←back to thread

Everyone knows your location: tracking myself down through in-app ads

(timsh.org)
1957 points apokryptein | 4 comments | 02 Feb 25 17:07 UTC | HN request time: 0s | source
Show context
qingcharles ◴[02 Feb 25 20:40 UTC] No.42911578[source]
One big privacy issue is that there is no sane way to protect your contact details from being sold, regardless of what you do.

As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.

And I buy this stuff. Every time I need customer service and I'm getting stonewalled I just go onto a marketplace, find an exec and buy their details for pennies and call them up on their cellphone. (this is usually successful, but can backfire badly -- CashApp terminated my account for this shenanigans)

replies(33): >>42911665 #>>42911679 #>>42911714 #>>42911768 #>>42911810 #>>42911853 #>>42911874 #>>42912408 #>>42912465 #>>42912852 #>>42912979 #>>42913150 #>>42913418 #>>42913708 #>>42913974 #>>42914004 #>>42914803 #>>42914807 #>>42915963 #>>42916052 #>>42916619 #>>42916711 #>>42916764 #>>42917374 #>>42918405 #>>42918914 #>>42918920 #>>42920277 #>>42920369 #>>42920873 #>>42920949 #>>42940036 #>>42967302 #
gruez ◴[02 Feb 25 20:59 UTC] No.42911768[source]
>One big privacy issue is that there is no sane way to protect your contact details from being sold, regardless of what you do.

>As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.

Fortunately this is changing with iOS 18 with "limited contacts" sharing.

https://mobiledevmemo.com/wp-content/uploads/2024/09/image.p...

The interface also seems specifically designed to push people to allow only a subset of contacts, rather than blindly clicking "allow all".

The far bigger issue is the contact info you share with online retailers. Scraping contact info through apps is very visible, drawing flak from the media and consumers. Most of the time all you get is a name (could be a nickname), and maybe some combination of phone/email/address, depending on how diligent the person in filling out all the fields. On the other hand placing any sort of order online requires you to provide your full name, address, phone number, and email address. You can also be reasonably certain that they're all accurate, because they're plausibly required for delivery/billing purposes. Such data can also be surreptitiously fed to data brokers behind the scenes, without an obvious "tiktok would like access to your contacts" modal.

replies(8): >>42911926 #>>42912101 #>>42912892 #>>42913397 #>>42915871 #>>42915947 #>>42916008 #>>42916767 #
sneak ◴[02 Feb 25 23:15 UTC] No.42912892[source]
How about a no/limited internet setting? So many apps spy on you and they don’t need network at all to function.
replies(6): >>42913719 #>>42914019 #>>42914515 #>>42914675 #>>42915425 #>>42915448 #
dylan604 ◴[03 Feb 25 01:46 UTC] No.42914019[source]
Until the app's devs get wise to this, and do not allow the app to function without the network access. It could be as simple as a full screen, non-closable screen that says the app requires network access with a button to the proper setting to correct the issue.
replies(3): >>42914079 #>>42914151 #>>42914837 #
ryandrake ◴[03 Feb 25 02:05 UTC] No.42914151[source]
Such "go away" screens are in violation of Apple's AppStore rules. You cannot make a permission a condition of using the app, and stop the user from using it if they don't grant that permission. The app should gracefully do as much as it possibly can without the permission.
replies(2): >>42914415 #>>42916029 #
1. maeil ◴[03 Feb 25 02:55 UTC] No.42914415{5}[source]
This holds for every app and every permission? Because I'm quite sure I recently used an app that closed for not allowing a permission. May be misremembering..
replies(1): >>42914762 #
2. ryandrake ◴[03 Feb 25 03:52 UTC] No.42914762[source]
5.1.1 (iv) Access: Apps must respect the user’s permission settings and not attempt to manipulate, trick, or force people to consent to unnecessary data access. For example, apps that include the ability to post photos to a social network must not also require microphone access before allowing the user to upload photos. Where possible, provide alternative solutions for users who don’t grant consent. For example, if a user declines to share Location, offer the ability to manually enter an address.

https://developer.apple.com/app-store/review/guidelines/

This wording is actually a lot weaker than I remember it back when I wrote iOS apps. The developer also was not allowed to exit the app or close it against the user’s intent, however I can’t find that rule anymore.

replies(2): >>42915031 #>>42915175 #
3. maeil ◴[03 Feb 25 04:35 UTC] No.42915031[source]
Yeah, "unnecessary" is the word that may as well render the whole section moot unless it's actually properly enforced. If I can remember I'll test it today and see how it goes.
4. zzo38computer ◴[03 Feb 25 05:07 UTC] No.42915175[source]
I agree with these guidelines (although they could be improved), although I think that some things could be done by the implementation in the system, too.

> For example, if a user declines to share Location, offer the ability to manually enter an address.

This is a reasonable ability, but I think that the operating system should handle it anyways. When it asks for permission for your location, in addition to "allow" and "deny", you can select "manually enter location" and "custom" (the "custom" option would allow the user to specify their own program for handling access to that specific permission (or to simulate error conditions such as no signal); possibly the setting menu can have an option for "show advanced options" before "custom" will be displayed, if you think it would otherwise make it too complicated).

> that include the ability to post photos to a social network must not also require microphone access before allowing the user to upload photos

This is reasonable, that apps should not be allowed to require microphone access for such a thing.

However, sometimes a warning message makes sense but then to allow it anyways even if permission is not granted; e.g. for a video recording program, it might display a message about "Warning: microphone permission is not allowed for this app; if you proceed without enabling the microphone permission, the audio will not be recorded." Something similar would also apply if you denied camera permission but allowed microphone permission; in that case, only audio will be recorded. It might refuse to work if both permissions are denied, though.