Security researcher Tommy Mysk has demonstrated how iPhone push notifications can be used by popular apps to covertly send user data.
In a new video highlighting the practice, Mysk discussed how some iOS apps are taking advantage of a feature introduced in iOS 10 that allows apps to customize push notifications. The feature, originally intended to allow apps to enrich notifications with additional content or decrypt encrypted messages, seems to have been used by some developers for other activities. According to Mysk’s findings, various popular apps, including TikTok, Facebook, Twitter, LinkedIn, and Bing, are using the short background execution time provided for such notification customization to send analytics information.
This practice is particularly troubling because it circumvents the typical restrictions iOS places on app background execution. Apple has always strictly controlled apps running in the background to protect user privacy and ensure optimal device performance. However, the push notifications feature seems to have inadvertently given apps a backdoor to background data transfer.
The type of data transmitted includes unique device data that can be used for fingerprinting and tracking users in various applications. Fingerprinting is a method of collecting specific information about a device, such as its hardware and software configuration, to create a unique user identifier. This identifier can be used to track a user’s actions, which can then be used for a variety of purposes, such as targeted advertising.
Apple does not allow such data collection and will soon require developers to clearly state why their apps need access to APIs that are often used for fingerprinting. The move comes as part of Apple’s efforts to strengthen user privacy, such as the introduction of in-app tracking transparency in iOS 14.5, which requires apps to get a user’s permission before tracking their actions in apps and on websites.
Mobile App Development Trends – 29.02
Working with dates and Codable, Fun with shapes in Compose, The missing guide to deep linking and more!
The open source StarCoder 2 model runs on regular GPUs
Companies are making more and more artificial intelligence-based code generators at an astonishing rate – services like GitHub Copilot and...
Google TV updates the homescreen
You may notice your apps taking a different shape on your Google TV For You screen.
Decompose – Kotlin Multiplatform lifecycle-aware business logic components with routing and pluggable UI
Decompose is a Kotlin Multiplatform library for breaking down your code into tree-structured lifecycle-aware business logic components (aka BLoC), with...
Mobile App Development Trends – 28.02
How to use VariadicView, Comprehensive Guide To Kotlin Context Receiver, OWASP Mobile Top 10 and more!
GitHub opens access to Copilot Enterprise
Copilot Enterprise includes all the features of the existing Business plan, including intellectual property indemnification, but extends it with a...