alt Hacker NewsI was surprised to see Apple exposing the device boot time. Not sure why a typical app would need this, and in a world in which iPhones are infrequently rebooted, the combination of this with other fields must indeed be very deterministic.
I was surprised to see Apple exposing the device boot time. Not sure why a typical app would need this, and in a world in which iPhones are infrequently rebooted, the combination of this with other fields must indeed be very deterministic.
Most ways to collect boot time are a "Required Reason API," so they declare through NSPrivacyAccessedAPITypeReasons, meaning AppLovin apps are (unsurprisingly) lying about what they are doing with the data. There's a fair amount of research into this, for example at https://mysk.blog/2024/05/03/apple-required-reason-api/ and https://blog.appicaptor.com/2025/02/05/apples-required-reaso... (which also documents a workaround that Apple's static analysis tools didn't detect at the time).
My general conclusion is: it's stupid that Apple continue to allow this and Trust Us Bro is not a good permission system to allow app developers do shady things, especially when research indicates that they are, unsurprisingly, doing shady things. Apple's static analysis based App Store approval system is also historically swiss-cheesey and I know they could do better. Overall, thematically a black mark on Apple, which has always been surprising for me because they tend to genuinely care about privacy in many other facets.