[HN Gopher] Apple allows some iOS apps to track user locations v...
___________________________________________________________________
Apple allows some iOS apps to track user locations via lists of
nearby SSIDs
Author : lloyds_barclays
Score : 700 points
Date : 2023-12-21 14:18 UTC (8 hours ago)
(HTM) web link (wingu.se)
(TXT) w3m dump (wingu.se)
| coldcode wrote:
| FYI, that API requires entitlements to be used, which are only
| available if you request them from Apple and justify their use.
| It's not a general-purpose API any app can use.
| lxgr wrote:
| That's not really any consolation, since (according to the
| article) Apple has granted that entitlement to WeChat and
| Alipay.
|
| Yes, these are "super-apps" and Wi-Fi hotspot services are
| probably part of their offerings, but that's just more reason
| this should be a user-grantable permission like "local network
| access". If I don't care for the hotspot feature, I don't want
| the app to have that capability.
| MBCook wrote:
| Certain apps have always gotten special treatment. If it's
| big enough to mess with phone sales they're allowed nonsense
| a normal dev would be permanently banned for.
|
| Ex: all the stuff FB has been caught doing over the years
|
| My understanding (no first hand experience) is that WeChat
| and Alipay are basically required in China. If a phone
| doesn't have them, it's worthless and won't sell.
|
| So naturally they too can do nonsense that would get the rest
| of us booted to space.
| stavros wrote:
| Why does apple get to decide which app gets automatic
| access to my private data, on my device, without needing to
| ask me?
| electric_mayhem wrote:
| Does your employer have a donation matching program?
|
| It's a great time of year to donate to the EFF.
| stavros wrote:
| I donate to NOYB, but I second your sentiment.
| BobaFloutist wrote:
| It's so hard to prioritize non-profits these days. EFF is
| huge and super relevant, but so are aid programs to
| Ukraine or I/P, and reproductive health orgs. There's a
| lot going on I want to contribute to.
| bear141 wrote:
| I wonder if there is a service to automate small (or
| large) donations to multiple organizations on a regular
| basis similar to an investment service?
|
| Edit: I can only find services marketed towards the
| nonprofit, not for the donor. A service that aggregated
| and automated all the nonprofits I want to regularly
| donate small amounts to would be great. I think it would
| be important to not require the nonprofits direct
| involvement in order to allow me to donate as diversely
| as I want.
| electric_mayhem wrote:
| Benevity is a company that basically administers company
| matching donations.
|
| Database of approved nonprofits, can set up arbitrary
| amounts as recurring payments, and automatic matching if
| you do the donations through their site.
|
| It's not quite "I got $500 this month to give back,
| scatter it amongst my chosen charities" but you could
| definitely use a service like that to set up baseline
| donations.
|
| I don't do scheduled donations; prefer to spool it up and
| make a splash when employer offers 2:1 match. Don't think
| I've seen that in all of '23, though, so settling for 1:1
| now.
| bear141 wrote:
| Thank you for this. I realize this suggestion fits the
| context of the thread, but I am currently self employed
| so I would love another suggestion that isn't necessarily
| geared toward integrating with employer match programs.
| BobaFloutist wrote:
| https://www.charitynavigator.org/donor-basics/tools-for-
| givi... How's this look?
| electric_mayhem wrote:
| I'm with you on all those.
|
| I just did my end of year matching gift donating through
| the portal at work.
|
| I guess I left out Ukraine, which needs fixing. But did
| get FSF, EFF, the regional food bank, and a niche human
| rights org.
|
| Let me tell you, causing my employer donate to the EFF in
| particular is always one of the high points of my year.
| Even better when there's 2:1 matching, which they seem to
| not offer this year (I dig deep in my own pocket when
| they do have that because, hey, 2:1!). It's hilarious and
| oh so satisfying.
| coldacid wrote:
| Because you bought a closed-source device by which you
| surrendered your privacy to whatever the source-
| controlling company wants.
| ben_w wrote:
| Quite a few apps run tests to find out if they're running
| on a rooted device, and refuse to continue if they are.
|
| Dunno if these apps do that or not, but I can easily
| imagine that using them is a Hobson's Choice even in OSS
| utopia: take the horse offered (app with tracking) or
| don't have a horse.
| salawat wrote:
| There is no Hobson's choice in OSS utopia, as the outcome
| of "app with tracking offered only" is "fork app -
| tracking".
|
| You can sit there and stew over the gall of those people
| to do it, but if you piss them off enough, it will
| happen.
| ben_w wrote:
| To the extent you could ever replace WeChat and Alipay
| with OSS, that's already a possibility today even with
| closed OSes and App Stores.
|
| To the extent that you can't (network effects or legal
| obligations or whatever) you still won't be able to if
| the code of those apps is made available under any
| license of your choice.
| anileated wrote:
| FWIW I used WeChat a few years ago and at that point it
| definitely asked for local network access (which is what
| this article is about; a mechanism for collecting SSIDs
| which can then later be correlated to locations).
|
| If there is an entitlement, it is as of yet unclear
| whether it means a consent dialog/privacy toggle or not.
| IIRC an entitlement only means you can _ask_ for this
| sort of access, not get it automatically, but I may be
| wrong (I've never gotten far in iOS dev).
|
| We can argue that this feature is misnamed, regular users
| will not understand what it is and would not be giving
| _informed_ consent, and I can get behind that, but
| "automatic access to my private data on my device" looks
| like jumping to conclusions.
| stavros wrote:
| Hm, I assume any app can ask for whatever it wants, but
| that's just an assumption. I don't know if app developers
| need to apply to be able to request permissions, but I
| don't own an iPhone.
| MBCook wrote:
| Certain things require permission from Apple to be able
| to even use. The API in question here is one of them.
|
| Other things are just available to any developer but have
| to have a user prompt, for example saving to the photo
| library.
| anileated wrote:
| I was remembering when trying out iOS development years
| back that entitlements were needed for many things and
| the ones I tried involved a consent screen.
|
| From looking at https://developer.apple.com/documentation
| /bundleresources/en... I would say there are many more
| entitlements than consent screens, the phrasing suggests
| there is no 1:1 mapping between them and is not clear on
| whether they reliably come with consent screens (I
| suspect not).
|
| It is very unfortunate that there is little clarity on
| that in the docs, and that entitlements are not exposed
| anywhere in the GUI. Sure, they are too technical, but
| they could at least be shown in some advanced info pane.
| I am seriously considering if I can dejail an old iPhone
| and perhaps inspect some big name apps for what they have
| been entitled to.
| gruez wrote:
| > FWIW I used WeChat a few years ago and at that point it
| definitely asked for local network access (which is what
| this article is about; a mechanism for collecting SSIDs
| which can then later be correlated to locations).
|
| Is that what "local network access" means? I thought that
| was for controlling network connections to LAN ips and/or
| to send multicast packets (eg. mdns).
| anileated wrote:
| > there was a VPN app I used that didn't have the "local
| network access" permission, but was still inexplicably
| able to get a list of wifi networks I connected to
|
| It is different from continuously getting a list of _all_
| SSIDs within your Wi-Fi range, even those you never
| connected to. This is what allows shady apps infer
| location (this, and massive databases of SSID matched to
| coordinates).
|
| What you described is also a feature of WireGuard iOS,
| and it needed no permission.
| lxgr wrote:
| As far as I can tell, Wireguard does it the other way
| around (i.e. you provide it with a list of SSIDs you want
| to always enable VPN for, it provides that to the OS, and
| the OS then only tells the VPN that it needs to get
| connected).
