Connect with us

Media

How iPhone Push Notifications Leak User Data

In a new video highlighting the practice, Mysk discussed how some iOS apps are taking advantage of a feature introduced in iOS 10 that allows apps to customize push notifications.

Security researcher Tommy Mysk has demonstrated how iPhone push notifications can be used by popular apps to covertly send user data.

In a new video highlighting the practice, Mysk discussed how some iOS apps are taking advantage of a feature introduced in iOS 10 that allows apps to customize push notifications. The feature, originally intended to allow apps to enrich notifications with additional content or decrypt encrypted messages, seems to have been used by some developers for other activities. According to Mysk’s findings, various popular apps, including TikTok, Facebook, Twitter, LinkedIn, and Bing, are using the short background execution time provided for such notification customization to send analytics information.

This practice is particularly troubling because it circumvents the typical restrictions iOS places on app background execution. Apple has always strictly controlled apps running in the background to protect user privacy and ensure optimal device performance. However, the push notifications feature seems to have inadvertently given apps a backdoor to background data transfer.

The type of data transmitted includes unique device data that can be used for fingerprinting and tracking users in various applications. Fingerprinting is a method of collecting specific information about a device, such as its hardware and software configuration, to create a unique user identifier. This identifier can be used to track a user’s actions, which can then be used for a variety of purposes, such as targeted advertising.

Apple does not allow such data collection and will soon require developers to clearly state why their apps need access to APIs that are often used for fingerprinting. The move comes as part of Apple’s efforts to strengthen user privacy, such as the introduction of in-app tracking transparency in iOS 14.5, which requires apps to get a user’s permission before tracking their actions in apps and on websites.

Advertisement

Trending