrifying to learn that apps are allowed knowledge about any other app being installed on my phone. Where can I see that list?
saagarjha 24 hours ago [-]
Info.plist
NietTim 1 days ago [-]
> Apple added these restrictions because installed app lists can be used for fingerprinting and privacy invasive profiling.
And this was heavily exploited by Facebook before Apple patched it
Cider9986 1 days ago [-]
For anyone without an iPhone or doesn't want to install the app you can see a demo here (same video different platforms):
Why does a random app (with no special permissions given to it) get access to so much info, and why doesn't Apple tell users this (important) info? Why can't Apple make a long list of check boxes so users can dis/allow on a per-category and per-app basis?
E.g. I had no idea a random app you install (and give no permissions to) instantly has a list of every app installed on the device (e.g. can infer whether you're dating [or cheating!] from presence of tinder/bumble/hinge). That alone seems instantly monetizable by unscrupulous actors via 'is-my-partner-cheating' as a service: charge $10 to give a probable answer.
dunder_cat 17 hours ago [-]
I'm in that camp of has a dating app installed but have no partner so the is-my-partner-cheating admittedly doesn't resonate with me. I've had to do some of this fingerprinting myself before for non-data-selling reasons so a lot of the system-level statistics didn't quite impress me [1], but that one was a gut-punch when I saw it pop up. It makes me wonder what apps out there have leveraged that as a signal for ads or other behavior modifications to exploit my search for a partner -- without at least having to spend a few pennies querying a data broker!
It makes sense that there's some discovery mechanism - since Google loves to use it to prefer Chrome, GMail, etc when you're in one of their apps. I wish that there were more restrictions though where you only get implicit permission to query from apps that have the same developer ID. Maybe a mutual allowlist that has to be formed, or some sort of privileged intent where you at least have to tell Apple what's going on and that gives them some contractual right to sanction you if you're using it for nefarious purposes instead.
[1] excluding the clipboard copy count, that was novel!
wiseowise 1 days ago [-]
That’s a stupid idea, how would you even get this “is-my-partner-cheating” on your partners phone?
nomilk 1 days ago [-]
Loupe itself can see if you have tinder/bumble/hinge installed (verify for yourself: install tinder, then install loupe, don't give it any permissions, and it can tell if you have tinder installed or not). So the answer is: buy the data from any app your partner has installed! Or more easily, a data aggregator which will have already combined data from hundreds/thousands of apps.
So your partner only needs to have had 1 single app from the list that sells user data to a data aggregator for this to work. They do not need to have installed some special app.
Here's a random Slate article about apps getting your data and selling it to aggregators/brokers, who sell it to third-parties (you, or I, could be one of those third parties).
> How Shady Companies Guess Your Religion, Sexual Orientation, and Mental Health And sell that data to the highest bidder.
Okay it's weird but the first thing that came to mind. Logic: if I can think of a monetisable, nefarious application in 10 seconds, then it stands to reason that very many nefarious applications would be possible with more time/effort.
backscratches 1 days ago [-]
Not just possible, currently being implemented. People are murdered every year using this information. Last year a US politician was assassinated by someone who tracked them by buying this information from aggregator. You thought of a tame use case!
If this had happened to a right wing politician there would immediately have been federal legislation exempting politicians from data tracking
echoangle 1 days ago [-]
And how would the is-my-partner-cheating get their app onto the victims device to detect the other apps?
nomilk 1 days ago [-]
They don't, utilise the fact that every single iPhone app has access to what other apps are installed! - purchase that info from literally any iPhone app or aggregator that has it for that user. Curious how much this would cost to purhcase - a working credit card goes for $5-10 on the black market so 'apps installed on X's iphone' might be, like, 10c?
echoangle 1 days ago [-]
Which even halfway credible app developer would sell you that info? You know that’s illegal right? You might get some stupid indie developer to do this but no chance for anything even half big.
