I don't understand why internet access isn't opt-in for apps. Preventing exfiltration would prevent much of this harm, and most apps don't have any need to access the internet in the first place. Why am I creating a GE account to read my blood pressure? At least I know it's taking advantage of me. But this is clearly abusive behavior

One correction to some comments here: an iOS app cannot list all apps that are installed. You can only check for specific apps/schemes (LSApplicationQueriesSchemes) by specifying apps you are looking to query for installation status or open. You cannot provide a large list of unrelated applications since Apple rejects that during app review.

Apple added these restrictions because installed app lists can be used for fingerprinting and privacy invasive profiling.

Damn. The "iPhone last setup or erased on ..." is really nasty. What can a user really do about that? I feel like this should be fudged somehow by the OS.

Volume creation date is pretty egregious. I don't see any reason that and Pasteboard changeCount should be so granular.

The "Installed Apps Probe" leak also surprised me. It is better than the current state of Android, though.

This is excellent. Seeing this makes me appreciate how much visual awareness tools like this are needed.

I built something similar, for the web. https://neberej.github.io/exposedbydefault/

Github: https://github.com/neberej/exposedbydefault

Why does a random app (with no special permissions given to it) get access to so much info, and why doesn't Apple tell users this (important) info? Why can't Apple make a long list of check boxes so users can dis/allow on a per-category and per-app basis?

E.g. I had no idea a random app you install (and give no permissions to) instantly has a list of every app installed on the device (e.g. can infer whether you're dating [or cheating!] from presence of tinder/bumble/hinge). That alone seems instantly monetizable by unscrupulous actors via 'is-my-partner-cheating' as a service: charge $10 to give a probable answer.

Today I have simply given up trying not to share my personal information. What I do instead is simply blocking all ads and don’t use apps/websites that can’t be used without ad blocking. They may have many personal details like my favorite ice cream flavor but I get zero ads so I don’t care that much (I would prefer no one having this information but I’m pragmatic in such terrible society).

Is something similar already available for Android phones?

This is why I avoid installing apps and don’t have a lot of them.

Privacy is a real issue! Does the iOS allow an ext dev app to read its system info? If yes, does it easily comply?

/me wonders of the privacy label should actually mention that it reads everything and the kitchen sink!!!

Sweet, been wanting this a while. Just mentioned last month and here it is! https://news.ycombinator.com/item?id=48187972

This is neat and interesting, truly, but the classic “what now?” emerges. I guess the only answer is “throw out my iPhone”? Otherwise this kind of seems like a circuitous ad to make people get worried and download Psylo, which I see has in-app purchases. I’m not trying to come at you here, but it’s just hard not to feel suspicious online these days.

Yea, it's infuriating that most of the HN crowd thinks the apps are better then web. Apps can spy on you way more than web. It's the reason every website says "please download the app". If it was better for them to spy on you via the website they wouldn't ask you to download the app.

this is fantastic, just great really, and honestly makes one stick out so easily, reminfs me a lot of that license plate xkcd

Would love this for MacOS as well.

Apps like TikTok can know which username we logged in with, even if we uninstall and reinstall the app. This is egregious, as many companies like Facebook have SDKs embedded in many apps, allowing them to accurately interconnect user activity.

Apple should be ashamed that they aren't putting effort to randomize these fingerprints....

It's likely to be trolled by the WPA folks, who will insist that WPAs are just as insecure as native apps, so there's no difference ...

But very cool.

Apple added these restrictions because installed app lists can be used for fingerprinting and privacy invasive profiling.

But a single app can request to know the presence of up to 50 apps, right?

And a data broker/aggregator can purchase such data from many (e.g. thousands) of apps and aggregate it, then sell it.

You cannot provide a large list of unrelated applications since Apple rejects that during app review.

Thank you for the clarification!

You cannot provide a large list of unrelated applications since Apple rejects that during app review.

It does not need to be a large list though I think? You just need a small list that is very discriminative and adds enough additional entropy to uniquely identify you in combination with the other data leaked.

It is terrifying to learn that apps are allowed knowledge about any other app being installed on my phone. Where can I see that list?

> Apple added these restrictions because installed app lists can be used for fingerprinting and privacy invasive profiling.

