https://www.forbes.com/sites/zakdoffman/2021/10/23/apple-iphone-users-delete-facebook-app-after-new-tracking-warning/ Explore * Billionaires + All Billionaires + World's Billionaires + Forbes 400 + America's Richest Self-Made Women + China's Richest + India's Richest + Indonesia's Richest + Korea's Richest + Thailand's Richest + Japan's Richest + Australia's Richest + Taiwan's Richest + Singapore's Richest + Philippines' Richest + Hong Kong's Richest + Malaysia's Richest + Money & Politics + 2020 Money * Innovation + All Innovation + 5G + AI + Big Data + Cloud + Cloud 100 + Cognizant BrandVoice | Paid Program + Consumer Tech + Cybersecurity + Enterprise Tech + Future Of Work + Games + Genesys BrandVoice | Paid Program + Healthcare + Innovation Rules + SAP BrandVoice | Paid Program + Science + ServiceNow BrandVoice | Paid Program + Social Media + Sisense BrandVoice | Paid Program + Splunk BrandVoice | Paid Program + Sustainability + T-Mobile for Business BrandVoice | Paid Program + Tableau BrandVoice | Paid Program + Venture Capital + Wind River BrandVoice | Paid Program * Leadership + All Leadership + Amazon Web Services BrandVoice | Paid Program + Careers + CEO Network + CFO Network + CIO Network + CMO Network + CxO + Deloitte BrandVoice | Paid Program + Diversity, Equity & Inclusion + Education + Forbes EQ | Paid Program + Forbes The Culture + ForbesWomen + Google Cloud BrandVoice | Paid Program + Leadership Strategy + Splunk BrandVoice | Paid Program + Sprinklr BrandVoice | Paid Program + Under 30 + Webex by Cisco BrandVoice | Paid Program + Working Remote + Over 50 * Money + All Money + Banking & Insurance + Crypto & Blockchain + ETFs & Mutual Funds + Fintech + Hedge Funds & Private Equity + Investing + Markets + Personal Finance + Premium Investing Newsletters + Retirement + Taxes + Top Advisor | SHOOK + Wealth Management + Election 2020 * Business + All Business + Aerospace & Defense + Alteryx BrandVoice | Paid Program + Energy + Food & Drink + Hollywood & Entertainment + Manufacturing + Media + Policy + Retail + SportsMoney + Tableau BrandVoice | Paid Program + Transportation * Small Business + All Small Business + Entrepreneurs + Franchises + Office Depot OfficeMax BrandVoice | Paid Program + Small Business Strategy + Square BrandVoice | Paid Program * Lifestyle + All Lifestyle + Arts + Boats & Planes + Cars & Bikes + Dining + ForbesLife + Forbes Travel Guide + Spirits + Style & Beauty + Travel + Vices + Watches * Real Estate + All Real Estate + Commercial Real Estate + Forbes Global Properties + Residential Real Estate * Store + All Store * Vetted + All Vetted + Gear + Health & Wellness + Home & Kitchen + Style + Tech & Electronics * Coupons + All Coupons + Purple + Squarespace + Verizon + Lululemon + AT&T + Lowe's + Brooks Brothers + Tory Burch + Dr Martens + Dell + Chewy * Advisor + All Advisor + The Best Credit Cards Of 2021 + Best Balance Transfer Credit Cards + Best Cash Back Credit Cards + Best 0% APR Credit Cards + Best Travel Credit Cards + Best Business Credit Cards + Best Life Insurance Companies + Best Term Life Insurance + Best Travel Insurance Companies + Pandemic Travel Insurance + Best Car Insurance Companies + Best Pet Insurance + Best Mortgage Lenders + Today's Mortgage Rates + Best Personal Loans + Best Student Loans + Best Student Loan Refinance + Best Business Insurance + Forbes Health + Forbes Advisor UK + Forbes Advisor India * Wheels + All Wheels + Best Sedans + Best Luxury SUVs + Best SUVs + Best Pickups + Best Performance Cars + Best Family Cars + Best SUVs & Crossovers + Best Electric Cars + Best Sports Cars * Lists + All Lists * Video + All Video * Newsletters + Crypto Confidential + Editorial Newsletters + Investing Digest + Premium Investing Newsletters * Forbes Magazine + All Forbes Magazine + Forbes Asia + Free Issue of Forbes * Latest + Coronavirus Coverage + Daily Cover Stories + Dark Capital + Editors' Picks + Election 2020 + Visual Web Stories * Featured + 30 Under 30 2021 + A Guide To Putting Your Money To Work | Paid Program + A Healthier Baton Rouge | Paid Program + Alibaba.com BrandVoice | Paid Program + All Hands On Data - A Tableau Series | Paid Program + Amazon Analytics BrandVoice | Paid Program + America's Top Wealth Advisors | Paid Program + BNY Mellon Wealth Management BrandVoice | Paid Program + Capital One Editorial | Paid Program + DNA Of Success + EY BrandVoice | Paid Program + Fidelity Editorial | Paid Program + Forbes Next 1000 2021 + Glenfiddich BrandVoice | Paid Program + Grads of Life BrandVoice | Paid Program + Hitachi Energy BrandVoice | Paid Program + iShares BrandVoice | Paid Program + J.P. Morgan Insights | Paid Program + Manhattan Associates BrandVoice | Paid Program + Marcus by Goldman Sachs | Paid Program + Marcus by Goldman Sachs: A Tax Guide For Gig Workers | Paid Program + Michigan Economic Development Corporation Insights | Paid Program + Office Depot OfficeMax BrandVoice | Paid Program + Otsuka BrandVoice | Paid Program + realme BrandVoice | Paid Program + Square BrandVoice | Paid Program + Tableau BrandVoice | Paid Program + TD Bank BrandVoice | Paid Program + Ten-X BrandVoice | Paid Program + Top Next-Gen Wealth Advisors | Paid Program + What You Need To Know About Retirement Accounts | Paid Program + World's Billionaires