“The frequency at which many apps send device information…is mind-blowing” — popular iPhone apps are stealing your data using iOS push notifications, here’s what you need to do to stay safe

Practice goes against Apple’s terms of service

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Some of the most popular iOS apps have been found to be working aroundApple’s terms of service to collect sensitive information about the devices they’re installed on.

According to the researcher that discovered the practice, this is a big deal because the app’s vendors can use this data to profile, and subsequently track, their users, which is a big no-no for Apple.

As explained byMyskon X, with iOS 10, Apple allowed mobile apps to run in the background in order to process, and later serve, push notifications. As soon as the process is complete, the apps are suspended again, and later terminated, for better performance and security. But during this small timeframe, some apps were observed collecting sensitive device data. That includes system uptime, locale, keyboard language, available memory, battery status, storage use, device model, and display brightness. All this, Mysk argues, can be used to fingerprint (profile) users, and later track them.

Apple’s move

Apple’s move

“Our tests show that this practice is more common than we expected. The frequency at which many apps send device information after being triggered by a notification is mind-blowing,” Mysk’s X post noted.

There are many apps that abuse the privilege of serving push notifications to mobile users, apparently, including the likes of TikTok, Facebook, Twitter, LinkedIn, andBing, the researcher said in ademo videoposted on YouTube.

In its writeup,BleepingComputerreached out to Mysk, who confirmed that Apple is planning on putting a stop to this practice in a few months.

Apparently, in the near future, Apple will tighten the restrictions on using APIs for device signals and will demand app developers to state exactly why they need to use APIs that can lead to user profiling. Developers that fail to provide a satisfactory answer will be denied access to the App Store.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In the meantime, if you’re worried about being profiled by Facebook and the gang, make sure to disable push notifications completely.

The companies mentioned in the report have not yet commented on Mysk’s findings.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption