I just don’t think it’s an effective way of solving the problem.
If internet access wasn't granted by default, a lot more apps would function without it.
Many other apps wouldn't exist at all, because their only reason to exist is to spy on users.
If you wanna go further, 20 years ago we didn’t have that much of distribution, users, or differences in software/hardware. Shipping speeds were also much slower.
Even if it's not the most effective way to raise awareness, it does put pressure on developers to be explicit about the connectivity requirements with users. It would also be a great way to audit an app's local-first / offline-first claim without having to do a network packet capture.
Want telemetry? Send it through Apple and Google. Given Apple's late history and latest trends in Android development, I see them both favoring this approach.
Apple could refuse to publish them, then. Isn't that why we are forced to go through the App Store? Because Apple ensures every app there works in the best interest of the user?
I just flat out think this is bullshit
Non-multiplayer games, clock, camera, contacts, phone, text message, file explorer, keyboard, launcher, notes, document viewer/editor, image viewer, audio recorder...
Most of the apps on my phone do not need internet access.
That said, I'd love to have a new "Internet access" permission for apps, so users had the choice. Perhaps even separate "Allow iCloud" and "Allow Internet" but that's probably too granular for Apple's taste.
I have no idea if this is what already happens, but I feel like it might be. (Why would each app have all these network connections when the system could just manage it instead?)
> you just don't use apps.
An app isn't an "app" if I don't install it?
I have banking "apps" and others which obviously do require internet access to function properly, but the hundreds of flashlight apps in the app store should not need the internet.
The app I use to back up my text messages and contacts does not need internet, but the other app that I use to copy those backup files and pictures off my phone to other computers does.
The sad thing is, even if I take steps to prevent others getting access to my contacts or text messages, sketchy companies will still get those same contacts and quite possibly most of those messages from everyone else.
We need "herd immunity" when it comes to digital privacy, but it's unlikely to ever happen.
The only way to prevent malicious apps from affecting your privacy is to not install them or not give them network access.
And yes, having the ability to deny any app network access on iOS would be great.
YouTube used to be separate domains for ads and then it got merged together so that you can’t block the ads network wide without blocking YouTube videos.
[0] https://old.reddit.com/r/ios/comments/aib10i/in_china_ios_al...
If Apple wanted to provide this willingly they would. That its only available in China due to government regulation tells you all you need to know.
You could of course disable network access to Play Services, but at least for me that broke a bunch of apps or made them unreliable.
What AOSP ROMs need besides the network permission toggle is IPC scopes functionality, akin to storage scopes.
Folks brings up 'IPC' as if this is some chink in the armour in AOSP. It isn't. 'Apps' pretty much on most consumer OSes can 'IPC' their way with other co-operating apps to 'achieve' network access from behind a firewall, just the same.
> since many apps communicate with Play Services and as far as I understand (but I may be mistaken) Play Services does work that involves internet access on behalf of other apps
If the OS or its privileged component will fchown the socket to the origin app, think the INTERNET permission will be enforced as expected.
I am not familiar with iOS internals, but does "very little IPC" mean "zero IPC"? Because if we are talking IPC in the context of bypassing permission checks, I imagine, 'very little' doesn't cut it?
If you want something less disruptive for isolation, there's Private Space. What I like is that this can stop apps there from working in the background on stock Android as well.
It would severely depend on how you categorize "most apps" because I would say I pretty much only use apps that need the Internet, barring Calculator, Camera, and a PDF reader (only because I prefer how it zooms books vs browser. Everything else implicitly needs the Internet as that app is just a better UI to using their mobile web site, if they even offer one.
But yes, agreed it should be everywhere.
(Yes, you can disable network access to Play Services, but it sometimes breaks things and the general point of IPC as a hole still stands.)
They were designed so multiple people could use one device.
Some people use them to separate identities or contain apps they view as bad. I'm not sure if the efficacy of this.
Grapheneos improves them significantly https://grapheneos.org/features#improved-user-profiles
They also added the sensors permission.
It is called app transport security. if you don't set it up your app boots in a sandbox with no network.
Settings -> Privacy Security -> App Privacy Report
Unfortunately 1 - as a _user_ you cannot opt-in or out. I wish Apple would take the next step and let us select which sites an app is not allowed to communicate with. Or ideally even globally for all apps.
Unfortunately 2 - the list of sites the app wants to communicate with is not clearly communicated upfront like before you install.
Unfortunately 3 - the list can also contain wildcard domains
Small steps - they really need to push this to the next phase IMO.
Problem is there's no way for users to actually know that. iOS has no "this app can't reach the internet" indicator, so the whole guarantee is invisible. I even had people assume the opposite — app reads your whole library, therefore it must be uploading it somewhere. Exactly backwards.
This is the Apple mindset. Make things easy. Do not make things complicated.
Citation needed.
