alt Hacker NewsLoupe – A iOS app that raises awareness about what native apps can see
Comments
I don't understand why internet access isn't opt-in for apps. Preventing exfiltration would prevent much of this harm, and most apps don't have any need to access the internet in the first place. Why am I creating a GE account to read my blood pressure? At least I know it's taking advantage of me. But this is clearly abusive behavior
Damn. The "iPhone last setup or erased on ..." is really nasty. What can a user really do about that? I feel like this should be fudged somehow by the OS.
Volume creation date is pretty egregious. I don't see any reason that and Pasteboard changeCount should be so granular.
The "Installed Apps Probe" leak also surprised me. It is better than the current state of Android, though.
Is something similar already available for Android phones?
Why does a random app (with no special permissions given to it) get access to so much info, and why doesn't Apple tell users this (important) info? Why can't Apple make a long list of check boxes so users can dis/allow on a per-category and per-app basis?
E.g. I had no idea a random app you install (and give no permissions to) instantly has a list of every app installed on the device (e.g. can infer whether you're dating [or cheating!] from presence of tinder/bumble/hinge). That alone seems instantly monetizable by unscrupulous actors via 'is-my-partner-cheating' as a service: charge $10 to give a probable answer.
This is excellent. Seeing this makes me appreciate how much visual awareness tools like this are needed.
I built something similar, for the web. https://neberej.github.io/exposedbydefault/
For anyone without an iPhone or doesn't want to install the app you can see a demo here (same video different platforms):
https://odysee.com/@techlore:3/permission-not-required-the-o...
https://www.youtube.com/watch?v=_n_SpEWtqog
Privacy is a real issue! Does the iOS allow an ext dev app to read its system info? If yes, does it easily comply?
/me wonders of the privacy label should actually mention that it reads everything and the kitchen sink!!!
This is why I avoid installing apps and don’t have a lot of them.
Sweet, been wanting this a while. Just mentioned last month and here it is! https://news.ycombinator.com/item?id=48187972
Yea, it's infuriating that most of the HN crowd thinks the apps are better then web. Apps can spy on you way more than web. It's the reason every website says "please download the app". If it was better for them to spy on you via the website they wouldn't ask you to download the app.
This is neat and interesting, truly, but the classic “what now?” emerges. I guess the only answer is “throw out my iPhone”? Otherwise this kind of seems like a circuitous ad to make people get worried and download Psylo, which I see has in-app purchases. I’m not trying to come at you here, but it’s just hard not to feel suspicious online these days.
this is fantastic, just great really, and honestly makes one stick out so easily, reminfs me a lot of that license plate xkcd
Apps like TikTok can know which username we logged in with, even if we uninstall and reinstall the app. This is egregious, as many companies like Facebook have SDKs embedded in many apps, allowing them to accurately interconnect user activity.
Apple should be ashamed that they aren't putting effort to randomize these fingerprints....
[flagged]
[flagged]
It's likely to be trolled by the WPA folks, who will insist that WPAs are just as insecure as native apps, so there's no difference ...
But very cool.
One correction to some comments here: an iOS app cannot list all apps that are installed. You can only check for specific apps/schemes (LSApplicationQueriesSchemes) by specifying apps you are looking to query for installation status or open. You cannot provide a large list of unrelated applications since Apple rejects that during app review.
Apple added these restrictions because installed app lists can be used for fingerprinting and privacy invasive profiling.