But if you can get actually get this data, maybe try to do this on yourself and write a blogpost about it. I highly doubt you’ll be able to.
nomilk 1 days ago [-]
I've never made an iOS app and don't have plans to. But my assumption is ~every >= medium-sized iOS app would be monetised by selling data to aggregators.
9dev 1 days ago [-]
Even if that was the case - which it isn't - the aggregator data isn't keyed by the user in question. That is highly illegal pretty much everywhere and would get you in a lot of trouble. You can't "just" find out which apps an arbitrary person has installed on their phone. That's not how it works.
Most app publishers are halfway credible at best, so it's not much of a problem. Even the halfway credible ones often use SDKs that do this.
echoangle 1 days ago [-]
Ok but if the SDKs do this they use it themselves to serve ads and don’t sell the raw data, right?
maccard 1 days ago [-]
Get your hands on a random selection of 10 iPhones and look at the apps installed. I suspect you’d be horrified. As an example - any parent who has installed a free game for their kids likely has all of this info, plus more via tied in logins.
That said, I agree with the rest of your point - you’re not going to go to a developer and offer them $100 for this data on a person (and if you could, you’d still need to tell them which person, which if you could do you could just get the data yourself)
latexr 1 days ago [-]
Ask any domestic abuser. Most of them seem to be successful at it.
It’s crazy to me that people are being so skeptical of the idea. A lot of people share their logins freely with their spouses. I have never done it nor would I condone it, but it would be trivial for me to install spyware on the devices of many people I know, because they rightfully trust me. Not only do I know some of their device passwords¹, being “the computer guy” I could just outright ask for it or get them to input it anywhere while fixing some issue they have.
¹ And many more I have forgotten, because I make it a point to not record them, even mentally.
echoangle 1 days ago [-]
If you can get the app onto my phone in person, you can also just check which apps I have on my phone
latexr 22 hours ago [-]
That assumes continued access, which may not be true. Installing spyware gives you information down the line.
maccard 1 days ago [-]
But if you have credentials and physical access you can just ask for their phone and straight up read their messages/apps.
latexr 22 hours ago [-]
Yeah, once, possibly under time pressure, and not at all times. Spyware gives you continued access.
jiri 1 days ago [-]
Is something similar already available for Android phones?
Holy cow, did not know ios lets apps access so many finger printable information such as apps installed, last wipe and number of copy actions.
Installed the browser as I am confident it will be good also.
Thank you!
ololobus 21 hours ago [-]
Idk, I actually got the opposite impression. Most of the info is just what I would expect everyone to see: date formats, languages, various webview kind of stuff, network info. This is already more than enough for fingerprinting
> information such as apps installed
This is what surprised me too, but if you read their hint, it’s not like list API. They probe various ‘open URL in app’ to see what apps registered them, so are installed. I guess this i) won’t allow you to track apps that don’t have ‘open in app’ urls, and ii) probably hard to limit without affecting UX
> number of copy actions
This is odd, yeah, not sure why is it exposed
> last wipe
They deduce this from the volume creation date. Probably possible to hide, but also not really that important, at least to me. Fingerprinting will work with way fewer info anyway
To summarize, I think iOS is still very solid in terms of involuntary info exposure (if you trust Apple itself). Most of really sensitive info requires separate permissions. Yes, you can harden it further, but that will be more like a paranoid mode
ChrisMarshallNY 1 days ago [-]
I must say, I like the Mysk team, and wish them well; AI or not.
It seems a bit quixotic, but anything that goes against $_BIGCORP is tilting at windmills, anyway.
Of course, the one narrative I almost never hear, no matter who it is, is "Simply don't collect any extra data."
It's that simple. If you don't have the data, your app could be Swiss cheese, and no one can get anything dangerous.
But, in today's tech world, data is money, so every app and Web site out there, goes to any length, to hoover up as much data as possible.