|
| But according to this [1] post (by an Apple employee?),
| having an enabled VPN profile seems to indeed be opting
| the app in to receiving the current SSID without the
| location permission, at least for some time and since iOS
| 14.
|
| [1] https://developer.apple.com/forums/thread/679038
| lxgr wrote:
| That's not what that permission does. As mentioned in
| TFA, SSID scanning access requires an entitlement
| (granted by Apple), not a permission (granted by the
| user).
| ben_w wrote:
| Because there's no rule saying they can't.
|
| I think.
|
| Legal advice about what is and isn't legal under GDPR
| (and equivalents) varies a lot.
| pixl97 wrote:
| Because this is how all operating systems work.
|
| If Microsoft wanted to give special apps access to your
| private data without asking, then that is exactly what
| would happen.
|
| The same thing is true in Linux, other than we'd expect
| that the open source nature would have users going "Yo,
| WTF"
| stavros wrote:
| That's like saying "because that's how locks work, the
| company who sold you the lock can just come open your
| door".
| pixl97 wrote:
| This is exactly correct, though you don't want to admit
| it's the case it seems.
|
| I mean, we just allowed Car Manufactures to pump as much
| contact data and location data as they can off your
| phones and sell it to whomever they'd like risk free and
| legally.
|
| We have laws against physical trespassing, but when it
| comes to 'data' trespassing on applications that you
| install or come with your phone we're still in the wild
| west.
| freedomben wrote:
| I think you're both right. the misunderstanding here is a
| difference between is and ought. pixl97 is describing the
| current state of things, not saying they _ought_ be this
| way (please correct me if I 'm wrong). stavros is
| describing the way things _ought_ to be.
| stavros wrote:
| Yes, exactly. It _is_ that way, but it should be illegal
| to do that.
| panarky wrote:
| _> and sell it to whomever they 'd like_
|
| Is there any evidence that car manufacturers are
| harvesting data from drivers' phones and selling it
| without consent?
| pixl97 wrote:
| https://www.businessinsider.com/most-car-companies-can-
| colle...
| lern_too_spel wrote:
| Android requires the app to ask the user's permission to
| read WAP identification details. Previously, the app had
| to ask for location permission, and now there is a
| special permission just for this. https://developer.andro
| id.com/develop/connectivity/wifi/wifi...
| talldatethrow wrote:
| Probably because you asked them for permission to use
| their phone and software.
| dns_snek wrote:
| They clearly purchased the phone, therefore it's not
| "their" (Apple's)
| talldatethrow wrote:
| I honestly don't see it like that anymore. You paid in to
| buy the object but you're still asking for permission to
| use their overall ecosystem.
|
| I think it's more like a child buying a teams jersey so
| that he can play on the team, but he can still get kicked
| off the team if he doesnt follow the rules. You can't
| argue "but I paid for the uniform with your logo, you
| must let me play 1st base!"
|
| Sure the child still owns the uniform, and maybe he can
| get some use out of it or sell it off for spares (parts)
| to other people, but him paying doesn't make him own the
| team.
| dns_snek wrote:
| I think we agree.
| freedomben wrote:
| I've asked similar questions before and am usually told
| that this is how Apple does things and it's what makes
| their users happy. It's in fact _why_ they love and
| choose Apple. They trust Apple to make the right
| decisions, and this is in fact a big part of the value
| add of their products. This is much related to the walled
| garden approach. For example, ask about why sideloading
| should remain not an option at all, rather than something
| like Android where you can enable it if you want to but
| "Grandma" isn't going to accidentally do it. Apple users
| actively don't want that capability. It doesn't make
| sense to me, but that's because "I'm not their target
| market."
| saiya-jin wrote:
| I have to agree with this sentiment, I read it here on HN
| 'power' users more than once. Although most Apple users
| have no clue about what we discuss here, the part about
| actively wanting it is simply not true en masse.
|
| Needless to say that's not for me and I will probably
| keep sporting Androids (in my case I am happy with
| Samsung's top ultra offerings) since I actually use those
| added features, ie saving 500 bucks on proper expensive
| variometer for paragliding and instead hooking it up via
| OTG cable with basic one with good sensor but without
| display, for 10% of the price... needless to say relevant
| app isn't on play store neither. And so on.
|
| But we certainly have choice on the market. I just wish
| Apple would properly focus on user security and shielding
| them from the worst of internet, and less on milking
| advertising, what I see so far didn't convince me it
| isn't just sophisticated marketing and not much more. You
| already pay premium on the device, its a proper spit in
| the face to be so visibly milked more and more, thats
| pure corporate greed.
|
| What I mean - my wife with iphone pops up browser, I pop
| up mine with firefox and ublock origin. Internet is
| utterly useless and horrible place on her phone, while
| completely fine on mine (plus I get youtube ads blocking
| as a bonus)
| JoshTriplett wrote:
| > Apple users actively don't want that capability
|
| That's a self-fulfilling property, with cause and effect
| going as much in the other direction: people who want
| that capability don't become Apple users. If you want
| openness, you don't pick Apple.
| wredue wrote:
| It's not that I trust Apple, it's that I trust Apple
| infinitely more than I trust the largest spy network on
| earth and existing without a smartphone today is
| difficult.
|
| If you need a smartphone, you can choose between a
| company that has some missteps, or a demonstrably evil
| spy network. I know who I am choosing.
| freedomben wrote:
| Thanks, your position certainly makes sense to me
| regarding a Pixel phone with the stock software on it,
| but much less so when considering options like GrapheneOS
| or any of the Androids made by other non-Google companies
| (like OnePlus, etc). That's the point at which usually
| "user experience" or "I'm already in the Apple ecosystem"
| usually come to fore-front as the reason.
|
| I don't really trust of those big companies, which is
| where GrapheneOS really shines. Open source, lots of
| enhanced privacy controls, but also as much of the Google
| ecosystem as the user wants. If you maximally distrust
| everyone, you can roll with pure FOSS. If you're
| somewhere in the middle like most people, you can pick
| and choose the pieces that are worth it to you (Google's
| Pixel Camera app is a common one for example). Graphene
| OS is also trivial to install now thanks to the web
| installer, so pretty much anybody who can load a web
| page, plug in a USB cable, and follow the explicit
| instructions to unlock the bootloader (which is stuff
| like, "open settings" -> "click about", etc) can do it.
| bloppe wrote:
| This mentality is fascinating to me. In a sense, nobody
| owns an Apple device. It's more like renting: the
| landlord keeps a bunch of doors locked and has strict
| rules, but the place comes pre-furnished and includes
| millennial-grade amenities.
|
| I can see the appeal if you don't particularly care about
| owning a device, but it blows my mind that people become
| so _dedicated_ to this way of living.
| averageRoyalty wrote:
| It's unlikely that if you have a mobile phone, the
| landlord doesn't keep some doors locked.
|
| At minimum - even if you're running de-Googled Android -
| the baseband blob has high levels of access and you have
| no control over it.
|
| I'm not saying Apple isn't worse with this, but the
| illusion of phone ownership spreads a lot further.
| madars wrote:
| Baseband blobs are isolated with IOMMU (at least on
| GrapheneOS https://grapheneos.org/faq#baseband-isolation,
| but maybe that's also true for stock Pixels idk) and
| Google spends a lot of effort on baseband security:
| https://security.googleblog.com/2023/12/hardening-
| cellular-b...
| madeofpalk wrote:
| You buy Apple hardware, which is a pretty strong signal
| that you trust Apple.
| 0cf8612b2e1e wrote:
| Two party marketplace. I don't trust Apple, but the
| competition is not any better.
