Apple asserts that privacy is a core value and strives to protect user data from third parties seeking to monetize it. Although Apple’s data collection methods are designed to enhance user experiences with personalized content, it’s not foolproof against third-party app tracking.
Research Unveils Data Harvesting Tactics
A recent study by Mysk researchers has uncovered that major applications such as Facebook, X, TikTok, LinkedIn, Bing, and others engage in a “Fingerprinting” process to extract data from iPhones through push notifications.
Exploiting iOS Features for Data Collection
These apps utilize the background execution time granted by iOS to tailor notifications and transmit app analytics, despite the general restriction of background app activity in iOS for privacy and performance reasons.
Since iOS 10, Apple has permitted apps to personalize push notifications without being active. The Mysk team detailed how apps receive a limited time to modify notifications upon receiving them, which includes decrypting content and fetching additional data. This window enables apps to collect unique identifiers from the iPhone, facilitating cross-app tracking and fingerprinting.
Apple’s stance is against the use of fingerprinting on its devices, and it requires developers to justify their need for API access that could be used for such activities. Currently, users can mitigate this risk by disabling app notifications, thereby preventing the data collection through this method.