I regularly get prompted to join "teams," and "leaderboards," or do "challenges," on my solitaire games.
phmx 19 hours ago [-]
On a tangential point, one thing that should definitely not be possible for apps these days is determining whether you enabled a VPN. AFAIK, it’s possible indirectly in iOS by enumerating network interfaces with specific/telling names.
api 1 days ago [-]
This is why I avoid installing apps and don’t have a lot of them.
iririririr 1 days ago [-]
...wouldn't it be better to have a pocket computer you own?
dylan604 1 days ago [-]
It would be even better if app devs weren't pieces of shit making apps whose sole purpose is to gather all of this data to sell to other pieces of shits while skinning their app as a game or other app to trick users into thinking it's worth installing.
Fighting devs being able to make money in this manner is not dissimilar to getting made a drug dealers. As long as users want their product, they will sell the product.
inigyou 24 hours ago [-]
Or if every time someone wrote an app that did this, we arrested them.
downrightmike 1 days ago [-]
Most people don't know and we are seeing that things get slipped in at a later date
throawayonthe 1 days ago [-]
if you think "desktop" operating systems aren't even worse on this, you're very mistaken
feelamee 16 hours ago [-]
sure, without any action from the user to increase safety, desktop OS's just allow any app to read any files.
On the other hand, desktop OS's allow a wide spread list of ways to control what applications have access too (especially Linux and BSD families).
Although, despite all this, running malware can never be safe.
iririririr 10 hours ago [-]
there i can install linux or compile my own stuff
api 21 hours ago [-]
That’s not the problem though. The problem is that most apps are malware.
normie3000 1 days ago [-]
Phones are quite useful.
iririririr 10 hours ago [-]
your point?
NietTim 1 days ago [-]
Just use the browser, it's fine 99% of the time.
hrideshmg 21 hours ago [-]
Wonder if there's anything like this for Android? If not, it might make for a pretty fun/interesting side project
Privacy is a real issue! Does the iOS allow an ext dev app to read its system info? If yes, does it easily comply?
lencastre 1 days ago [-]
/me wonders of the privacy label should actually mention that it reads everything and the kitchen sink!!!
paulirish 2 days ago [-]
Would love this for MacOS as well.
weikju 2 days ago [-]
Fortunately, if you read the README (and decide to go past the “this was mostly built by AI” part,
> Loupe also builds for macOS. The Mac version is mostly complete, but a few things still need work before it's polished.
heavensteeth 1 days ago [-]
> and decide to go past the “this was mostly built by AI” part
I got that feeling just seeing the title use "native" as a synonym of "not a website".
bethekidyouwant 2 days ago [-]
What “apps” do you use on a mac?
VertanaNinjai 1 days ago [-]
Probably a ton since macOS apps are literally distributed as .app bundles.
winstonwinston 1 days ago [-]
Though there is a difference what store apps and non-store apps can do. I think is about store apps which are “sandboxed” and have to use public api to request then access information which non-store apps can access without.
internet2000 1 days ago [-]
Google Chrome, VS Code, among others
bethekidyouwant 1 days ago [-]
Well “they” can technically “read” anything your user can.
iancarroll 1 days ago [-]
Apps installed via the MAS have sandboxing applied to them, so this isn't really true.
winstonwinston 1 days ago [-]
Yes but chrome is not from MAS. I have none MAS apps installed because they are simply not available via MAS.
bethekidyouwant 17 hours ago [-]
Great back to my original question which (mas)“apps” do people actually have installed on their MacBook.
amelius 21 hours ago [-]
Huh, I was under the impression that Apple protected us against all this through the app store review process.
feelamee 16 hours ago [-]
I'm under the impression that Apple abusing this by itself
socalgal2 1 days ago [-]
Yea, it's infuriating that most of the HN crowd thinks the apps are better then web. Apps can spy on you way more than web. It's the reason every website says "please download the app". If it was better for them to spy on you via the website they wouldn't ask you to download the app.
yreg 1 days ago [-]
There are plenty of other (better?) reasons why developers might want to push apps.