And this was heavily exploited by Facebook before Apple patched it

Because 99% of apps would request it & not function without it, desensitising users into blindly accepting it. Most apps do have a legitimate reason for accessing the internet, so a binary yes/no wouldn’t achieve much anyway.

I just don’t think it’s an effective way of solving the problem.

Better yet, a tool like Little Snitch should be built into the OS. Give me a detailed log of every network requests, to which domains, with what data.

iPhones purchased in mainland China (with model number ending in CH/A) do provide options for setting per-app Internet access permissions. There are three options [0]: Off, WLAN only, WLAN and Cellular.

[0] https://old.reddit.com/r/ios/comments/aib10i/in_china_ios_al...

Because exposed, non-private, abused by-default is a business model. The company is incentivised to not provide restricted access - otherwise you can't have a cut from apps revenue. It's defective by design.

AOSP has network as a regular permission for apps, so on Lineage at least (idk about Graphene as I haven't used it) you can disable network for any app including google play services etc. I have no idea why most phone companies remove this permission from their roms but android itself supports it perfectly fine.

GrapheneOS lets you restrict the internet access of any app on install.

But yes, agreed it should be everywhere.

The evolution of development was to make things easy and simple for the consumer. If internet was an opt-in (and it cannot be opt-out), then app function would be ostensibly limited. And the user would be given a harder time setting things up.

This is the Apple mindset. Make things easy. Do not make things complicated.

This resonates from the dev side. I made an offline photo search app a while back — you search your library in plain language ("a boy and a girl by the river"), CLIP embeddings all computed on device. It needs full photo access but I deliberately requested zero network permission. Was kind of proud of that.

Problem is there's no way for users to actually know that. iOS has no "this app can't reach the internet" indicator, so the whole guarantee is invisible. I even had people assume the opposite — app reads your whole library, therefore it must be uploading it somewhere. Exactly backwards.

Curiously, the Mac App Store sandbox has a com.apple.security.network.client entitlement that a developer must justify to Apple, whereas the iOS App Store does not, allowing unrestricted access to the internet.

It's likely to be trolled by the WPA folks, who will insist that WPAs are just as insecure as native apps, so there's no difference ...

But very cool.

This is excellent. Seeing this makes me appreciate how much visual awareness tools like this are needed.

I built something similar, for the web. https://neberej.github.io/exposedbydefault/

Github: https://github.com/neberej/exposedbydefault

Sweet, been wanting this a while. Just mentioned last month and here it is! https://news.ycombinator.com/item?id=48187972

/me wonders of the privacy label should actually mention that it reads everything and the kitchen sink!!!

Privacy is a real issue! Does the iOS allow an ext dev app to read its system info? If yes, does it easily comply?

You cannot provide a large list of unrelated applications since Apple rejects that during app review.

Thank you for the clarification!

You cannot provide a large list of unrelated applications since Apple rejects that during app review.

> Apple added these restrictions because installed app lists can be used for fingerprinting and privacy invasive profiling.

And this was heavily exploited by Facebook before Apple patched it

That’s a stupid idea, how would you even get this “is-my-partner-cheating” on your partners phone?

And how would the is-my-partner-cheating get their app onto the victims device to detect the other apps?

Of all things, this is where you went?

Volume creation date is pretty egregious. I don't see any reason that and Pasteboard changeCount should be so granular.

The "Installed Apps Probe" leak also surprised me. It is better than the current state of Android, though.

Pasteboard counter exists to help apps to not ask again about the same item in the buffer.

And nothing stops from using reset it every day.

Graphene is way ahead of this

Damn. The "iPhone last setup or erased on ..." is really nasty. What can a user really do about that? I feel like this should be fudged somehow by the OS.

Seems like in general the iPhone was not designed to avoid fingerprinting from installed apps. Only protection would be avoid installing apps and use the web browser when possible.

Maybe I'm being really thick, but why is this information that the OS would make available to apps?

Is the threat model tracking across multiple apps to correlate what you're doing? In that case, a single app wouldn't show you the fudging.

Would love this for MacOS as well.

I just don’t think it’s an effective way of solving the problem.

This is why I avoid installing apps and don’t have a lot of them.

Is something similar already available for Android phones?

But a single app can request to know the presence of up to 50 apps, right?