| rpigab wrote:
| If every big app had to interrupt users to ask for simple
| things like performing http calls, usability would take a
| little hit, the nice "UX flow" of apple is a major
| selling point, so a very small percentage would buy
| Android phones.
| lxgr wrote:
| Determining my house or even room level location is not
| at all equivalent to making an HTTP call.
|
| And Apple does generally prompt for location permissions,
| as does Google on Android.
| wredue wrote:
| The market decides by not buying devices that empower
| apps to spy on them.
| tempodox wrote:
| With Apple there's no such thing as "my device".
| tick_tock_tick wrote:
| Because Apple fundamentally doesn't believe you own the
| device so the question makes no sense to them. They
| already own it why would they need to ask you?
| lxgr wrote:
| No app gets special treatment for any of the user-grantable
| permissions like location, Bluetooth, local network access,
| contacts, photos...
|
| What makes this any different? It really seems more like an
| oversight than a conscious decision, similarly to how (I
| believe) both iOS and Android have retroactively had to
| bucket some of the Bluetooth LE permissions into
| "location", since that's what you can effectively do with
| them.
| MBCook wrote:
| It could be. But the fact it's behind a special
| permission you have to request from Apple tells me they
| likely think it's secure enough.
| politician wrote:
| What's your basis for saying that Apple doesn't provide
| special treatment to apps? I've directly experienced both
| of their special and their non public (phone calls only,
| refusal to communicate over email) processes.
| lxgr wrote:
| I'm not claiming that at all in general, but I do believe
| it's true when it comes to user-grantable permissions. Or
| do you have evidence to the contrary?
| facialwipe wrote:
| Giving the world's most valuable corporation the benefit
| of the doubt.
|
| This is an interesting worldview to have in 2023.
| lxgr wrote:
| It's a pretty obscure API, and Apple has a strong
| interest in at least being perceived as pro user privacy.
|
| And assuming for a second this is indeed an intentional
| backdoor in plain sight of the world: What's in it for
| Apple?
|
| Hanlon's razor still cuts in 2023, at least for me.
| mrguyorama wrote:
| >Apple has a strong interest in at least being perceived
| as pro user privacy.
|
| Perceived is doing a lot of lifting there. The public
| largely cannot audit Apple's ACTUAL security.
| lxgr wrote:
| That's true, but arguably irrelevant here since this is a
| public, documented API that can be audited.
| onlyrealcuzzo wrote:
| Interesting that cutting monetary deals was a problem for
| Google, but special access APIs are fine.
| wodenokoto wrote:
| That doesn't excuse anything! This is not "oh poor small
| time devs", this is paying customers being lied to by
| Apple.
| kiririn wrote:
| See also McDonald's being allowed to gate app functionality
| behind _background_ location access
| lxgr wrote:
| That's adjudication of "soft" rules around permission
| optionality, which is a big problem, but nothing that
| lets apps bypass permissions outright.
| breakfastduck wrote:
| Chinese state supported spyware spies on you? I'm shocked!
| nottorp wrote:
| > Adding another layer to the discussion is the fact that major
| apps like WeChat and Alipay have already implemented this
| capability.
|
| So only the big apps can spy on you? The poster is Chinese so
| he cares about those 2, but how about facebook and google?
| squarefoot wrote:
| Spyware can be hidden in every piece of closed software,
| hardware, firmware with access to communications, so unless
| someone makes a 100% open device, from the first bit to the
| last screw, there's no 100% guarantee to be free from
| spyware.
| JKCalhoun wrote:
| Most entitlements though trigger a privacy prompt to allow the
| user to disable the functionality. Without writing a test app,
| I don't know that this is the case with this entitlement.
|
| I think it _should_ ask the user 's permission.
| salawat wrote:
| Keep in mind that in a corporate context, _not asking the
| user for permission or explaining what /why you are doing
| something is the (sociopathic imo, but nevertheless) norm_.
| To the degree you do disclose something like that it is
| inevitably hidden away or obfuscated by being put somewhere
| in the UX that no one ever really goes.
|
| Like seriously. I had the argument before;
|
| Architect: we're going to fingerprint users. Me: are you
| going to disclose that? Architect: Of course not. Me: It's
| their device. You should ask. Architect: That defeats the
| point. Me: You either don't understand property rights, or
| clearly have issues with the concept of consent.
|
| The entire IT space has been decades of building while
| eliding the fact these experiences are fundamentally being
| driven on someone else's hardware.
|
| But that's just the world we live in I suppose.
| dcdc123 wrote:
| How does that apply to thise case though? Asking for
| permissions on iOS is the norm and many apps include a
| message indicating what and why they are about to request
| something non-obvious before sending the request and
| triggering the popup.
| heyoni wrote:
| This particular entitlement does not trigger any pop up
| and can't be disabled by the user except by uninstalling
| the app.
| dcdc123 wrote:
| Yes, I get that...I just meant his whole spiel about "not
| asking for permission being the norm". In the context of
| iOS permissions not asking is the exception.
| filleokus wrote:
| But if Facebook/Instagram/Messenger (or Alipay / WeChat as
| mentioned in the article) has this entitlement and does fishy
| stuff, I guess this can actually be a large privacy issue?
|
| Does Apple do any analysis of entitlement usage and withdraw
| them when abused? A similar thing I remember is the Facebook
| VPN "scandal" where I think Apple withdrew the Facebook
| enterprise signing certificate?
| qwytw wrote:
| What do entitlements have to do with not asking for user
| permission though? Seems like separate issues.
| heyoni wrote:
| Entitlements don't require user permission.
| paxys wrote:
| Is that better or worse? "Don't worry you or I cannot exploit
| this, only large corporations and data aggregators can."
| j45 wrote:
| That's almost worse that it's kind of a side door to the users
| rights. That's generally only available to groups with the
| resources or know how to get it.
|
| I understand it's not ubiquitous.
| lloeki wrote:
| > that API requires entitlements to be used
|
| Lately I've witnessed a number of apps asking for Local Network
| permission ("Foo would like to find and connect to devices on
| your local network") when they have no business doing so in any
| possible way that I can think of.
| sroussey wrote:
| Many do this if they play video, mostly to enable chrome
| cast.
| dwaite wrote:
| Chrome Cast. There is no OS-level service for it to
| introspect the network looking for screens to cast to, so
| each app has to drop in a SDK - which then has to have
| permission to search the local network looking for screens.
|
| This was improved in recent iOS, but I never count on Google
| updating their SDKs to take advantage of iOS features on any
| sort of schedule. Even when they do, it will require third
| party apps to individually update as well.
| gustavus wrote:
| > FYI, that API requires entitlements to be used, which are
| only available if you request them from Apple and justify their
| use. It's not a general-purpose API any app can use.
|
| Well as long as it is just Apple that is deciding who can track
| me without my permission then that's okay I totally trust my
| corporate overlords for the wise and great Apple is
| incorruptible and without fault.
| thomastjeffery wrote:
| Did Apple audit their code, then? Why in the world should
| anyone trust Apple to be responsible?
| mrtksn wrote:
| TL;DR: Apps can access the nearby Wi-Fi hotspot SSID and MAC
| addresses through an API that is intended to help with connecting
| to hotspots. Then they can use this info to look-up in databases
| that collect SSIDs based on their locations.
|
| Seems like a valid concern, though the author's writing style can
| be off putting since has a tone with an agenda.
|
| However, AFAIK apps need to declare the use of this API and have
| a good reason for it(you fill up a form explaining why you need
| it and Apple has to agree to grant you the privilege). So, most
| likely your flashlight app is not tracking you.
|
| I'm sorry you don't like it but that's the truth, the author left
| out crucial details to make it juicier.