More APIs, less friction selling stuff, business presence right on the homescreen.
Gander5739 1 days ago [-]
And people want apps, believe it or not.
inigyou 24 hours ago [-]
They are technically better. They can do more stuff and integrate with the OS better in general. That includes fingerprinting stuff and fingerprinting integration.
cocoto 1 days ago [-]
Today I have simply given up trying not to share my personal information. What I do instead is simply blocking all ads and don’t use apps/websites that can’t be used without ad blocking. They may have many personal details like my favorite ice cream flavor but I get zero ads so I don’t care that much (I would prefer no one having this information but I’m pragmatic in such terrible society).
Cider9986 1 days ago [-]
Unfortunately ad blocking is not effective against current cross-site and anonymous user tracking.
Fingerprinting is extensively used and can't be defeated without a decent hit to browsing experience. Mullvad and Tor browser are likely the best at anti-fingerprinting.
The only completely reliable way to avoid this tracking is by not visiting websites with fingerprinting. A tool that can help with this is LibRedirect which redirects you from sites like Twitter to privacy front ends like xcancel.
The extensive web tracking is detrimental to privacy, but it doesn't compel you to add additional PII like phone numbers, which is much worse than cross-site tracking for a surveillance capitalism threat model.
1 days ago [-]
Forgeties79 1 days ago [-]
This is neat and interesting, truly, but the classic “what now?” emerges. I guess the only answer is “throw out my iPhone”? Otherwise this kind of seems like a circuitous ad to make people get worried and download Psylo, which I see has in-app purchases. I’m not trying to come at you here, but it’s just hard not to feel suspicious online these days.
aggregator-ios 21 hours ago [-]
Apple has been very good about public perception of its products and privacy. They just spent a lot of this year’s WWDC talking about the latter so I’m sure someone at Apple is aware of this.
I have not spent a lot of time thinking about why certain things like 50 apps install queries, boot volume timestamps, etc are provided to developers. But I think Apple will close these loopholes.
Also love the idea of outbound network connections being disabled by the user per app
microtonal 1 days ago [-]
Don't install apps outside trustable apps that don't embed tracking. Even if you cannot uninstall every app, the fewer you have, the less cross-app tracking. Also donate to and consider installing privacy-conscious alternative phone OSes. They may not have closed all holes (yet), but at least their incentives are aligned with yours.
Forgeties79 18 hours ago [-]
> Also donate to and consider installing privacy-conscious alternative phone OSes.
iPhone
Cider9986 1 days ago [-]
The only way to prevent this right now is to avoid installing apps that are doing this.
Forgeties79 1 days ago [-]
“Just don’t use it” only gets you so far and isn’t always an option. Also, as some have mentioned in this thread, many sites now make the mobile experience so painful (or remove key features) so as to force you onto the app.
I am against cars for the most part, but I can’t just get rid of my car. In this case, I can’t get rid of Slack (and other apps) because of work and unfortunately I do not work at a company that will buy me a work phone for work things.
Ultimately this has to start at a more root level. We need to claw back privacy.
Cider9986 1 days ago [-]
I'm not saying it's not a problem and I understand you have to use some apps. I'm just saying that currently the only way to effectively prevent apps gathering and selling this info is to never install the app in the first place.
Forgeties79 1 days ago [-]
Fair enough
lencastre 1 days ago [-]
this is fantastic, just great really, and honestly makes one stick out so easily, reminfs me a lot of that license plate xkcd
Apps like TikTok can know which username we logged in with, even if we uninstall and reinstall the app. This is egregious, as many companies like Facebook have SDKs embedded in many apps, allowing them to accurately interconnect user activity.
Apple should be ashamed that they aren't putting effort to randomize these fingerprints....
gene91 1 days ago [-]
That’s just keychain. It’s not even fingerprinting.
diebeforei485 1 days ago [-]
This is probably Keychain, right?
cute_boi 19 hours ago [-]
Probably, the most stupid thing with apple is there is no way to clear this keychain AFAIK without resetting whole phone.