And a data broker/aggregator can purchase such data from many (e.g. thousands) of apps and aggregate it, then sell it.

this is fantastic, just great really, and honestly makes one stick out so easily, reminfs me a lot of that license plate xkcd

It is terrifying to learn that apps are allowed knowledge about any other app being installed on my phone. Where can I see that list?

Apple should be ashamed that they aren't putting effort to randomize these fingerprints....

Fortunately, if you read the README (and decide to go past the “this was mostly built by AI” part,

> Loupe also builds for macOS. The Mac version is mostly complete, but a few things still need work before it's polished.

What “apps” do you use on a mac?

Unfortunately ad blocking is not effective against current cross-site and anonymous user tracking.

Fingerprinting is extensively used and can't be defeated without a decent hit to browsing experience. Mullvad and Tor browser are likely the best at anti-fingerprinting.

The only completely reliable way to avoid this tracking is by not visiting websites with fingerprinting. A tool that can help with this is LibRedirect which redirects you from sites like Twitter to privacy front ends like xcancel.

The extensive web tracking is detrimental to privacy, but it doesn't compel you to add additional PII like phone numbers, which is much worse than cross-site tracking for a surveillance capitalism threat model.

100% of users have legitimate reasons to block internet access for some apps.

If internet access wasn't granted by default, a lot more apps would function without it.

Many other apps wouldn't exist at all, because their only reason to exist is to spy on users.

The internet access permission should be implemented. Users of macOS are already accustomed to the local network access permission.

Even if it's not the most effective way to raise awareness, it does put pressure on developers to be explicit about the connectivity requirements with users. It would also be a great way to audit an app's local-first / offline-first claim without having to do a network packet capture.

Want telemetry? Send it through Apple and Google. Given Apple's late history and latest trends in Android development, I see them both favoring this approach.

"99% of apps would request it & not function without it"

Apple could refuse to publish them, then. Isn't that why we are forced to go through the App Store? Because Apple ensures every app there works in the best interest of the user?

Permission should be in the form of a capability, which need not end up on the built-in OS network capability. If an app insists on your car's steering wheel, you can be like "sure, kid, here's your Help Daddy Drive(TM)".

> Most apps do have a legitimate reason for accessing the internet

I just flat out think this is bullshit

Apple has been very good about public perception of its products and privacy. They just spent a lot of this year’s WWDC talking about the latter so I’m sure someone at Apple is aware of this.

I have not spent a lot of time thinking about why certain things like 50 apps install queries, boot volume timestamps, etc are provided to developers. But I think Apple will close these loopholes.

Also love the idea of outbound network connections being disabled by the user per app

Don't install apps outside trustable apps that don't embed tracking. Even if you cannot uninstall every app, the fewer you have, the less cross-app tracking. Also donate to and consider installing privacy-conscious alternative phone OSes. They may not have closed all holes (yet), but at least their incentives are aligned with yours.

The only way to prevent this right now is to avoid installing apps that are doing this.

...wouldn't it be better to have a pocket computer you own?

There are plenty of other (better?) reasons why developers might want to push apps.

More APIs, less friction selling stuff, business presence right on the homescreen.

They are technically better. They can do more stuff and integrate with the OS better in general. That includes fingerprinting stuff and fingerprinting integration.

Outdated, but gives the general idea: https://github.com/nandan-desai-extras/PrivacyBreacher

Yes indeed, the limit is 50 which is of course enough to fully profile "regular people" who only have a handful of apps. Also don't forget, Meta/Google/TikTok/WhateverPalantir are updated weekly which means they can tweak their LSApplicationQueriesSchemes list and cover even more apps if they want to.

That’s just keychain. It’s not even fingerprinting.

This is probably Keychain, right?

Yes. Got my ps and ws mixed up. I was just reading about the Mt. Rushmore project (I was curious whether or not it was a WPA project -it wasn’t, officially).

GrapheneOS not only has this permission, but it asks you every time you install an app.

It's nice to be able to toggle it (it's also possible to revoke this permission on GrapheneOS). However, it is imperfect, since apps within the same profile can still communicate through IPC, so if apps cooperate, network access can still be achieved. I would guess that Play Services is one of the larger offenders, since many apps communicate with Play Services and as far as I understand (but I may be mistaken) Play Services does work that involves internet access on behalf of other apps.

