🚨🎬 Privacy Concerns about Apple Push Notifications
TL;DR: data-hungry apps use push notifications as a trigger to send app analytics and device information to their remote servers, even if the apps aren't running at all on your iPhone. Such apps include TikTok, Facebook, FB Messenger, Instagram, Threads, X, and many more.
The simplest way to avoid privacy-violating app analytics from these apps is to refuse to use Facebook, TikTok, FB Messenger, Instagram, Threats, X, Linkedin, and other social media platforms that want to turn you into a cash cow for their own profit.
(This works for me. I'm stubborn that way: it's not for everyone.)
2/9
iOS apps don't have the luxury of running in the background. For reasons mostly related to privacy and performance, iOS suspends and eventually terminates any app that is not active. This is how iOS is designed. But starting in iOS 10, iOS added a new feature that allows apps to customize their push notifications even if they are not running.
.. 🧵
3/9
When an app receives a push notification, iOS wakes the app in the background and allows it a limited time to customize the notification before it is presented to the user. This is very helpful for apps to perform tasks related to the notification such as decrypting the notification payload or downloading additional content to further enrich the notification before iOS presents it to the user. And as soon as the app finishes customizing the notification, iOS terminates it.
.. 🧵
4/9
The ability to execute tasks in the background is a gold mine for data-hungry apps. Unsurprisingly, many social apps notorious for their aggressive data harvesting practices are taking advantage of the background execution time enabled by push notifications.
In fact, developers can harness this workaround to run code in the background on demand.
.. 🧵
5/9
All they have to do is send push notifications to their users. As a result, iOS would wake their app in the background on every device, then the app runs whatever code the developer has built into the app.
According to Apple documentation, the intended purpose of waking an app in the background is all about allowing the app the chance to customize its notifications.
.. 🧵
However, many apps are using this feature as an opportunity to send detailed device information while running quietly in the background.
This includes: system uptime, locale, keyboard language, available memory, battery status, device model, display brightness, to mention a few. Such signals are commonly used for fingerprinting and tracking users across different apps developed by different developers. Fingerprinting is strictly prohibited on iOS and iPadOS.
.. 🧵
7/9
Our tests show that this practice is more common than we expected. The frequency at which many apps send device information after being triggered by a notification is mind-blowing. Some Apps, like Facebook and TikTok, also send data when clearing their notifications in Notification Center.
As far as data handling is concerned, apps take different approaches to send and store the data.
.. 🧵
Add comment