| INGSOCIALITE wrote:
| i wouldn't be worried about my flashlight app tracking me, i'd
| be worried about the large players who probably GET the use of
| this API, google facebook etc etc.
| secondcoming wrote:
| If that app has ads then your info is being sent to
| advertisers.
|
| Why would a flashlight app even need your location?
| mrtksn wrote:
| As I said, it's a valid concern. However the author forget
| the mention that you need to apply and get approved to use
| this API. I find it dishonest and alarmist.
|
| Here's the request form that you fill up for it:
| https://developer.apple.com/contact/request/hotspot-helper/
| wwtrv wrote:
| > However the author forget the mention that you need to
| apply and get approved to use this API.
|
| And? How is this any better? e.g. if I'm a dissident/etc.
| in China I would be much concerned about government
| affiliated large corporations being able to track my
| location than some random private developer (not that this
| specific API really matters that much if you're using those
| apps anyway).
|
| > I find it dishonest and alarmist.
|
| I find it a magnitude or two less dishonest than Apple (a
| company supposedly focused on user private) not informing
| their users that this is happening and directly requesting
| their consent.
| mrtksn wrote:
| Your government can track you all the time you have your
| phone with you, they have authority over the
| infrastructure. They can also make device manufacturer to
| track you for them, later you will be a single digit
| increase in their transparency stats.
|
| If you don't want the government track you, you will have
| to do much better than using mainstream consumer devices.
| Apple is not your spycraft supplier.
| redwall_hp wrote:
| You would also have to not use a phone in general, since
| your carrier always knows where you are, by the nature of
| how cellular networks work. Your phone has a unique
| hardware identifier that is linked to your identity, and
| every tower knows which phones pinged it recently. Two
| towers are two points in a triangle, and you're the
| third.
|
| Carriers constantly perform triangulation and keep
| records of phones' coordinates, which of course can be
| subpoenaed, and may be available more freely to
| government agencies, depending on how much abusive
| surveillance your local government does. Carriers have
| also sold this information to data brokers in the past.
| dylan604 wrote:
| I would absolutely be concerned about a flashlight app doing
| all the nefarious things. A flashlight app? Today? Still?
| Really? It's one of those apps that's absolutely useless
| since the OS provides this feature natively now. It is
| absolutely the type of app I would assume has no reason other
| than harvesting data.
| stavros wrote:
| You're conflating "utility to user" with "utility to
| developer". A flashlight app has no utility to the user, it
| doesn't really matter to me that it's useful to its
| developer (for collecting my personal data).
| dylan604 wrote:
| I'm not conflating anything. You didn't comprehend what I
| wrote.
| datadrivenangel wrote:
| Except that there are data collection SDK companies where you
| can get paid as a developer in exchange for installing an SDK
| that will send customer data to the company. It's one way to
| monetize an app a little bit more.
| froggertoaster wrote:
| > off putting since has a tone with an agenda
|
| completely agree, I read 2 sentences and closed it.
| yunohn wrote:
| Sure, entitlements need approval from Apple. But clearly, apps
| are able to get it for undisclosed reasons and use it for
| tracking. Obviously, this goes against Apple's guidelines and
| should be dealt with swiftly, especially now that it is public
| knowledge.
| ghusto wrote:
| > TL:DR; Apps can access the nearby Wi-Fi hotspot SSID and MAC
| addresses through an API that is intended to help with
| connecting to hotspots. Then they can use this info to look-up
| in databases that collect SSIDs based on their locations.
|
| This is the whole story. Thank you for writing it, and sorry
| that you're getting downvoted for it.
|
| > I'm sorry you don't like it but that's the truth, the author
| left out crucial details to make it juicier
|
| I wish there was a way to know when people had downvoted with
| "this is true but I don't like that it's true".
| mrtksn wrote:
| I wish too. I hate it when I don't know why I'm downvoted.
| JohnFen wrote:
| That's the only thing about getting downvoted here that
| irritates me -- I rarely know why people are downvoting.
| Sometimes I can infer why, but most often it's just a
| complete mystery.
|
| Knowing why the downvotes are happening could be a useful
| signal to help me improve commenting in the future. Not
| knowing why just makes the downvotes informationless noise.
| Keejazz wrote:
| I did not downvote you, but I did react a bit negatively to
| the comment about the language (we know it is chatgpt, at
| least in part) of the article. I was curious about the
| prompting, so I used a regular translator to get a feel of
| the original article, and I feel the original language seem
| OK (if my translators are half decent). I also reacted
| negatively to the last sentence in your comment, because to
| me, it felt like a truth-declaration based on an assumption
| (the author deliberately did not include...) - however,
| after translating the original and not being able to find
| anything about it there, either, I agree your assumption
| might very well be the truth, but this would still be
| intention-guessing, and that put me off a tiny bit. (if you
| read Chinese, all this would be an unfair assumption from
| my part, and I apologise :)
|
| I would never downwote for such things, personally. I found
| your TL:DR to be good (including more information as well
| as replaying the mains of the article is great value, thank
| you!) to care about small stuff mentioned above. But you
| seemed to want to understand why some have downvoted, and
| as I got a bit of negative reaction from the parts
| mentioned, I thought I could explain my feelings for them,
| in the hopes this might actually be useful for you.
| mrtksn wrote:
| Thanks for this detailed feedback!
| JohnFen wrote:
| Those crucial details don't really seem to make it much better
| to me.
| peddling-brink wrote:
| Docs:
| https://developer.apple.com/documentation/technotes/tn3111-i...
| I'd guess a review would stop the smaller spam apps, but not the
| big players, as noted by the author and other commenters.
| JKCalhoun wrote:
| Thanks. The docs confirm that an entitlement is required to
| call this API -- still does not make clear to me whether the
| presence of the entitlement brings up a prompt allowing the
| user to deny the use of the API.
| peddling-brink wrote:
| If it does, it would be for network, not location. Per the
| rules, this isn't a location api, except it actually is.
|
| Iirc Android has always asked for location to enable
| Bluetooth, I wonder if there are similar apis there?
| JKCalhoun wrote:
| Yeah, Apple may want to rethink Network != Location.
| patrickserrano wrote:
| There is a setting to allow location for the "Networking
| and Wireless" system service. I wonder if disabling that
| would prevent this from working?
| otterley wrote:
| If you care about this, the best thing you can do to get Apple's
| attention is to fill out the form at this site:
| https://www.apple.com/contact/feedback/ and select "product
| feedback."
|
| Doing so was instrumental to persuading Apple a few years ago to
| add an option "allow only once" when apps asked for permission to
| access the user's current location.
| donohoe wrote:
| How is it any different than an app that makes an request to
| their services API, thereby getting IP address which in itself
| can be used to get location information?
|
| There is always a vector for abuse, and I think Apple has taken
| large steps to reduce that. I find this story a bit of a non-
| event.
| lxgr wrote:
| There's a huge difference!
|
| Wi-Fi positioning is usually accurate within a few meters; my
| IP is frequently on the other side of the globe (when using a
| VPN or just roaming globally).
| filleokus wrote:
| IP gives you a rough location (like which city at best),
| SSID/BSSID can give you street/building level accuracy if it's
| in a database like https://wigle.net
|
| Considering the scale of these apps, I'm guessing they have
| internal wifi<->location databases with fairly great accuracy.
| mrpippy wrote:
| It's worth noting that use of NEHotspotHelper requires a special
| entitlement (com.apple.developer.networking.HotspotHelper) that
| you have to apply for, and presumably Apple won't grant unless
| your app has a legitimate need for it.