You could of course disable network access to Play Services, but at least for me that broke a bunch of apps or made them unreliable.

What AOSP ROMs need besides the network permission toggle is IPC scopes functionality, akin to storage scopes.

Can confirm Graphene also has it

[0] https://old.reddit.com/r/ios/comments/aib10i/in_china_ios_al...

Crazy. So they're explicitly selling crippled devices to most of the world.

What? Why is this Chinese market only? This is exactly what I wanted. There are Apps I simply don't want them to touch internet.

Fantastic work. I regret I can't use it, because this is exactly what I'm looking for for quite a while, but it seems to be an impossible task (I need it on android).

Shocked to see iPhones sold in China are less defective by design on this one point, from another comment. It has surely reduced Genius Bar visits but it’s also harmed my privacy.

GrapheneOS lets you restrict the internet access of any app on install.

But yes, agreed it should be everywhere.

And you can limit which contacts you share with nosy app like WhatsApp, and give access to only specific scope of file folders. Horrifying to think all the years every app got everything it wanted and did not have to ask and couldn't be stopped (I had a rooted phone for firewall capability for a while )

See my comment upthread, it helps a bit, but does not close this hole since apps within the same profile can communicate through IPC, so other apps could provide network access on their behalf. I think the best example is probably Play Services, which provides functionality for a lot of apps and will communicate with Google, etc.

(Yes, you can disable network access to Play Services, but it sometimes breaks things and the general point of IPC as a hole still stands.)

Yeah it asks on app install if you want to grant network permissions. It's just a little checkbox. You can of course manage it afterwards in app settings or permissions manager.

They also added the sensors permission.

You don't need graphene for this, I've been able to do this on plain android for ages.

iOS lets you turn off data access (so outside of wifi) for apps as well, it's just not asked at install, which honestly makes sense given the demographics of iPhone users.

Better yet, a tool like Little Snitch should be built into the OS. Give me a detailed log of every network requests, to which domains, with what data.

This isn't effective because Little Snitch only sees the domains so apps can just serve the trackers on the same domain as essential services making blocking impossible.

The only way to prevent malicious apps from affecting your privacy is to not install them or not give them network access.

If I remember correctly iPhone apps used to use the devices SSL certificates so you as a user could install your own and man-in-the-middle the traffic to see what was being sent. AFAIK now the apps use certificate pinning.

This exists already! You can see it by going to Settings > Privacy & Security and turning on the App Privacy Report at the bottom.

Yes and it should work properly instead of making unwanted initial outbound connections (macOS firewalls are broken).

It’s not quite that detailed but iOS’s builtin “app privacy report” does give a fair amount of info, including a list of domains accessed.

This is the Apple mindset. Make things easy. Do not make things complicated.

The attitude was never "don't give the user control", though. Until ios.

Unfortunately ad blocking is not effective against current cross-site and anonymous user tracking.

Fingerprinting is extensively used and can't be defeated without a decent hit to browsing experience. Mullvad and Tor browser are likely the best at anti-fingerprinting.

100% of users have legitimate reasons to block internet access for some apps.

If internet access wasn't granted by default, a lot more apps would function without it.

Many other apps wouldn't exist at all, because their only reason to exist is to spy on users.

Yes. Got my ps and ws mixed up. I was just reading about the Mt. Rushmore project (I was curious whether or not it was a WPA project -it wasn’t, officially).

Loupe

Loupe is an iOS and iPadOS app that gives you a hands-on tour of the device fingerprinting surface. It reads real values from public iOS APIs, the same ones any third-party app can call, and shows them to you raw. The point is simple: see what your iPhone quietly exposes, and why each reading helps an app recognize you again.

Trackers don't need your name, email, or location to recognize you online. Each reading isn't necessarily unique on its own, but together they form a fingerprint that follows you across apps and websites.

Loupe screenshot showing the passive signal category Loupe screenshot showing the needs permission signal category Loupe screenshot showing some highlights from what apps can see

How signals are organized

Loupe groups every reading into three tiers, reflecting the cost of access:

Passive — visible to any app with no prompt at all (locale, time zone, screen, battery, and more).
Needs Permission — readings that trigger an iOS prompt (contacts, photos, location, calendars).
Advanced — clever side-channel uses of public APIs, such as URL-scheme probing via canOpenURL and Keychain persistence across reinstalls.