List | Paid Program * Advertise with Forbes * Report a Security Issue * Site Feedback * Contact Us * Careers at Forbes * Tips * Corrections * Privacy * Do Not Sell My Personal Information * Terms * AdChoices * Reprints & Permissions (c) 2021 Forbes Media LLC. All Rights Reserved Subscribe Sign In BETA This is a BETA experience. You may opt-out by clicking here More From Forbes Oct 21, 2021,08:24am EDT Ransomware Tactics To Quickly Collect Money From Victims Oct 21, 2021,05:55am EDT Hackers Tempt YouTube Influencers With Fake Collacoration Deals To Hijack Their Accounts Oct 20, 2021,02:56pm EDT Candy Maker's Operations Disrupted By Ransomware With Halloween Just Around The Corner Oct 19, 2021,09:35am EDT Watch Out: 'Squid Game' Malware Hits Google Play As Hundreds Of Unofficial Apps Flood Store Oct 18, 2021,06:01am EDT iPhone 13 Pro Hacked: Chinese Hackers Suddenly Break iOS 15.0.2 Security Oct 16, 2021,08:00am EDT Who Is The Mystery Snail? Windows Under Attack From Zero-Day Exploit Oct 16, 2021,07:30am EDT How To Install WhatsApp's Multi-Device Update On Your Phone Edit Story Oct 23, 2021,06:19am EDT| Why You Should Delete Your Facebook App Zak Doffman Zak Doffman Contributor Opinions expressed by Forbes Contributors are their own. Cybersecurity I cover security and surveillance and co-host 'Straight Talking Cyber' * Share to Facebook * Share to Twitter * Share to Linkedin A stark new warning for almost all iPhone users, as Facebook is suddenly caught "secretly" harvesting sensitive data without anyone realizing. And worse, there's no way to stop this especially invasive tracking other than by deleting the app. New Facebook warning for millions of iPhone users as secret user tracking suddenly exposed. AFP via Getty Images A week ago, I warned iPhone users that Facebook still captures location data using the metadata from your photos and your IP address, even if you update your settings "never" to track your location. Facebook admits to this harvesting, refusing to be drawn on why that's so wrong when users specifically disable location tracking. Now security researchers have suddenly warned that Facebook goes even further, using the accelerometer on your iPhone to track a constant stream of your movements, which can easily be used to monitor your activities or behaviors at times of day, in particular places, or when interacting with its apps and services. Alarmingly, this data can even match you with people near you--whether you know them or not. Just like the photo location data, the most serious issue here is that there is absolutely no transparency. You are not warned that this data is being tracked, there is no setting to enable or disable the tracking; in fact, there doesn't seem to be any way to turn off the feature and stop Facebook (literally) in its tracks. MORE FOR YOU iOS 15: Apple Issues 22 Important iPhone Security Updates Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking iOS 15 Is Available Now With These Stunning New iPhone Privacy Features Researchers Talal Haj Bakry and Tommy Mysk warn that "Facebook reads accelerometer data all the time. If you don't allow Facebook access to your location, the app can still infer your exact location only by grouping you with users matching the same vibration pattern that your phone accelerometer records." The researchers say the issue impacts Facebook, Instagram and WhatsApp, albeit with WhatsApp, it's possible to disable the feature and the platform assured me that no data ever leaves a user's device. "In Facebook and Instagram," Mysk told me, "it is not clear why the app is reading the accelerometer--I couldn't find a way to disable it." That means you need to delete the app and access Facebook via your browser instead. Facebook is awkwardly exposed here, with Mysk telling me: "I tested TikTok, WeChat, iMessage, Telegram and Signal. They don't do it." App Store Charts Apple Given Facebook dominates iPhone social media installs--this will impact almost all the billion-plus iPhone users around the world. Facebook confirmed to me that "we use accelerometer data for features like shake-to-report, and to ensure certain kinds of camera functionality such as panning around for a 360-degree photo or for camera." "Although the accelerometer data seems to be innocuous," Mysk says, "it's jaw-dropping what apps can make up of these measurements. Apps can figure out the user's heart rate, movements, and even precise location. Worse, all iOS apps can read the measurements of this sensor without permission. In other words, the user wouldn't know if an app is measuring their heart rate while using the app." MORE FROM FORBESHow To Disable Facebook's Image Location Harvesting On Your iPhoneBy null While there may be valid benefits in using the camera, this does not explain why your movements are tracked constantly, rather than only when those camera features are in use. It would be simple for Facebook only to tap the accelerometer when needed. As for the shake to report function, Facebook could use Apple's functionality to limit how much data it pulls--but that's not how Facebook operates. Worse, even when users toggle off this reporting feature in the Facebook app, Mysk told me, "nothing happens when you shake the phone, but the app continues to