|
| That said, this maybe shows an incompatibility between Apple's
| privacy strategy and "super-apps" like WeChat and AliPay. When a
| company shoves _all functionality_ into one app, that app
| suddenly has all the entitlements, and it's harder to tell when
| and how any sensitive data is being used.
|
| The West generally doesn't develop apps this way. For example,
| Comcast has a separate "WiFi Hotspots" app. Although LOL, they
| posted 2 days ago that its functionality is being combined into
| the main Xfinity app. Maybe the West is catching up.
| bhpm wrote:
| Musk wants Twitter to be a super app.
|
| https://www.theverge.com/2023/7/26/23808796/elon-musks-x-eve...
| rainworld wrote:
| He also wants you to pay for the privilege of having your
| personal data including picture and ID sent to an Israeli
| spook front company:
| https://www.aljazeera.com/news/2023/8/21/x-blue-users-
| will-n...
| nequo wrote:
| > com.apple.developer.networking.HotspotHelper
|
| Where do you revoke this entitlement on iOS? Settings - Privacy
| & Security - Local Network? Or is this something else?
| yunohn wrote:
| AFAIK entitlements are not necessarily exposed as toggles.
| lencastre wrote:
| General > Reset > Reset Location and Privacy Settings
| ycombinatrix wrote:
| You didn't grant any location access in the first place, so
| why would this work?
| tick_tock_tick wrote:
| This is one of the special ones so you're not allowed to;
| Apple picks for you per app.
| kridsdale1 wrote:
| Facebook is a SuperApp. It had a WiFi-hotspot-finder in it for
| years.
| JKCalhoun wrote:
| I love when I launch an app and then get a bevy of requests to
| access my Camera, my Microphone, my Contacts, etc...
|
| I nope out and if the functionality of the app is trashed, so
| goes the app....
|
| Google Maps constantly hounding me to turn on precision
| location services, asking me if I am navigating for a friend
| and to allow access to my contacts... Wow, no.
| readams wrote:
| You don't think location is useful for a map ... ?
| amlib wrote:
| Well, a physical map certainly doesn't keep pestering me
| for my location...
| JKCalhoun wrote:
| It wants _precise_ location -- which I take to mean war-
| driving WiFi. GPS I am okay with for a map app.
| dwaite wrote:
| IIRC, Non-precise location is cell tower level location
| or the like, possibly a 12 square mile area. It is also
| very cheap if the device is already connected to a tower.
|
| Precise location may be from Apple's SSID database or
| from a GPS system.
|
| Non-precise location may help with getting more
| appropriate search results but won't help you with turn-
| by-turn navigation.
| elteto wrote:
| Precise location _is_ GPS, not the other way around.
| layer8 wrote:
| Is there a way for an end user to see which apps have this
| entitlement?
| rkunde wrote:
| I don't think you can unless you have a jailbroken device. If
| I remember correctly, entitlements are store in the AppStore
| receipt file.
| sumuyuda wrote:
| You can view the entitlements from the extracted ipa by
| using the codesign tool. So it is totally possible to see
| if an app has this entitlement.
| rkunde wrote:
| Oh, I only remembered seeing them inside the
| mobileprovision file. I'll take another look, thanks.
| karmakaze wrote:
| > presumably Apple won't grant unless your app has a legitimate
| need for it.
|
| Increasingly clear that Apple is in charge of what happens on
| _your_ devices not the users themselves.
| intelVISA wrote:
| Wasn't it ever thus?
| karmakaze wrote:
| I had the first iPhone up to the 3GS. It didn't feel that
| way then. Now there are continuous software updates that
| keep changing arbitrary and invisible policies.
| kenferry wrote:
| You're just more aware of it now. The privacy controls
| are MUCH tighter now than they were in that era.
|
| If you're a software developer, you must understand that
| the user cannot actually understand what any code is
| doing. Even if you're using open source, it's an illusion
| to think you know what it's doing. Heck, even the
| developer doesn't know what it's doing a lot of the time
| (how long does it take to figure out what's happening
| with a tricky bug?).
|
| So yes, Apple's policies do mediate what a developer can
| do on behalf of the user. That's how it works.
| mcphage wrote:
| > I had the first iPhone up to the 3GS. It didn't feel
| that way then.
|
| The history of smartphones is control being tightened
| further and further over time. With the phones you had,
| apps could track your location lots of different ways,
| and over time those data leaks are being bricked shut.
| Everything is moving in the direction from "Apps can do
| whatever they feel like" to "Apple controls what apps can
| do" to "The user controls what apps can do".
|
| This specific leak seems like it's stuck in the "Apple
| controls what apps can do" stage, so hopefully this post
| will help get it moving again.
| hayst4ck wrote:
| It might surprise you but a lot of people want that and buy
| apple specifically because of that. I would even go so far as
| to say it is a major competitive advantage.
| tjoff wrote:
| Big whoop. Consent is paramount and the assumption here that
| apple and you have aligned interest is pretty darn weak
| argument.
|
| The only thing of note here is that apple don't want you do
| know about it, which kind of circles back to aligned
| interests...
| rullelito wrote:
| So Apple decides which companies should have your location
| data? Niiiice
| _justinfunk wrote:
| >Credit: This article was written with the assistance of ChatGPT
| for the purpose of refining my English writing.
|
| I appreciated this disclosure. The English was still a bit clunky
| - but it was a great use of the technology to open up the article
| to a wider audience. It felt sincere to me.
| m3kw9 wrote:
| App that needs it will get it one way or another, is just not
| easy
| eduction wrote:
| I thought users were prompted to give permission for this
| already? I get asked if I want to give "local network" access to
| apps sometimes (- lot these days actually) which I take to mean
| the ability to see local WiFi hotspots. I almost always deny this
| (and after reading this just turned it off for Spotify). I think
| the dialog that asks for permission could be improved, though, as
| most people don't realize this can be used to deduce their
| location.
| rkunde wrote:
| That's for sending and receiving local network traffic, eg.
| talking to devices on the same subnet, and discovery of
| Chromecast and similar targets.
|
| Edit: AirPlay does not require this permission.
| graftak wrote:
| You'd think that AirPlay would be abstracted away by an OS
| API that does the local network discovery itself.
| ascagnel_ wrote:
| In my experience, it is. My podcast app of choice doesn't
| have that permission (I don't even think it asked for it),
| but it has the ability to bring up the system audio output
| selector widget and do AirPlay.
|
| If anything, I usually see this for apps that want to do
| playback via Chromecast/Miracast. The well-behaved apps
| wait until the user interacts with Chromecast output, the
| iffier ones ask on first launch.
| Hippocrates wrote:
| I don't believe it is necessary for airplay, but probably is
| for Chromecast, Sonos, and many devices to establish ad-hoc
| connectivity for setup and operation.
|
| I take this popup to mean that they want to fingerprint and
| locate my home network or backdoor it somehow. I ALWAYS deny
| this access unless the app specifically requires it, and that
| is rare.
|
| WiFi based geolocationing should be a well known privacy
| threat by now. The popup should really communicate that
| better and provide tighter controls.
| dwaite wrote:
| AVRouting in iOS 16 allows for a Media Device Discovery
| Extensions, which allows for a proper ChromeCast or similar
| app to provide media streaming in the same interface as
| AirPlay.
|
| So far there doesn't seem to be any traction by Google to
| migrate to this.
| teekert wrote:
| I take it to mean that it will scan my lan (plus tailnet?) for
| services. Like a Hue bridge or a Sonos speaker or a Chromecast
| etc.