18 hours ago [-]
chatmasta 14 hours ago [-]
[dead]
yashthakker 22 hours ago [-]
[dead]
momoraul 1 days ago [-]
[flagged]
OffBeatDev 1 days ago [-]
[flagged]
5701652400 1 days ago [-]
[flagged]
ChrisMarshallNY 1 days ago [-]
It's likely to be trolled by the WPA folks, who will insist that WPAs are just as insecure as native apps, so there's no difference ...
But very cool.
njsubedi 1 days ago [-]
You mean PWA?
ChrisMarshallNY 1 days ago [-]
Yes. Got my ps and ws mixed up. I was just reading about the Mt. Rushmore project (I was curious whether or not it was a WPA project -it wasn’t, officially).
I just don’t think it’s an effective way of solving the problem.
If internet access wasn't granted by default, a lot more apps would function without it.
Many other apps wouldn't exist at all, because their only reason to exist is to spy on users.
Even if it's not the most effective way to raise awareness, it does put pressure on developers to be explicit about the connectivity requirements with users. It would also be a great way to audit an app's local-first / offline-first claim without having to do a network packet capture.
Want telemetry? Send it through Apple and Google. Given Apple's late history and latest trends in Android development, I see them both favoring this approach.
Apple could refuse to publish them, then. Isn't that why we are forced to go through the App Store? Because Apple ensures every app there works in the best interest of the user?
I just flat out think this is bullshit
Non-multiplayer games, clock, camera, contacts, phone, text message, file explorer, keyboard, launcher, notes, document viewer/editor, image viewer, audio recorder...
Most of the apps on my phone do not need internet access.
That said, I'd love to have a new "Internet access" permission for apps, so users had the choice. Perhaps even separate "Allow iCloud" and "Allow Internet" but that's probably too granular for Apple's taste.
I have no idea if this is what already happens, but I feel like it might be. (Why would each app have all these network connections when the system could just manage it instead?)
> you just don't use apps.
An app isn't an "app" if I don't install it?
I have banking "apps" and others which obviously do require internet access to function properly, but the hundreds of flashlight apps in the app store should not need the internet.
The app I use to back up my text messages and contacts does not need internet, but the other app that I use to copy those backup files and pictures off my phone to other computers does.
The sad thing is, even if I take steps to prevent others getting access to my contacts or text messages, sketchy companies will still get those same contacts and quite possibly most of those messages from everyone else.
We need "herd immunity" when it comes to digital privacy, but it's unlikely to ever happen.
The only way to prevent malicious apps from affecting your privacy is to not install them or not give them network access.
And yes, having the ability to deny any app network access on iOS would be great.
YouTube used to be separate domains for ads and then it got merged together so that you can’t block the ads network wide without blocking YouTube videos.
[0] https://old.reddit.com/r/ios/comments/aib10i/in_china_ios_al...
If Apple wanted to provide this willingly they would. That its only available in China due to government regulation tells you all you need to know.
You could of course disable network access to Play Services, but at least for me that broke a bunch of apps or made them unreliable.
What AOSP ROMs need besides the network permission toggle is IPC scopes functionality, akin to storage scopes.
If you want something less disruptive for isolation, there's Private Space. What I like is that this can stop apps there from working in the background on stock Android as well.
Folks brings up 'IPC' as if this is some chink in the armour in AOSP. It isn't. 'Apps' pretty much on most consumer OSes can 'IPC' their way with other co-operating apps to 'achieve' network access from behind a firewall, just the same.
> since many apps communicate with Play Services and as far as I understand (but I may be mistaken) Play Services does work that involves internet access on behalf of other apps
If the OS or its privileged component will fchown the socket to the origin app, think the INTERNET permission will be enforced as expected.