Looking through my phone the vast majority of third party apps I have installed obviously require internet access:
- Social media
- Travel (rideshare/airlines/hotels)
- Streaming
- Finance (credit cards/banks)
- Shopping
Not counting built-in apps like the calculator I'd estimate 80-90% of the apps I have installed require internet access.
- Photo/Video editors - Snapsheed, Lightroom, Video trimmers etc.
- Document readers & scanners - PDF viewers, e-readers, OCR scanners
- Note taking - Obsidian
- File/Password managers - Authenticators etc.
- Single player games - Chess, puzzles etc.
- Audio/Video players - VLC players
We've just become conditioned to accept that every app needs to phone home for tracking and ad-delivery.
PDF viewers (like GoodReader) can download a PDF from a URL, or read it from a network drive.
Obsidian has functions that need internet access (e.g., connecting to the Obsidian sync servers, installing community plugins).
Password managers often have a sync feature.
A video player may be able to play files hosted on remote servers or network drives.
They should be useable without an internet connection, but it's entirely reasonable for them to request permissions for network access.
To make it worse, Apple's naming undermines consciousness about this issue, since they have an option to block cross-app/site tracking (which IIRC blocks access to the advertising identifier), but called it "Allow Apps to Request to Track". A lot of people seem to hold the belief that disabling this option blocks all in-app trackers. It just blocks one way to correlate, but as this app shows, there are other ways to correlate (as well as correlating server-side using IP addresses, etc.).
On this topic, I somehow missed that Apple added a generic URL filtering API to macOS/iOS 26, which extends Safari filtering to the whole OS (well, as long as apps are using Apple's APIs). It's not perfect, but a nice addition to DNS-based blocking:
https://adguard.com/en/blog/apple-url-filter-system-wide-fil...
The author of Wipr added support to Wipr 2 as an extra in-app purchase:
https://kaylees.site/wipr2-whats-new.html#filtr
Aside from technical methods to address this, all this in-app tracking must be a violation of the GDPR, no? I can't imagine this all falls under legitimate interest.
Probably, but we're gonna have to wait for the courts to weigh in for a definitive answer.
Same with the very popular pay-or-accept-tracking model. An Austrian court found it illegal, but we'll probably have to wait for a case to make it all the way to the ECJ.
They give that one completely up to businesses, then, to devs. They also thought they should let an app maker prohibit screen recording, which might promote development since it protects revenue of e.g. subtitling apps as one example. But end result is you even end up with a black screen when recording the iPhone Mirroring app from a Mac.
Apple owes us a better balance here. iCloud Private Relay for all apps (why only Safari?! and Mail and HTTP) as a start, and plugging some of the privacy holes Loupe exposes. They don’t want us abusing free trials I suppose.
Edit: It's not a last modified timestamp, it's a volume creation timestamp: https://github.com/mysk-research/loupe/blob/2262efd4456ecba8...
If you want someone to pay for an app, don't make it free with in-app purchases. This is not something allowing for the OS to provide a unique identifier that can be abused available to app developers. App developers cannot be trusted. At. All. Ever.
In the U.S., device setup time (to the second) very conservatively gets you clubbed into a single group of 100 individuals as an "advanced persistent threat" tracker. Even compressing activations to "80/20 during business hours" the math kindof maxes out at a pool of ~5 people, and assuming worst case "20x" of that still means you're still pretty darned identifiable.
If you get ~6-8 more bits of entropy (eg: Device Type + Capacity is easily 2-3 bits, and Time Zone is probably another 2-3 bits) you're cooked!
If you use a closed source browser. That’s the kinda shit they do.
The "Installed Apps Probe" leak also surprised me. It is better than the current state of Android, though.
And nothing stops from using reset it every day.
Any way to reset it as an end user? (Not enough awareness of the issue for search engines to find much.)
Apple added these restrictions because installed app lists can be used for fingerprinting and privacy invasive profiling.
And a data broker/aggregator can purchase such data from many (e.g. thousands) of apps and aggregate it, then sell it.
These days we have more modern and privacy protecting APIs for making content available to the system or other apps… but that doesn’t stop the profilers.
Since Android 11, Google copied the iOS model except Android is a bit more permissive and so you get a bit less privacy out of the box.
Thank you for the clarification!
You cannot provide a large list of unrelated applications since Apple rejects that during app review.
It does not need to be a large list though I think? You just need a small list that is very discriminative and adds enough additional entropy to uniquely identify you in combination with the other data leaked.
And this was heavily exploited by Facebook before Apple patched it
https://odysee.com/@techlore:3/permission-not-required-the-o...
https://www.youtube.com/watch?v=_n_SpEWtqog
I built something similar, for the web. https://neberej.github.io/exposedbydefault/
E.g. I had no idea a random app you install (and give no permissions to) instantly has a list of every app installed on the device (e.g. can infer whether you're dating [or cheating!] from presence of tinder/bumble/hinge). That alone seems instantly monetizable by unscrupulous actors via 'is-my-partner-cheating' as a service: charge $10 to give a probable answer.