Privacy

Nothing Loupe reads leaves your device unless you explicitly export it. Values are shown raw, without aggregation or hashing. Nothing is uploaded, synced, or shared.

A note on how this was built

Loupe was written almost entirely by AI coding tools.

Building

You'll need Xcode 26 or newer.

Open code/Loupe.xcodeproj.
Copy code/Config/Signing.local.xcconfig.example to code/Config/Signing.local.xcconfig and fill in your own DEVELOPMENT_TEAM and bundle identifiers. This file is gitignored and never published.
Build and run on a device or simulator.

The project uses Xcode's buildable folders (folder references), so new Swift files are picked up automatically with no need to edit the project file.

macOS

Loupe also builds for macOS. The Mac version is mostly complete, but a few things still need work before it's polished.

Support the project

Loupe is free and open source. If it helped you see what apps can quietly learn about your device, the best way to support more work like this is to try Psylo, our privacy-first browser for iPhone and iPad. Psylo gives you proxy-backed browsing, isolated tabs, and anti-fingerprinting protections.

You can also read why we built Psylo.

License

The source code is released under the MIT License.

About

Loupe is made by Mysk.

The internet access permission should be implemented. Users of macOS are already accustomed to the local network access permission.

Want telemetry? Send it through Apple and Google. Given Apple's late history and latest trends in Android development, I see them both favoring this approach.

"99% of apps would request it & not function without it"

Apple could refuse to publish them, then. Isn't that why we are forced to go through the App Store? Because Apple ensures every app there works in the best interest of the user?

Apple has been very good about public perception of its products and privacy. They just spent a lot of this year’s WWDC talking about the latter so I’m sure someone at Apple is aware of this.

I have not spent a lot of time thinking about why certain things like 50 apps install queries, boot volume timestamps, etc are provided to developers. But I think Apple will close these loopholes.

Also love the idea of outbound network connections being disabled by the user per app

Outdated, but gives the general idea: https://github.com/nandan-desai-extras/PrivacyBreacher

They are technically better. They can do more stuff and integrate with the OS better in general. That includes fingerprinting stuff and fingerprinting integration.

That’s just keychain. It’s not even fingerprinting.

Can confirm Graphene also has it

GrapheneOS not only has this permission, but it asks you every time you install an app.

Crazy. So they're explicitly selling crippled devices to most of the world.

Fortunately, if you read the README (and decide to go past the “this was mostly built by AI” part,

> Loupe also builds for macOS. The Mac version is mostly complete, but a few things still need work before it's polished.

> and decide to go past the “this was mostly built by AI” part

I got that feeling just seeing the title use "native" as a synonym of "not a website".

What “apps” do you use on a mac?

Probably a ton since macOS apps are literally distributed as .app bundles.

Google Chrome, VS Code, among others

That’s a stupid idea, how would you even get this “is-my-partner-cheating” on your partners phone?

Loupe itself can see if you have tinder/bumble/hinge installed (verify for yourself: install tinder, then install loupe, don't give it any permissions, and it can tell if you have tinder installed or not). So the answer is: buy the data from any app your partner has installed! Or more easily, a data aggregator which will have already combined data from hundreds/thousands of apps.

So your partner only needs to have had 1 single app from the list that sells user data to a data aggregator for this to work. They do not need to have installed some special app.

Here's a random Slate article about apps getting your data and selling it to aggregators/brokers, who sell it to third-parties (you, or I, could be one of those third parties).

> How Shady Companies Guess Your Religion, Sexual Orientation, and Mental Health And sell that data to the highest bidder.

https://slate.com/technology/2023/04/data-broker-inference-p...

It already happens all the time. It even has a name.

https://en.wikipedia.org/wiki/Stalkerware

Of all things, this is where you went?

Okay it's weird but the first thing that came to mind. Logic: if I can think of a monetisable, nefarious application in 10 seconds, then it stands to reason that very many nefarious applications would be possible with more time/effort.

And how would the is-my-partner-cheating get their app onto the victims device to detect the other apps?

They don't, utilise the fact that every single iPhone app has access to what other apps are installed! - purchase that info from literally any iPhone app or aggregator that has it for that user. Curious how much this would cost to purhcase - a working credit card goes for $5-10 on the black market so 'apps installed on X's iphone' might be, like, 10c?

