Click to Skip Ad
Closing in...

Here’s how Facebook, X, TikTok, and more harvest your iPhone data with just a push notification

Published Jan 25th, 2024 10:11AM EST
iPhone data stolen by third-party notifications
Image: José Adorno for BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Apple always states that “privacy is a fundamental human right” and does everything to keep user’s data safe from third-party apps and developers trying to sell this information to others. While Apple itself doesn’t consider the way it collects data harmful, as it wants to bring “personalized content” to its customers, it’s impossible to say that its operating systems can always prevent third-party apps from tracking our usage.

Mysk researchers recently published a study showing how Facebook, X, TikTok, LinkedIn, Bing, and many other apps use a ” Fingerprinting ” technique to harvest data from your iPhone with just a push notification.

In a short YouTube video, they explain how data-hungry apps use the background execution time allocated by iOS to customize notifications to send app analytics. Interestingly, apps on iOS don’t run in the background, mostly due to privacy and performance. This is why background execution time is very restricted for developers.

But starting with iOS 10, Apple added a feature that allows apps to customize push notifications even if they are not running. Mysk researchers explain that “iOS wakes the app in the background when it receives a notification and allows a limited time to customize the notification before it is presented to the user. This includes decrypting an encrypted payload and downloading additional content to enrich the notification. Once the app hands in the customized notification to the system or the background time allocated runs out, the app is terminated,” the researchers explain.

With that, these data-hungry apps can identify unique signals about the user’s iPhone data that allow for fingerprinting and tracking across different apps developed by different developers.

What is Apple doing about that? What can I do to prevent third-party developers from accessing my iPhone data?

Mysk reiterates that Apple does not allow fingerprinting with customers’ iPhones, and it will require that developers declare why their apps need access to APIs that provide signals commonly used for this practice.

For now, all you can do is turn off notifications from some of these apps, as this way, they can’t use this practice to get your iPhone’s data.

You can find the video Mysk published about how push notifications can send your iPhone data to third-party developers:

José Adorno Tech News Reporter

José is a Tech News Reporter at BGR. He has previously covered Apple and iPhone news for 9to5Mac, and was a producer and web editor for Latin America broadcaster TV Globo. He is based out of Brazil.

Latest News