It makes sense that there's some discovery mechanism - since Google loves to use it to prefer Chrome, GMail, etc when you're in one of their apps. I wish that there were more restrictions though where you only get implicit permission to query from apps that have the same developer ID. Maybe a mutual allowlist that has to be formed, or some sort of privileged intent where you at least have to tell Apple what's going on and that gives them some contractual right to sanction you if you're using it for nefarious purposes instead.
[1] excluding the clipboard copy count, that was novel!
But if you can get actually get this data, maybe try to do this on yourself and write a blogpost about it. I highly doubt you’ll be able to.
That said, I agree with the rest of your point - you’re not going to go to a developer and offer them $100 for this data on a person (and if you could, you’d still need to tell them which person, which if you could do you could just get the data yourself)
https://www.npr.org/sections/alltechconsidered/2014/09/15/34...
It’s crazy to me that people are being so skeptical of the idea. A lot of people share their logins freely with their spouses. I have never done it nor would I condone it, but it would be trivial for me to install spyware on the devices of many people I know, because they rightfully trust me. Not only do I know some of their device passwords¹, being “the computer guy” I could just outright ask for it or get them to input it anywhere while fixing some issue they have.
¹ And many more I have forgotten, because I make it a point to not record them, even mentally.
Fighting devs being able to make money in this manner is not dissimilar to getting made a drug dealers. As long as users want their product, they will sell the product.
It seems a bit quixotic, but anything that goes against $_BIGCORP is tilting at windmills, anyway.
Of course, the one narrative I almost never hear, no matter who it is, is "Simply don't collect any extra data."
It's that simple. If you don't have the data, your app could be Swiss cheese, and no one can get anything dangerous.
But, in today's tech world, data is money, so every app and Web site out there, goes to any length, to hoover up as much data as possible.
I regularly get prompted to join "teams," and "leaderboards," or do "challenges," on my solitaire games.
Thank you!
> information such as apps installed
This is what surprised me too, but if you read their hint, it’s not like list API. They probe various ‘open URL in app’ to see what apps registered them, so are installed. I guess this i) won’t allow you to track apps that don’t have ‘open in app’ urls, and ii) probably hard to limit without affecting UX
> number of copy actions
This is odd, yeah, not sure why is it exposed
> last wipe
They deduce this from the volume creation date. Probably possible to hide, but also not really that important, at least to me. Fingerprinting will work with way fewer info anyway
To summarize, I think iOS is still very solid in terms of involuntary info exposure (if you trust Apple itself). Most of really sensitive info requires separate permissions. Yes, you can harden it further, but that will be more like a paranoid mode
I have not spent a lot of time thinking about why certain things like 50 apps install queries, boot volume timestamps, etc are provided to developers. But I think Apple will close these loopholes.
Also love the idea of outbound network connections being disabled by the user per app
iPhone
I am against cars for the most part, but I can’t just get rid of my car. In this case, I can’t get rid of Slack (and other apps) because of work and unfortunately I do not work at a company that will buy me a work phone for work things.
Ultimately this has to start at a more root level. We need to claw back privacy.
I have a LG modern TV. Smart shit. I also use a Linux install on a NUC. HDMI.
For some godsdamned reason, the TV was able to initiate an IP bridge with the Linux NUC and get an IP address on my network.
Nobody typed it in the TV. And I'm unsure how it did so itself.
What I do know is that Mikrotik allows DHCP-server blocks of wildcard MAC addresses. Blocked the whole fucking 24 bits of their allocation.
AND if it does get back online, I also shitcanned its routing on the IP side based on hostname.
People always say, "jUsT dO nOt CoNnEcT your TV to you WiFi" which is asinine.
People say that theoretically TVs can get an internet connection through HDMI, but apparently none are actually doing so.
The only solution I suggest is physically removing WiFi cards from the guts before turning on.
Why is not connecting your TV to wifi asinine? Generally works fine but I suppose there are rumors that some TVs scan for open networks and connect to them automatically.
> The only solution I suggest is physically removing WiFi cards from the guts before turning on.
It's going to be very unusual to find a TV using removable PC components like wifi cards. Another option is to connect it to your network but block it from the internet
What?! How on earth would this work?
> Loupe also builds for macOS. The Mac version is mostly complete, but a few things still need work before it's polished.
I got that feeling just seeing the title use "native" as a synonym of "not a website".
Apple should be ashamed that they aren't putting effort to randomize these fingerprints....
More APIs, less friction selling stuff, business presence right on the homescreen.
Fingerprinting is extensively used and can't be defeated without a decent hit to browsing experience. Mullvad and Tor browser are likely the best at anti-fingerprinting.
The only completely reliable way to avoid this tracking is by not visiting websites with fingerprinting. A tool that can help with this is LibRedirect which redirects you from sites like Twitter to privacy front ends like xcancel.
The extensive web tracking is detrimental to privacy, but it doesn't compel you to add additional PII like phone numbers, which is much worse than cross-site tracking for a surveillance capitalism threat model.
But very cool.