| iamcalledrob wrote:
| As a developer, the annoying thing about the "Local Network"
| permission is that:
|
| 1) It's poorly implemented. Unlike other permissions, there's
| no way to explicitly trigger the prompt. It just pops up at
| Apple's discretion. There's no way to give it a "soft landing"
| for cases where it's necessary for core app features. And
| there's no way to check if the permission has been granted or
| not.
|
| 2) More importantly: Apple's own apps don't trigger this
| warning, which makes the playing field unfair. AirPlay etc.
| work seamlessly, whereas any competitor's tech doesn't. And as
| a developer, since you can't tell if this permission has been
| granted or not, you're left with a poor user experience.
|
| I'm particularly fed up of (2). If Apple is going to introduce
| restrictions, they need to apply to their own apps as well.
| AirPlay and AirDrop need to each ask for Bluetooth and local
| network access. The Photos app needs to trigger the "Select
| photos, Allow All, Deny" prompt on launch. The Camera app
| shouldn't be able to write to the photo library without
| triggering the same prompt too.
|
| That gives them an incentive to design the user experience
| around these restrictions well, and maybe be more creative with
| how to solve for this too rather than confusing dialogs.
|
| Currently they have a _disincentive_ to design this stuff well.
| Any iOS developer that 's had to work with these APIs knows
| that they are designed absolutely awfully with arbitrary and
| unexpected limitations.
| woah wrote:
| The developer of the Camera app already has access to all the
| photos in your Photos app. What benefit would a prompt have
| for the user?
| iamcalledrob wrote:
| Not sure if this is what you mean, but there could be
| multiple apps installed that write to the device photo
| library. You may not want the developer of one camera app
| to be able to access all photos on the device.
|
| But this raises a related point about how frustrating
| Apple's APIs are here: When an app is granted the "Write to
| photo library" permission by the user, it can only write.
| It can't read back what it's written, ever. You might
| expect that writing to the library might return a token
| that can be used to read that photo back. Nope.
|
| Android, for all its faults, does a much better job here.
| The OS keeps track of the app that wrote the photo -- and
| that app can read that photo indefinitely, unless another
| app edits that photo (and thus becomes the owner). A much
| better design.
|
| On iOS, to read back photos from the library, you have to
| ask for the "All photos" read permission, which few people
| will grant you. "Why does my camera want to read all the
| photos on my device?! Deny!".
|
| And just like that, you can't compete with the built-in
| camera which shows thumbnails of recently taken photos and
| allows you to swipe through them.
|
| Apple has no incentive to fix this either, because their
| own apps bypass this permission system.
| thombles wrote:
| No argument from me but regarding workarounds for (1),
| accessing ProcessInfo.processInfo.hostName has been a
| reliable pop-up trigger for me for a long time. Eskimo also
| offers some (esoteric) suggestions for how to notice if your
| network operation has been denied due to lack of permission:
| https://developer.apple.com/forums/thread/663852
| tinus_hn wrote:
| One should realize that what they call 'track user locations' is
| actually 'get a list of visible SSIDs'.
|
| Should be behind a permissions check, but not the end of the
| world.
| umanwizard wrote:
| Visible SSIDs are absolutely used to fingerprint location.
| dmboyd wrote:
| At least in the early days, every iPhone maintained a local
| lookup table between ssids and gps coordinates in a SQLite
| database.
|
| https://www.networkworld.com/article/752872/security-
| apple-o...
| tinus_hn wrote:
| That doesn't mean seeing an SSID means you are at exactly
| that location.
|
| If you are in a city you see 50 SSIDs at any given moment.
| Are you at those 50 locations at the same time? No. Is
| there a way to triangulate where you are exactly? No, its
| unreliable and not an exact science.
| charcircuit wrote:
| >Is there a way to triangulate where you are exactly? No
|
| The phone knows the signal strength of each ssid. Why
| can't it triangulate where it is?
| umanwizard wrote:
| It can and does.
| ycombinatrix wrote:
| you're all over these comments trying to convince
| everyone that SSIDs can't be used to determine location,
| yet you don't know how triangulation works?
|
| are you trolling?
| tinus_hn wrote:
| The comments are a million people claiming SSID
| triangulation is the best thing since sliced bread, makes
| GPS obsolete, guaranteed reliable instant pinpoint
| location because of this magic technology only understood
| by the wizards of Hacker News, triangulation.
|
| It's not. It's not magic. It has major limitations. It is
| not reliable. It is not exact. There is a reason phones
| use GPS.
|
| But hey, if you want to believe it is something it
| clearly is not, believe whatever you want to believe. It
| obviously neatly fits the 'hurr durr Apple bad'
| narrative.
|
| Obviously having a discussion on this site is impossible
| because of the way it promotes hive mind thinking, with
| its staff approved use of voting as agree/disagree
| buttons and inhibits discussion with the way you get
| blocked from posting when people downvote you because you
| are not in the agreefest. A true embodiment of the hacker
| spirit indeed. It's completely worthless and I am through
| with this thread. I have not been uncivil and not
| agreeing with the hive mind opinion is not trolling.
| stavros wrote:
| "Get a list of visible SSIDs" is exactly how phones derive your
| location. There's little distinction between seeing SSIDs and
| seeing GPS coordinates for 99.9% of the population.
| tinus_hn wrote:
| Back in the real world SSIDs are a very coarse and not very
| reliable way of locating devices. You are exaggerating.
| pornel wrote:
| Visibility of multiple networks can be used to refine the
| position.
|
| GPS takes time to acquire and isn't always available
| indoors. SSID method is quicker, and it's most likely the
| method your phone uses to get the position first.
| tinus_hn wrote:
| As you say, it's a method to get a coarse location and
| then refined using GPS which by the way does not really
| take time to acquire once you have downloaded the almanac
| and have the coarse location.
|
| So this 'allows applications to track location' actually
| allows applications to track coarse location which then
| does not allow them to refine using GPS.
| pornel wrote:
| 10-meter accuracy is not coarse location. Even for a
| single router the Wi-Fi range gives street-level address.
|
| I'd say city level position (a good case of reverse IP
| mapping) is a coarse location.
| beardyw wrote:
| I built a small ap on an ESP (where SSID scanning is bread
| and butter). It would track my location to within a few
| yards. The down side is it needs multiple SSIDs to do that,
| so not so useful outside an urban environment.
| jabroni_salad wrote:
| In 2012 or so I was able to do turn by turn navigation
| pretty reliably on an ipod touch that did not have any gps
| capabilities. I think you'll find coarse location is a
| little more specific than you give it credit for.
| luketaylor wrote:
| Not an exaggeration--Apple's primary "location services"
| API, used on iOS/macOS, is just a lookup table for wireless
| APs' MAC addresses. [1]
|
| WiFi scanning is much less power intensive than GPS, much
| more reliable indoors, and often (in dense areas) more
| accurate even outdoors. iirc the iPhone only connects to
| "real" GPS in specific situations, such as when visible
| wifi signals are insufficient (e.g. highway driving).
|
| [1]: https://www.appelsiini.net/2017/reverse-engineering-
| location...
| lern_too_spel wrote:
| It gives enough details that Android used to require apps
| to obtain ACCESS_FINE_LOCATION permission in order to get
| that information before splitting it off into its own
| permission. https://developer.android.com/develop/connectiv
| ity/wifi/wifi...
| dang wrote:
| Can you please make your substantive points without swipes?
| (like "Back in the real world", "you are exaggerating", "no
| you're fantasizing" -
| https://news.ycombinator.com/item?id=38710396, and so on).
| This kind of thing is against HN's rules and also spoils
| the substantive points you're trying to make. If you'd make
| your substantive points thoughtfully instead, we'd
| appreciate it.