I am not familiar with iOS internals, but does "very little IPC" mean "zero IPC"? Because if we are talking IPC in the context of bypassing permission checks, I imagine, 'very little' doesn't cut it?
It would severely depend on how you categorize "most apps" because I would say I pretty much only use apps that need the Internet, barring Calculator, Camera, and a PDF reader (only because I prefer how it zooms books vs browser. Everything else implicitly needs the Internet as that app is just a better UI to using their mobile web site, if they even offer one.
But yes, agreed it should be everywhere.
(Yes, you can disable network access to Play Services, but it sometimes breaks things and the general point of IPC as a hole still stands.)
They were designed so multiple people could use one device.
Some people use them to separate identities or contain apps they view as bad. I'm not sure if the efficacy of this.
Grapheneos improves them significantly https://grapheneos.org/features#improved-user-profiles
https://grapheneos.org/features#improved-user-profiles
They also added the sensors permission.
Problem is there's no way for users to actually know that. iOS has no "this app can't reach the internet" indicator, so the whole guarantee is invisible. I even had people assume the opposite — app reads your whole library, therefore it must be uploading it somewhere. Exactly backwards.
This is the Apple mindset. Make things easy. Do not make things complicated.
Citation needed.
Looking through my phone the vast majority of third party apps I have installed obviously require internet access:
- Social media
- Travel (rideshare/airlines/hotels)
- Streaming
- Finance (credit cards/banks)
- Shopping
Not counting built-in apps like the calculator I'd estimate 80-90% of the apps I have installed require internet access.
- Photo/Video editors - Snapsheed, Lightroom, Video trimmers etc.
- Document readers & scanners - PDF viewers, e-readers, OCR scanners
- Note taking - Obsidian
- File/Password managers - Authenticators etc.
- Single player games - Chess, puzzles etc.
- Audio/Video players - VLC players
We've just become conditioned to accept that every app needs to phone home for tracking and ad-delivery.
PDF viewers (like GoodReader) can download a PDF from a URL, or read it from a network drive.
Obsidian has functions that need internet access (e.g., connecting to the Obsidian sync servers, installing community plugins).
Password managers often have a sync feature.
A video player may be able to play files hosted on remote servers or network drives.
They should be useable without an internet connection, but it's entirely reasonable for them to request permissions for network access.
To make it worse, Apple's naming undermines consciousness about this issue, since they have an option to block cross-app/site tracking (which IIRC blocks access to the advertising identifier), but called it "Allow Apps to Request to Track". A lot of people seem to hold the belief that disabling this option blocks all in-app trackers. It just blocks one way to correlate, but as this app shows, there are other ways to correlate (as well as correlating server-side using IP addresses, etc.).
On this topic, I somehow missed that Apple added a generic URL filtering API to macOS/iOS 26, which extends Safari filtering to the whole OS (well, as long as apps are using Apple's APIs). It's not perfect, but a nice addition to DNS-based blocking:
https://adguard.com/en/blog/apple-url-filter-system-wide-fil...
The author of Wipr added support to Wipr 2 as an extra in-app purchase:
https://kaylees.site/wipr2-whats-new.html#filtr
Aside from technical methods to address this, all this in-app tracking must be a violation of the GDPR, no? I can't imagine this all falls under legitimate interest.
Probably, but we're gonna have to wait for the courts to weigh in for a definitive answer.
Same with the very popular pay-or-accept-tracking model. An Austrian court found it illegal, but we'll probably have to wait for a case to make it all the way to the ECJ.
They give that one completely up to businesses, then, to devs. They also thought they should let an app maker prohibit screen recording, which might promote development since it protects revenue of e.g. subtitling apps as one example. But end result is you even end up with a black screen when recording the iPhone Mirroring app from a Mac.
Apple owes us a better balance here. iCloud Private Relay for all apps (why only Safari?! and Mail and HTTP) as a start, and plugging some of the privacy holes Loupe exposes. They don’t want us abusing free trials I suppose.
