Most active commenters
  • miki123211(3)

←back to thread

Everyone knows your location: tracking myself down through in-app ads

(timsh.org)
1957 points apokryptein | 22 comments | 02 Feb 25 17:07 UTC | HN request time: 0.001s | source | bottom
Show context
qingcharles ◴[02 Feb 25 20:40 UTC] No.42911578[source]
One big privacy issue is that there is no sane way to protect your contact details from being sold, regardless of what you do.

As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.

And I buy this stuff. Every time I need customer service and I'm getting stonewalled I just go onto a marketplace, find an exec and buy their details for pennies and call them up on their cellphone. (this is usually successful, but can backfire badly -- CashApp terminated my account for this shenanigans)

replies(33): >>42911665 #>>42911679 #>>42911714 #>>42911768 #>>42911810 #>>42911853 #>>42911874 #>>42912408 #>>42912465 #>>42912852 #>>42912979 #>>42913150 #>>42913418 #>>42913708 #>>42913974 #>>42914004 #>>42914803 #>>42914807 #>>42915963 #>>42916052 #>>42916619 #>>42916711 #>>42916764 #>>42917374 #>>42918405 #>>42918914 #>>42918920 #>>42920277 #>>42920369 #>>42920873 #>>42920949 #>>42940036 #>>42967302 #
gruez ◴[02 Feb 25 20:59 UTC] No.42911768[source]
>One big privacy issue is that there is no sane way to protect your contact details from being sold, regardless of what you do.

>As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.

Fortunately this is changing with iOS 18 with "limited contacts" sharing.

https://mobiledevmemo.com/wp-content/uploads/2024/09/image.p...

The interface also seems specifically designed to push people to allow only a subset of contacts, rather than blindly clicking "allow all".

The far bigger issue is the contact info you share with online retailers. Scraping contact info through apps is very visible, drawing flak from the media and consumers. Most of the time all you get is a name (could be a nickname), and maybe some combination of phone/email/address, depending on how diligent the person in filling out all the fields. On the other hand placing any sort of order online requires you to provide your full name, address, phone number, and email address. You can also be reasonably certain that they're all accurate, because they're plausibly required for delivery/billing purposes. Such data can also be surreptitiously fed to data brokers behind the scenes, without an obvious "tiktok would like access to your contacts" modal.

replies(8): >>42911926 #>>42912101 #>>42912892 #>>42913397 #>>42915871 #>>42915947 #>>42916008 #>>42916767 #
1. sneak ◴[02 Feb 25 23:15 UTC] No.42912892[source]
How about a no/limited internet setting? So many apps spy on you and they don’t need network at all to function.
replies(6): >>42913719 #>>42914019 #>>42914515 #>>42914675 #>>42915425 #>>42915448 #
2. coin ◴[03 Feb 25 01:03 UTC] No.42913719[source]
I would love an iOS setting that blocks all network access for certain apps
3. dylan604 ◴[03 Feb 25 01:46 UTC] No.42914019[source]
Until the app's devs get wise to this, and do not allow the app to function without the network access. It could be as simple as a full screen, non-closable screen that says the app requires network access with a button to the proper setting to correct the issue.
replies(3): >>42914079 #>>42914151 #>>42914837 #
4. wkat4242 ◴[03 Feb 25 01:55 UTC] No.42914079[source]
Yeah like the ChatGPT app that doesn't work without a Google account. I have Google play on my phone, just no account logged in. I do have Google play services like firebase push which many apps legitimately need. But ChatGPT just opens the login screen in the play store and exits itself.

I'm always wondering why these idiots force the creation of an account with their direct competitor. It's the only app I have that does this. But anyway I don't use their app for that reason, only use them a bit through API.

replies(1): >>42930187 #
5. ryandrake ◴[03 Feb 25 02:05 UTC] No.42914151[source]
Such "go away" screens are in violation of Apple's AppStore rules. You cannot make a permission a condition of using the app, and stop the user from using it if they don't grant that permission. The app should gracefully do as much as it possibly can without the permission.
replies(2): >>42914415 #>>42916029 #
6. maeil ◴[03 Feb 25 02:55 UTC] No.42914415{3}[source]
This holds for every app and every permission? Because I'm quite sure I recently used an app that closed for not allowing a permission. May be misremembering..
replies(1): >>42914762 #
7. eudhxhdhsb32 ◴[03 Feb 25 03:14 UTC] No.42914515[source]
GrapheneOS has that. It asks every time you install a new app whether it should have network permissions.
8. hellojesus ◴[03 Feb 25 03:38 UTC] No.42914675[source]
Grapheneos lets you pick this for apps before they even launch. You can revoke their network access, as well as define storage scopes for apps at a folder level, so if an app needs access to photos, you can define a folder, and that is the only folder it can scan for photos.