Ask any domestic abuser. Most of them seem to be successful at it.

https://www.npr.org/sections/alltechconsidered/2014/09/15/34...

It’s crazy to me that people are being so skeptical of the idea. A lot of people share their logins freely with their spouses. I have never done it nor would I condone it, but it would be trivial for me to install spyware on the devices of many people I know, because they rightfully trust me. Not only do I know some of their device passwords¹, being “the computer guy” I could just outright ask for it or get them to input it anywhere while fixing some issue they have.

¹ And many more I have forgotten, because I make it a point to not record them, even mentally.

Pasteboard counter exists to help apps to not ask again about the same item in the buffer.

And nothing stops from using reset it every day.

Why do you need a count for that? Couldn’t they just generate a UUID every time the clipboard changes?

Allowing an app to access the pasteboard without the user explicitly pasting into the app is weird to me. Maybe the thing I have in the pasteboard is not for this app but left over from use in another app. Since there's no easy way to clear the pasteboard, this will happen often. Maybe it's because I'm not an app dev that this doesn't make sense to me????

Would you elaborate on both points?

Any way to reset it as an end user? (Not enough awareness of the issue for search engines to find much.)

I think something like a per boot delta added to a (per app?) random base would preserve such functionality.

Maybe I'm being really thick, but why is this information that the OS would make available to apps?

Maybe it’s derived

Graphene is way ahead of this

Apps on grapheneos can see a list of other apps in the same profile.

Seems like in general the iPhone was not designed to avoid fingerprinting from installed apps. Only protection would be avoid installing apps and use the web browser when possible.

This. This is why everyone who wants to fingerprint and collect tons of data on end users pushes them hard on installing an app. The amount of valuable data is 10x what’s available in the browser

Cut your selection of apps and find/build privacy respecting alternatives for the remainder. Im trying to do this. Music is now locally hosted, Youtube is sorta kinda coming along. I've been working on reversing some of my more basic iOS apps to extract the data/endpoints they use and write my own apps. Fable really helped with this and Opus just does not cut the mustard. I hope it comes back. :/

The intended “protection” is the ToS, which requires apps to disclose what they are tracking and whether they perform cross-premise tracking.

These days many things don't work on browser. Even reddit is very difficult as we get constant nagging.