Edit: It's not a last modified timestamp, it's a volume creation timestamp: https://github.com/mysk-research/loupe/blob/2262efd4456ecba8...
If you want someone to pay for an app, don't make it free with in-app purchases. This is not something allowing for the OS to provide a unique identifier that can be abused available to app developers. App developers cannot be trusted. At. All. Ever.
In the U.S., device setup time (to the second) very conservatively gets you clubbed into a single group of 100 individuals as an "advanced persistent threat" tracker. Even compressing activations to "80/20 during business hours" the math kindof maxes out at a pool of ~5 people, and assuming worst case "20x" of that still means you're still pretty darned identifiable.
If you get ~6-8 more bits of entropy (eg: Device Type + Capacity is easily 2-3 bits, and Time Zone is probably another 2-3 bits) you're cooked!
If you use a closed source browser. That’s the kinda shit they do.
The "Installed Apps Probe" leak also surprised me. It is better than the current state of Android, though.
And nothing stops from using reset it every day.
Any way to reset it as an end user? (Not enough awareness of the issue for search engines to find much.)
Apple added these restrictions because installed app lists can be used for fingerprinting and privacy invasive profiling.
And a data broker/aggregator can purchase such data from many (e.g. thousands) of apps and aggregate it, then sell it.
These days we have more modern and privacy protecting APIs for making content available to the system or other apps… but that doesn’t stop the profilers.
Since Android 11, Google copied the iOS model except Android is a bit more permissive and so you get a bit less privacy out of the box.
Thank you for the clarification!
You cannot provide a large list of unrelated applications since Apple rejects that during app review.
It does not need to be a large list though I think? You just need a small list that is very discriminative and adds enough additional entropy to uniquely identify you in combination with the other data leaked.
And this was heavily exploited by Facebook before Apple patched it
https://odysee.com/@techlore:3/permission-not-required-the-o...
https://www.youtube.com/watch?v=_n_SpEWtqog
https://inv.nadeko.net/watch?v=_n_SpEWtqog
https://techlore.tv/w/d7dh4P7y4dVngNoL7u7s3B
I built something similar, for the web. https://neberej.github.io/exposedbydefault/
Github: https://github.com/neberej/exposedbydefault
E.g. I had no idea a random app you install (and give no permissions to) instantly has a list of every app installed on the device (e.g. can infer whether you're dating [or cheating!] from presence of tinder/bumble/hinge). That alone seems instantly monetizable by unscrupulous actors via 'is-my-partner-cheating' as a service: charge $10 to give a probable answer.
It makes sense that there's some discovery mechanism - since Google loves to use it to prefer Chrome, GMail, etc when you're in one of their apps. I wish that there were more restrictions though where you only get implicit permission to query from apps that have the same developer ID. Maybe a mutual allowlist that has to be formed, or some sort of privileged intent where you at least have to tell Apple what's going on and that gives them some contractual right to sanction you if you're using it for nefarious purposes instead.
[1] excluding the clipboard copy count, that was novel!
So your partner only needs to have had 1 single app from the list that sells user data to a data aggregator for this to work. They do not need to have installed some special app.
Here's a random Slate article about apps getting your data and selling it to aggregators/brokers, who sell it to third-parties (you, or I, could be one of those third parties).
> How Shady Companies Guess Your Religion, Sexual Orientation, and Mental Health And sell that data to the highest bidder.
https://slate.com/technology/2023/04/data-broker-inference-p...
https://en.wikipedia.org/wiki/Stalkerware
But if you can get actually get this data, maybe try to do this on yourself and write a blogpost about it. I highly doubt you’ll be able to.
That said, I agree with the rest of your point - you’re not going to go to a developer and offer them $100 for this data on a person (and if you could, you’d still need to tell them which person, which if you could do you could just get the data yourself)
https://www.npr.org/sections/alltechconsidered/2014/09/15/34...
