"The frequency at which many apps send device information...is mind-blowing" — popular iPhone apps are stealing your data using iOS push notifications, here's what you need to do to stay safe

Practice goes against Apple's terms of service, and the company is preparing to address the issue.

Jan 27, 2024 - 12:30
 0  37
"The frequency at which many apps send device information...is mind-blowing" —  popular iPhone apps are stealing your data using iOS push notifications, here's what you need to do to stay safe

Some of the most popular iOS apps have been found to be working around Apple’s terms of service to collect sensitive information about the devices they’re installed on. 

According to the researcher that discovered the practice, this is a big deal because the app’s vendors can use this data to profile, and subsequently track, their users, which is a big no-no for Apple.

As explained by Mysk on X, with iOS 10, Apple allowed mobile apps to run in the background in order to process, and later serve, push notifications. As soon as the process is complete, the apps are suspended again, and later terminated, for better performance and security. But during this small timeframe, some apps were observed collecting sensitive device data. That includes system uptime, locale, keyboard language, available memory, battery status, storage use, device model, and display brightness. All this, Mysk argues, can be used to fingerprint (profile) users, and later track them.

Apple's move

"Our tests show that this practice is more common than we expected. The frequency at which many apps send device information after being triggered by a notification is mind-blowing," Mysk's X post noted.

There are many apps that abuse the privilege of serving push notifications to mobile users, apparently, including the likes of TikTok, Facebook, Twitter, LinkedIn, and Bing, the researcher said in a demo video posted on YouTube.

In its writeup, BleepingComputer reached out to Mysk, who confirmed that Apple is planning on putting a stop to this practice in a few months. 

Apparently, in the near future, Apple will tighten the restrictions on using APIs for device signals and will demand app developers to state exactly why they need to use APIs that can lead to user profiling. Developers that fail to provide a satisfactory answer will be denied access to the App Store. 

In the meantime, if you’re worried about being profiled by Facebook and the gang, make sure to disable push notifications completely. 

The companies mentioned in the report have not yet commented on Mysk’s findings.

More from TechRadar Pro