Some Popular iOS Apps Collect Sensitive User Data, Violating Apple’s Terms
Several widely used iOS apps have been found to collect sensitive information about the devices they’re installed on, going against Apple’s terms of service. This discovery has sparked concerns as app vendors can potentially use this data to profile and track users. Researchers have highlighted the critical nature of this violation, as it goes against Apple’s strict guidelines.
Background Processing Feature Opens Door for Data Collection
With the introduction of iOS 10, Apple allowed mobile apps to run in the background for processing push notifications. However, during this period, researchers discovered that some apps were gathering sensitive device data, including system uptime, locale, keyboard language, available memory, battery status, storage use, device model, and display brightness. This collection of data can potentially be used to fingerprint and track users, a breach of privacy.
Alarming Frequency of Data Gathering
Researcher Mysk conducted tests and found that the practice of collecting device information after receiving notifications is far more widespread than initially expected. Many apps were found to be abusing the privilege of serving push notifications, including popular apps like TikTok, Facebook, Twitter, LinkedIn, and Bing. Mysk’s findings were shared in a demo video on YouTube, highlighting the frequency at which apps send device information.
Apple Set to Take Action
Apple is aware of the issue and is reportedly taking steps to stop this practice within the next few months. The company plans to strengthen restrictions on the use of APIs that allow for device signals and will require app developers to provide explicit reasons for using these APIs. Failure to provide a satisfactory answer will result in denial of access to the App Store.
Users Advised to Disable Push Notifications
While Apple takes action against these app vendors, users concerned about their privacy are advised to disable push notifications. This measure will prevent the collection of sensitive device data and minimize the risk of being profiled by apps such as Facebook and others mentioned in the report.
Companies Yet to Respond
The companies implicated in this data collection controversy, including TikTok, Facebook, Twitter, LinkedIn, and Bing, have not yet commented on the findings. It remains to be seen how each of these companies will address the issue and ensure compliance with Apple’s terms of service.
Analyst comment
Positive news. Apple is taking action to stop the practice of collecting sensitive user data by strengthening restrictions and denying access to the App Store for non-compliant apps. Users are advised to disable push notifications to protect their privacy. Implicated companies have not responded yet.
