Unauthorized Surveillance: iPhone Ads and Push Notifications Exploited for Data Collection

Update: 2024-01-26 11:27 IST

 In a surprising turn of events, reports have exposed the illicit use of iPhone's in-app ads and push notifications for spying on users and clandestinely collecting sensitive information. Apple, known for its stringent security measures and user protection features, faces a major security breach as these features are exploited for unethical purposes. Two distinct reports shed light on the alarming revelations surrounding the misuse of iPhone functionalities for unauthorized data surveillance.

The first report, as disclosed by 9to5Mac, exposes how in-app ads on iPhones are employed to spy on users. These ads gather sensitive details, which are then transmitted to security services, as reported by 404media. The second report highlights the exploitation of push notifications services by popular apps like Facebook, TikTok, FB Messenger, Instagram, Threads, and others. These apps exploit a vulnerability in push notifications, allowing them to collect users' data without their explicit consent. While the iPhone allows app providers to customize push notifications, these companies have been misusing this feature for their ulterior motives.

This unethical practice gained traction after Apple tightened its regulations, requiring companies to seek explicit user permission before tracking their activities. Subsequently, companies resorted to alternative methods, including the controversial "device fingerprinting" technique.

Security researchers at Mysk detailed how iPhone features are exploited for surveillance, noting that many apps use this opportunity to silently send detailed device information in the background. Information such as system uptime, locale, keyboard language, available memory, battery status, and device model is surreptitiously acquired by these apps.

Responding to the security concerns, both Apple and Google have taken measures to address the issue. Apple has announced new rules, set to be implemented in Spring 2024, requiring developers to declare reasons for using APIs that return unique device signals, commonly used for fingerprinting. On the other hand, Google severed ties with a company employing device fingerprinting to track users, emphasizing a commitment to user privacy and security.

As the tech giants take steps to counteract these breaches, users are reminded to stay vigilant and be cautious about granting permissions, ensuring their digital security and privacy.

Tags:    

Similar News