←back to thread

Everyone knows your location: tracking myself down through in-app ads

(timsh.org)
1957 points apokryptein | 1 comments | 02 Feb 25 17:07 UTC | HN request time: 0.22s | source
Show context
araes ◴[02 Feb 25 20:40 UTC] No.42911571[source]
Parts I found relevant:

  - It was a clean state of a somewhat old phone (iPhone 11, factory defaults + new apple id)
  - A single (old) app was installed (Stack by KetchApp, 10-12 years old)
  - Was sending out an update a second pretty much instantly (5 kB - ~300 KB every second)
  - Within a minute: IP, Lat / Lon, country, phone model, carrier / network operator, vendor, OS version, connection type (wifi), headphone status (?), volume setting (?), screen brightness setting (?), battery status (?), CPU count, system RAM, free RAM allocation, free hard drive capacity, system boot time (?)
Might as well just screen grab the Task Manager equivalent and hand it to them. Have better, quicker data about my own current RAM allocation and free hard space than I do. It hands them when the system booted for an ad? The headphone, volume, brightness, and battery was just "what" kind of headshake about invasiveness. Somebody'd hand wave they need it (we want it, we want it). They obviously don't.

Edit: It's almost Remote Desktop, on an iPhone. Realtime (~1 Hz) RAM / ROM allocation. Not sure how many Apple user even know how to check their realtime RAM / ROM allocation. The free hard drive space especially is just asking for botnet downloads.

Edit: Right, and ... disabling tracking doesn't mean anything because numerous updates blatantly ignore the setting ("uc": "1", // User consent for tracking = True;) and it's just a flag while they still send your vendor specific customer identifier anyways.

Really interesting article, and great investigation, just disturbing how much on an effectively clean phone.

replies(2): >>42911634 #>>42911652 #
TheJoeMan ◴[02 Feb 25 20:47 UTC] No.42911652[source]
I dislike that as a developer, knowing something like the headphone status could be useful for the functionality of the app. But some other unscrupulous person is just exfiltrating it! This is part of the reason I agree with Apple’s stand against apps with sub-apps/“desktop like” due to not fine-grained enough permission settings. There is a significant privacy downside to “superapps” and now Elon is pushing for the X everything app.
replies(1): >>42914394 #
1. wkat4242 ◴[03 Feb 25 02:51 UTC] No.42914394[source]
Yeah and if you ask for permission for every little thing then users are going to get bombarded even when it's needed for legit purposes. It's a difficult tradeoff to make, even if you want to do the right thing (and I'm not really sure that Apple and especially Google really do)