read the accelerometer." The researchers cite the example of a bus journey to show how such data might be used. "If you are on the bus and a passenger is sharing their precise location with Facebook," they explain, Facebook can easily tell that you are in the same location as the passenger. Both vibration patterns are going to be identical." If you think this is spurious, Facebook actually has a patent application to use wireless phone signals to connect strangers, and even cites the example of just such a bus ride, "it can be advantageous to provide an approach for users, who have met or have likely met, to connect with one another if they so choose." Remember, none of this information exists in isolation, Facebook's trillion-dollar magic is joining the data dots. Put more simply, you know all those mysterious new friend connection ideas... "We tested several apps," Mysk explains, "and Facebook and Instagram stood out. While Facebook reads the accelerometer all the time, Instagram only reads it when the user is texting in the DM. In addition, WhatsApp also reads the accelerometer by default to animate chat wallpapers. So, this puts these three apps together, and you wonder if they are matching vibration patterns among users. This can get nasty, and the way to end it is by protecting this valuable sensor with a permission." You need to remember that Facebook is a trillion-dollar empire built on data, and only data--with Facebook, it's not so much a metaverse as a dataverse. If the company can use this data, combined with everything else it holds on you and those around you, then it will. Why would it suddenly decide to exercise restraint? Just look at the staggering privacy labels behind Facebook's iPhone app--while much of the data Facebook gathers comes from its platform and services, the data it can pull from the app simply adds more third-party information into its mix. All this is linked to your identity, nothing is wasted or thrown away. Privacy Labels: Facebook's 'Dataverse' Apple / @UKZak As ESET's Jake Moore warns, "this is, in clear terms, another violation which seems to have gone under the radar when scooping up yet more personal data from iPhones. Many people may not even think twice what sensors an iPhone has, let alone fully understand what this information can offer companies." This is another app permission issue. If you use the Facebook app on your iPhone, then you essentially give Facebook permission to access data and information on and about your phone. And while you can restrict some of this, there is other data--just as here with the accelerometer--that you will not know about. Mysk and Haj Bakry have form for just such privacy exposures. They discovered the iOS clipboard issue that ultimately prompted Apple to change its settings and provide a clipboard warning, which has now led to Android 12 doing the same. Just as then, Apple needs to act here. The accelerometer should not be a free-for-all, not when data giants such as Facebook can use this as yet another data point to feed into their algorithms, plotting social graphs and tracking locations and behaviors. MORE FROM FORBESGoogle's Latest Tracking Nightmare For Chrome Comes In Two PartsBy null "All data which is personal and unique should be viewed as sensitive and must be protected," Moore says. "This permission needs to be restricted along with other obtrusive data tracking especially if users were previously unaware this information was being analyzed." And it's that lack of awareness that is most critical here. Apple has done a great job this year, preventing data abuses from the likes of Facebook and Google. App Tracking Transparency has already inflicted a drastic impact on data-fueled revenues. In iOS 15, we have seen new privacy innovations around mail tracking, web anonymity and privacy reports. Now we have another simple update that Apple needs to develop, to clamp down on this clear-cut data abuse. Follow me on Twitter or LinkedIn. Zak Doffman Zak Doffman Zak is a widely recognized expert on surveillance and cyber, as well as the security and privacy risks associated with big tech, social media, IoT and smartphone ... Read More Zak is a widely recognized expert on surveillance and cyber, as well as the security and privacy risks associated with big tech, social media, IoT and smartphone platforms. He is frequently cited in the international media and is a regular commentator on broadcast news, with appearances on BBC, Sky, NPR, NBC, Channel 4, TF1, ITV and Fox, as well as various cybersecurity and surveillance documentaries. Zak has twenty years experience in real-world cybersecurity and surveillance, most recently as the Founder/CEO of Digital Barriers, which develops advanced surveillance technologies for frontline security and defence agencies as well as commercial organizations in the US, Europe and Asia. The company is at the forefront of AI-based surveillance and works closely with flagship government agencies around the world on the appropriate and proportionate use of such technologies. As well as analysing security and surveillance stories, Zak is co-creator of Forbes' award winning Straight Talking Cyber video series. Zak can be reached at zakd@me.com. Read Less * Print * Reprints & Permissions [ ]