I used that when submitting parental leave at work. I didn't want to provide full access to all my photos and files for work, so all they got was a folder with a pic of a birth certificate.

replies(2): >>42914829 #>>42919028 #
9. ryandrake ◴[03 Feb 25 03:52 UTC] No.42914762{4}[source]
5.1.1 (iv) Access: Apps must respect the user’s permission settings and not attempt to manipulate, trick, or force people to consent to unnecessary data access. For example, apps that include the ability to post photos to a social network must not also require microphone access before allowing the user to upload photos. Where possible, provide alternative solutions for users who don’t grant consent. For example, if a user declines to share Location, offer the ability to manually enter an address.

https://developer.apple.com/app-store/review/guidelines/

This wording is actually a lot weaker than I remember it back when I wrote iOS apps. The developer also was not allowed to exit the app or close it against the user’s intent, however I can’t find that rule anymore.

replies(2): >>42915031 #>>42915175 #
10. miki123211 ◴[03 Feb 25 04:03 UTC] No.42914829[source]
iOS and Mac also let you do this, for photos, contacts and files.

Apple is also pushing developers toward using native picker components. That way, you don't need to request consent at all, as you only get access to the specific object that the user has picked using a secure system component.

replies(1): >>42916204 #
11. miki123211 ◴[03 Feb 25 04:04 UTC] No.42914837[source]
You can't do this, because some users are genuinely offline sometimes.
12. maeil ◴[03 Feb 25 04:35 UTC] No.42915031{5}[source]
Yeah, "unnecessary" is the word that may as well render the whole section moot unless it's actually properly enforced. If I can remember I'll test it today and see how it goes.
13. zzo38computer ◴[03 Feb 25 05:07 UTC] No.42915175{5}[source]
I agree with these guidelines (although they could be improved), although I think that some things could be done by the implementation in the system, too.

> For example, if a user declines to share Location, offer the ability to manually enter an address.

This is a reasonable ability, but I think that the operating system should handle it anyways. When it asks for permission for your location, in addition to "allow" and "deny", you can select "manually enter location" and "custom" (the "custom" option would allow the user to specify their own program for handling access to that specific permission (or to simulate error conditions such as no signal); possibly the setting menu can have an option for "show advanced options" before "custom" will be displayed, if you think it would otherwise make it too complicated).

> that include the ability to post photos to a social network must not also require microphone access before allowing the user to upload photos

This is reasonable, that apps should not be allowed to require microphone access for such a thing.

However, sometimes a warning message makes sense but then to allow it anyways even if permission is not granted; e.g. for a video recording program, it might display a message about "Warning: microphone permission is not allowed for this app; if you proceed without enabling the microphone permission, the audio will not be recorded." Something similar would also apply if you denied camera permission but allowed microphone permission; in that case, only audio will be recorded. It might refuse to work if both permissions are denied, though.

14. discostrings ◴[03 Feb 25 06:04 UTC] No.42915425[source]
Fully denying internet access for an app is actually in iOS and has been there for many years.

But it's only available in China.

https://tinyapps.org/blog/202209100700_ios_disable_wifi_per_...

15. n_plus_1_acc ◴[03 Feb 25 06:09 UTC] No.42915448[source]
Android can do this
16. jjcob ◴[03 Feb 25 08:11 UTC] No.42916029{3}[source]
Try signing in in any Google app without allowing data sharing with Safari. It's not possible. They don't let you.

It's kind of weird that Apple introduced this big fat tracking consent popup, but they don't really do anything to actually prevent cross-app tracking...

17. thaumasiotes ◴[03 Feb 25 08:43 UTC] No.42916204{3}[source]
> That way, you don't need to request consent at all, as you only get access to the specific object that the user has picked using a secure system component.

This is an interesting contrast with the earlier philosophy of phone OSes that the file system is confusing to users and they should never be allowed to see it.

replies(1): >>42916604 #
18. miki123211 ◴[03 Feb 25 09:49 UTC] No.42916604{4}[source]
They still (mostly) aren't.

From an user perspective, photos aren't files. Music isn't files. Contacts aren't files. Apps aren't files. App data isn't files.

The only things that "walk like a file and quack like a file" are documents, downloads, contents of external storage, network drives and cloud drives, and some Airdrop transfers.

Yes, it's technically possible to use the files app to store photos, music etc, but if you do that, "you're holding it wrong."

19. matheusmoreira ◴[03 Feb 25 15:19 UTC] No.42919028[source]
A big problem with GrapheneOS is the fact it only officially supports Google phones. Google is apparently incapable of selling those things globally, limiting availability.

There's also the fact hardware remote attestation is creeping into the Android ecosystem. There's absolutely no way to daily drive something like GrapheneOS if essential services such as banks and messaging services start discriminating against you on the basis of it. Aw shucks looks like your phone has been tampered with so we're just gonna deny you access to your account, try again later on a corporation owned phone.

GrapheneOS is amazing from a security and privacy perspective but it doesn't matter. The corporations will not tolerate it because it works against their interests. They will ban you from their services for using it. Unlike Google and Apple, they have no leverage with which to force the corporations to accept terms unfavorable to them.

replies(1): >>42933807 #
20. stavros ◴[04 Feb 25 09:28 UTC] No.42930187{3}[source]
It doesn't do that for me. There's a Google button, and then big sign up/log in buttons, and a non-Google email works fine.
21. ParetoOptimal ◴[04 Feb 25 15:42 UTC] No.42933807{3}[source]
Is a bank app on your phone essential? I've never had a bank app installed on my phone.
replies(1): >>42935120 #
22. sneak ◴[04 Feb 25 16:57 UTC] No.42935120{4}[source]
Yes. I would not be able to use my AmEx as effectively if I could not receive notifications (usually second factor for charges) in the app.