Is the threat model tracking across multiple apps to correlate what you're doing? In that case, a single app wouldn't show you the fudging.

```Based on a binomial/Poisson distribution and a baseline of 21 million U.S. device sales per release, a fingerprint relying on "seconds since setup" fails to uniquely identify individuals. In the high-density Early Adopter phase, you will share your exact setup second with an average of 1.01 other people (a total matching pool of ~2 people). Six months into the cycle, you will still share that second with an average of 0.68 other people.```

In the U.S., device setup time (to the second) very conservatively gets you clubbed into a single group of 100 individuals as an "advanced persistent threat" tracker. Even compressing activations to "80/20 during business hours" the math kindof maxes out at a pool of ~5 people, and assuming worst case "20x" of that still means you're still pretty darned identifiable.

If you get ~6-8 more bits of entropy (eg: Device Type + Capacity is easily 2-3 bits, and Time Zone is probably another 2-3 bits) you're cooked!

> Most apps do have a legitimate reason for accessing the internet

I just flat out think this is bullshit

The only way to prevent this right now is to avoid installing apps that are doing this.

There are plenty of other (better?) reasons why developers might want to push apps.

More APIs, less friction selling stuff, business presence right on the homescreen.

...wouldn't it be better to have a pocket computer you own?

This is probably Keychain, right?

You could of course disable network access to Play Services, but at least for me that broke a bunch of apps or made them unreliable.

What AOSP ROMs need besides the network permission toggle is IPC scopes functionality, akin to storage scopes.

You are right, it is BS.

Non-multiplayer games, clock, camera, contacts, phone, text message, file explorer, keyboard, launcher, notes, document viewer/editor, image viewer, audio recorder...

Most of the apps on my phone do not need internet access.

> Also donate to and consider installing privacy-conscious alternative phone OSes.

iPhone

“Just don’t use it” only gets you so far and isn’t always an option. Also, as some have mentioned in this thread, many sites now make the mobile experience so painful (or remove key features) so as to force you onto the app.

I am against cars for the most part, but I can’t just get rid of my car. In this case, I can’t get rid of Slack (and other apps) because of work and unfortunately I do not work at a company that will buy me a work phone for work things.

Ultimately this has to start at a more root level. We need to claw back privacy.

And people want apps, believe it or not.

It would be even better if app devs weren't pieces of shit making apps whose sole purpose is to gather all of this data to sell to other pieces of shits while skinning their app as a game or other app to trick users into thinking it's worth installing.

Fighting devs being able to make money in this manner is not dissimilar to getting made a drug dealers. As long as users want their product, they will sell the product.

if you think "desktop" operating systems aren't even worse on this, you're very mistaken

That’s not the problem though. The problem is that most apps are malware.

Phones are quite useful.

Just use the browser, it's fine 99% of the time.

Are there legitimate reasons why an App should know I have installed?

Probably, the most stupid thing with apple is there is no way to clear this keychain AFAIK without resetting whole phone.

GrapheneOS has user profiles, but they're too heavyweight for most uses.

> However, it is imperfect, since apps within the same profile can still communicate through IPC, so if apps cooperate, network access can still be achieved.

Folks brings up 'IPC' as if this is some chink in the armour in AOSP. It isn't. 'Apps' pretty much on most consumer OSes can 'IPC' their way with other co-operating apps to 'achieve' network access from behind a firewall, just the same.

> since many apps communicate with Play Services and as far as I understand (but I may be mistaken) Play Services does work that involves internet access on behalf of other apps

If the OS or its privileged component will fchown the socket to the origin app, think the INTERNET permission will be enforced as expected.

> and decide to go past the “this was mostly built by AI” part

I got that feeling just seeing the title use "native" as a synonym of "not a website".

So your partner only needs to have had 1 single app from the list that sells user data to a data aggregator for this to work. They do not need to have installed some special app.

Here's a random Slate article about apps getting your data and selling it to aggregators/brokers, who sell it to third-parties (you, or I, could be one of those third parties).

> How Shady Companies Guess Your Religion, Sexual Orientation, and Mental Health And sell that data to the highest bidder.

https://slate.com/technology/2023/04/data-broker-inference-p...

It already happens all the time. It even has a name.

https://en.wikipedia.org/wiki/Stalkerware

Why do you need a count for that? Couldn’t they just generate a UUID every time the clipboard changes?

Would you elaborate on both points?

Any way to reset it as an end user? (Not enough awareness of the issue for search engines to find much.)

Apps on grapheneos can see a list of other apps in the same profile.

It’s not quite that detailed but iOS’s builtin “app privacy report” does give a fair amount of info, including a list of domains accessed.

Probably a ton since macOS apps are literally distributed as .app bundles.

Though there is a difference what store apps and non-store apps can do. I think is about store apps which are “sandboxed” and have to use public api to request then access information which non-store apps can access without.

Google Chrome, VS Code, among others

Well “they” can technically “read” anything your user can.

Not just possible, currently being implemented. People are murdered every year using this information. Last year a US politician was assassinated by someone who tracked them by buying this information from aggregator. You thought of a tame use case!

Ask any domestic abuser. Most of them seem to be successful at it.

https://www.npr.org/sections/alltechconsidered/2014/09/15/34...

¹ And many more I have forgotten, because I make it a point to not record them, even mentally.

I think something like a per boot delta added to a (per app?) random base would preserve such functionality.

Maybe it’s derived

This. This is why everyone who wants to fingerprint and collect tons of data on end users pushes them hard on installing an app. The amount of valuable data is 10x what’s available in the browser

These days many things don't work on browser. Even reddit is very difficult as we get constant nagging.

The intended “protection” is the ToS, which requires apps to disclose what they are tracking and whether they perform cross-premise tracking.

Yes and it should work properly instead of making unwanted initial outbound connections (macOS firewalls are broken).

The attitude was never "don't give the user control", though. Until ios.

> Also donate to and consider installing privacy-conscious alternative phone OSes.

iPhone

And people want apps, believe it or not.

Hacker Times

Hacker Times

Loupe – A iOS app that raises awareness about what native apps can see

Discussion

Discussion

Loupe

How signals are organized

Privacy

A note on how this was built

Building

macOS

Support the project

License

About