|
| https://news.ycombinator.com/newsguidelines.html
| handsclean wrote:
| It's the same thing. Listing visible SSIDs and comparing them
| to very comprehensive databases is the whole way precise
| geolocation works in many devices, like MacBooks. I think even
| phone navigation has GPS much less precise than you see on
| screen, and the extra precision is gained with this technique.
| Making this technique really work is a large part of the reason
| Google drove or walked every street in the world with their
| recording gig.
| ycombinatrix wrote:
| One should realize that what they call 'track user locations'
| is actually 'receive GPS radio signals'.
|
| Should be behind a permissions check, but not the end of the
| world.
|
| lol
| ynniv wrote:
| I thought local network access and WiFi details also required
| location services access for this reason.
| andirk wrote:
| Whether the user is aware and opt _in_ is the issue, right? But
| all of the network signals that are triggered by web
| applications, phone apps, OS, isn't it almost always possible to
| get SOME information about a user's geo location?
|
| There's a theory that Silk Road's Ross Ulbricht leaked his
| location via a Captcha on a website, despite actively covering
| his tracks.
|
| I think Bitcoin's Satoshi is/was an Australian bloke living in
| Japan because of his wording + timestamp on posts.
|
| I was able to send a friend a little hello message via a Facebook
| ad by hyper targeting them (before fb disallowed that), which
| also confirmed their location.
| gruez wrote:
| >There's a theory that Silk Road's Ross Ulbricht leaked his
| location via a Captcha on a website, despite actively covering
| his tracks.
|
| How?
| Arch485 wrote:
| Assuming this is actually the case, probably a lot of
| heuristics that got "close enough" to his actual location.
| thih9 wrote:
| Which popular apps use that? Is it possible to check this?
|
| Like most here, I don't have Wechat or Alipay installed. But I'm
| interested in e.g. Instagram, Facebook, Whatsapp, Twitter,
| Tiktok, Snapchat, Chrome, Firefox, Photoshop, Lightroom, etc.
| rsync wrote:
| I know I sound like a broken record but I really do think app
| stores owe us the ability to see, in advance, what permissions
| an app will request.
|
| I shouldn't have to download and install the app just to see
| what kind of behaviors it is going to attempt.
|
| The app stores know this information and it would be trivially
| easy to present it in the details of the app prior to down
| loading.
| breakfastduck wrote:
| Yeah, this should absolutely be standard.
| sneeze-slayer wrote:
| In the Play store it is possible to see what permissions are
| required and data is collected.
| rsync wrote:
| I wonder if it is possible, as an Apple developer, to query
| "permissions requested" via some other channel ?
|
| I don't know anything about the ways Apple developers
| interface with the app store to submit or update or index
| their apps ... is it through xcode ?
|
| I wonder if there is some function in that toolchain that
| actually does what I am proposing ...
| Willamin wrote:
| This is possible and relatively easy for Apple to do: for
| most (if not all) permissions, a declaration that you
| intend to ask for permission is required in the app's
| Info.plist manifest file.
|
| When permission is requested and you've forgotten to
| declare that your app asks for it, the permission will be
| immediately denied without prompting the user.
| CharlesW wrote:
| > _I know I sound like a broken record but I really do think
| app stores owe us the ability to see, in advance, what
| permissions an app will request._
|
| Beyond what Apple already does? https://imgur.com/a/ouEqiGG
| paxys wrote:
| Reading through the linked docs, this API seems to specifically
| be for apps created by owners of WiFi hotspots to help users
| connect to those hotspots (https://developer.apple.com/documentat
| ion/networkextension/h...).
|
| > NEHotspotHelper allows your app to participate in the process
| of authenticating with hotspot networks, that is, Wi-Fi networks
| where the user must interact with the network to gain access to
| the wider Internet.
|
| > NEHotspotHelper is only useful for hotspot integration. There
| are both technical and business restrictions that prevent it from
| being used for other tasks, such as accessory integration or Wi-
| Fi based location. Before using NEHotspotHelper, you must first
| be granted a special entitlement
| (com.apple.developer.networking.HotspotHelper) by Apple.
|
| Which makes sense, but then why exactly are apps like WeChat and
| Alipay granted this entitlement?
| iforgotpassword wrote:
| Because the Chinese market is too important. For wechat you can
| maybe argue that it's a "super app" and probably also can be
| used to connect to wifi hotspots, but for alipay I fail to come
| up with an explanation..
| physicles wrote:
| Alipay is also pretty much an everything app (it also has its
| own ecosystem of mini-apps built on Alipay's platform).
| Except for the social aspect, it's nearly interchangeable
| with WeChat.
| iforgotpassword wrote:
| Ah I see. It's been a while thanks to the pandemic that
| I've been there, and even then preferred just doing wechat
| so I dont have to deal with even more stuff. At least for
| regular payment almost all places accepted both options.
| BertoldVdb wrote:
| You can buy hotspot access with Alipay (scan QR code ->
| connect), presumably thats why.
| paxys wrote:
| The sensible move would really be to break up these
| "everything" apps. Sure WeChat may have a wifi service, but
| if it is being used by 0.01% of the user base then why is
| everyone else forced to approve the permissions? Creating a
| separate "WeChat Wifi Connector" takes zero extra effort on
| their part.
| shkkmo wrote:
| You don't have to break up the app, just require user opt
| in to enable the feature for the app.
| gruez wrote:
| >API seems to specifically be for apps created by owners of
| WiFi hotspots to help users connect to those hotspots.
|
| VPN apps also seem to use it: https://github.com/pia-
| foss/mobile-ios/blob/4618b55161ec5b8b...
| n2d4 wrote:
| I don't know about Alipay, but afaict WeChat needs this feature
| for WeChat Wifi, which lets users connect to internet hotspots
| from their WeChat accounts
| https://mp.weixin.qq.com/s?__biz=MzI1NjA0NzQzOQ==&mid=265026...
| smith7018 wrote:
| I'm sure that's valid but I've worked for mobile app
| companies and can guarantee features like this are added just
| to get the entitlement.
| r00fus wrote:
| Ah now I see - to get all the entitlements they create a
| super-app that happens to use those things.
|
| Then they can spy on us for our main use case
| ccorcos wrote:
| Seems like Apple should give users the ability to
| download an app while rejecting an entitlement.
| Analemma_ wrote:
| You can. iOS apps have to request individual permissions
| - I'm not sure about the specific level of granularity
| here, but you can deny location access while still
| letting the rest of the app run, and the app has to be
| able to deal with it.
| diebeforei485 wrote:
| As I understand it, this SSID feature does not require
| location services permissions.
| ghostpepper wrote:
| It's not a new idea but I would love to see Apple
| implement a way to serve eg. a fake, empty contact list
| for an app that refuses to enable a feature unless you
| allow contact list permissions.
| lxgr wrote:
| No, you can reject permissions, but not entitlements.
|
| Entitlements are granted (statically, per developer
| certificate or maybe app ID, not sure) by Apple,
| permissions are (optionally) granted by users at runtime.
|
| The only way to not have an app making use of an API
| gated by (only) an entitlement is to never install it.
|
| Of course there could be permissions that are gated
| behind entitlements, but in this case it seems to be only
| an entitlement.
| lxgr wrote:
| I at least partially blame Apple for this too.
|
| I personally use several different terminal/Unix
| emulator/SSH client apps on iOS that request the
| "background location" permission solely because there is no
| actual "background execution" API.
| samstave wrote:
| The complexities and capabilities in the Chinese(well, most
| asia) mobile market are remarkable.