It’s crazy to me that people are being so skeptical of the idea. A lot of people share their logins freely with their spouses. I have never done it nor would I condone it, but it would be trivial for me to install spyware on the devices of many people I know, because they rightfully trust me. Not only do I know some of their device passwords¹, being “the computer guy” I could just outright ask for it or get them to input it anywhere while fixing some issue they have.
¹ And many more I have forgotten, because I make it a point to not record them, even mentally.
Thank you!
> information such as apps installed
This is what surprised me too, but if you read their hint, it’s not like list API. They probe various ‘open URL in app’ to see what apps registered them, so are installed. I guess this i) won’t allow you to track apps that don’t have ‘open in app’ urls, and ii) probably hard to limit without affecting UX
> number of copy actions
This is odd, yeah, not sure why is it exposed
> last wipe
They deduce this from the volume creation date. Probably possible to hide, but also not really that important, at least to me. Fingerprinting will work with way fewer info anyway
To summarize, I think iOS is still very solid in terms of involuntary info exposure (if you trust Apple itself). Most of really sensitive info requires separate permissions. Yes, you can harden it further, but that will be more like a paranoid mode
It seems a bit quixotic, but anything that goes against $_BIGCORP is tilting at windmills, anyway.
Of course, the one narrative I almost never hear, no matter who it is, is "Simply don't collect any extra data."
It's that simple. If you don't have the data, your app could be Swiss cheese, and no one can get anything dangerous.
But, in today's tech world, data is money, so every app and Web site out there, goes to any length, to hoover up as much data as possible.
I regularly get prompted to join "teams," and "leaderboards," or do "challenges," on my solitaire games.
Fighting devs being able to make money in this manner is not dissimilar to getting made a drug dealers. As long as users want their product, they will sell the product.
> Loupe also builds for macOS. The Mac version is mostly complete, but a few things still need work before it's polished.
I got that feeling just seeing the title use "native" as a synonym of "not a website".
More APIs, less friction selling stuff, business presence right on the homescreen.
Fingerprinting is extensively used and can't be defeated without a decent hit to browsing experience. Mullvad and Tor browser are likely the best at anti-fingerprinting.
The only completely reliable way to avoid this tracking is by not visiting websites with fingerprinting. A tool that can help with this is LibRedirect which redirects you from sites like Twitter to privacy front ends like xcancel.
The extensive web tracking is detrimental to privacy, but it doesn't compel you to add additional PII like phone numbers, which is much worse than cross-site tracking for a surveillance capitalism threat model.
I have not spent a lot of time thinking about why certain things like 50 apps install queries, boot volume timestamps, etc are provided to developers. But I think Apple will close these loopholes.
Also love the idea of outbound network connections being disabled by the user per app
iPhone
I am against cars for the most part, but I can’t just get rid of my car. In this case, I can’t get rid of Slack (and other apps) because of work and unfortunately I do not work at a company that will buy me a work phone for work things.
Ultimately this has to start at a more root level. We need to claw back privacy.
I have a LG modern TV. Smart shit. I also use a Linux install on a NUC. HDMI.
For some godsdamned reason, the TV was able to initiate an IP bridge with the Linux NUC and get an IP address on my network.
Nobody typed it in the TV. And I'm unsure how it did so itself.
What I do know is that Mikrotik allows DHCP-server blocks of wildcard MAC addresses. Blocked the whole fucking 24 bits of their allocation.
AND if it does get back online, I also shitcanned its routing on the IP side based on hostname.
People always say, "jUsT dO nOt CoNnEcT your TV to you WiFi" which is asinine.
People say that theoretically TVs can get an internet connection through HDMI, but apparently none are actually doing so.
The only solution I suggest is physically removing WiFi cards from the guts before turning on.
What?! How on earth would this work?
https://en.wikipedia.org/wiki/HDMI#Version_1.4
Apple should be ashamed that they aren't putting effort to randomize these fingerprints....
But very cool.