|
| I always find it funny when people boast about how great
| certain things are in the US without ever have traveled to
| HK, Singapore, Tokyo, Beijing etc...
|
| Most people dont realize just how entangled mobile life is in
| Asia, way more than in the US.
| ethbr1 wrote:
| Centralized superapps seem incredibly dangerous to privacy,
| given that the limited mobile privacy models are designed
| around per-app permissions. 1. Create app
| that does 1 thing 2. Add more features to app
| 3. Abuse superset of permissions 4. Gov leans on app
| owner 5. Gov abuses superset of permissions
| samstave wrote:
| No, I more than 100% agree, I am just staing that most
| people just dont realize just how deeply entangled the
| mobile is to Asian life. I wasn't praising it, I am
| horrified, but also in awe by it.
| gman83 wrote:
| I'm pretty sure most people are very aware that most of
| east Asia never saw massive PC adoption and so their
| internet developed in a very mobile-centric way. This
| hasn't been surprising for a long time?
| michaelt wrote:
| I'm not sure I agree.
|
| I mean, back when the west had WAP there were articles
| saying NTT DoCoMo had much more advanced phone
| technology, sure.
|
| But in terms of making it into the cultural consciousness
| - you don't see ubiquitous asia-specific mobile super-
| apps in cultural exports like 'Squid Game' or 'Spy X
| Family' (admittedly a lot of cultural exports aren't set
| in the present day)
| Analemma_ wrote:
| I think if you're in China the centralized superapp is
| the least of your worries, privacy-wise. I agree that
| this is probably part of why these things will never
| really take off in the US though (no matter what Elon
| wants to wish for).
| philistine wrote:
| It is not the least of your worries, it is the abusive
| system working as intended. It is policy of the Chinese
| state to ingratiate itself into every aspect of its
| citizens' lives to exert control.
|
| The fact the State is wholly evil in other ways does not
| lessen the worry; it multiplies it.
| refulgentis wrote:
| I think I'm missing some context: ex. there's O(many) apps
| that offer hotspot connections in the US as well. And my
| understanding is there's a privacy concern, which I think
| would be exacerbated by a super-app like WeChat adding
| this.
|
| What's the great certain things of all that?
| mardifoufs wrote:
| Is that inherently greater than not being connected or
| using super apps? Also, I didn't know Tokyo or japan in
| general were also into the "big app" concept. Japan in
| general didn't seem that "connected" relatively speaking
| back in 2017-18 but maybe stuff has changed in the past
| couple of years.
| vinay_ys wrote:
| Even if only genuine hotspot apps got the entitlement, it is
| not a user-friendly privacy-first design. Such API use should
| trigger a user-visible permission dialog before apps get
| background-notified and user should be able to select the one
| of "allow-once, allow while using, allow-in-background, never"
| and the app activity should show up in app privacy reports.
| TylerE wrote:
| Not sure I agree - in fact pretty sure I don't. Having lots
| of permission dialogs just trains users to mindlessly click
| yes on everything, because they just want to do the thing,
| not think about how the sausage is made.
| _heimdall wrote:
| Its a more basic question to me, why do these apps need a
| special entitlement? Couldn't they ask users for permissions
| like any other app, presumably with a good reason to go along
| with it since location is needed for some features?
| gorbypark wrote:
| Apple wants to gatekeep the feature for "legitimate" uses. If
| it was just another permission, random flashlight apps (as
| the joke goes) would ask for the permission and _n_% of
| people would just blindly accept it. Then, of course, Apple
| would get blamed for allowing random flashlight apps to track
| people's location. Of course this could all be done via the
| regular app review process, but Apple seems to have decided
| on a few permissions they want to keep super locked down
| (CarPlay is another, to avoid blame for when someone crashes
| while using some CarPlay app).
| diebeforei485 wrote:
| This is functionally a Location Services feature, so the user
| should grant location permissions to use this.
|
| I am not sure how it works in practice.
| lxgr wrote:
| Apparently the entitlement is not required in a few other
| conditions, listed here [1] by Apple: 1.
| application is using CoreLocation API and has user's
| authorization to access precise location. [This seems harmless
| - the app already gets the precise location anyway here.]
| 2. application has used NEHotspotConfiguration API to configure
| the current Wi-Fi network. [This seems to be the scope of the
| article!] 3. application has active VPN
| configurations installed. [This one is quite surprising to me!]
| 4. application has active NEDNSSettingsManager configuration
| installed. [No idea what this is exactly, but it seems similar
| to the VPN one.]
|
| [1] https://developer.apple.com/forums/thread/679038
| tqwhite wrote:
| My iPhone asks if I want to allow an app to access the Local
| Network. I assume that this
|
| 1) means that Apple does cover this situation and
|
| 2) my opinion that the phrasing "Apple allows applications to
| track user locations without authorization" is contemptible
|
| are both true.
| idiotsecant wrote:
| I'm sure giant pan-national ultracorp apple appreciates your
| defense of them.
| dang wrote:
| Could you please not post unsubstantive comments and/or
| flamebait? It's not what this site is for, and you can make
| your substantive points without it.
|
| If you wouldn't mind reviewing
| https://news.ycombinator.com/newsguidelines.html and taking
| the intended spirit of the site more to heart, we'd be
| grateful.
| 0x0 wrote:
| Pretty sure that's a different thing just to prevent tcp/ip
| connections to other devices on your local subnet after you
| have already joined a wifi.
| lern_too_spel wrote:
| That's a different permission. My understanding is it is not
| necessary to read WiFi details, which just needs an entitlement
| from Apple and no user prompt.
| lutoma wrote:
| I think that prompt is for something different.
| cdme wrote:
| My most blocked domain in nextDNS (which runs on all my devices)
| is metrics.icloud.com. books-analytics-events.apple.com is in the
| top 5 as well.
| rsync wrote:
| Hmm ... I don't see that in my nextdns logs. Is that a custom
| block you put into place or are you using a different filter
| list then I am?
| cdme wrote:
| I've got the native blocking ruleset for Apple added.
| captn3m0 wrote:
| Now I'm curious - which other apps have this entitlement? Is
| there a way for me to find out which apps on my phone have this
| entitlement?
| mannyv wrote:
| They're not tracking locations because they're not using GPS.
|
| They are checking the environment for stuff that might have known
| locations, which is different. You can do the same with
| bluetooth/BLE.
| panarky wrote:
| This is a distinction without a difference.
|
| The user must be in control of whether their location is
| disclosed to an app.
| extraduder_ire wrote:
| > You can do the same with bluetooth/BLE.
|
| Not anymore you can't. Sometime before 2020 apple, and also
| google, started treating BLE scanning as an operation needing
| location permissions. (I had to deal with this transition while
| submitting an iOS app that connected to a BLE device which
| actually had a GPS module in it)
|
| As of now, I still have to turn on location on my android phone
| to connect to some BLE devices.
| bdavbdav wrote:
| Same difference as far as a user is concerned. And BT/BLE
| explicitly asks for permission.
| x1sec wrote:
| SSID / BSSID is often enough to pinpoint the location. Recently
| someone debated this with me, so I asked him what his wifi AP
| name was, then proceeded to provide their home address.
|
| How? By searching it in https://wigle.net.
|
| That ended the debate quite swiftly.
| ralmidani wrote:
| This is one of the majors problems with completely locked-down
| platforms. Assurances that the owner of the platform respects
| your privacy and prevents others from violating it are really
| just a pinky promise.
| vlovich123 wrote:
| I think the perspective can be incorrect. No one expects Apple
| to get it perfect. Computing platforms are legitimately hard to
| secure, especially when you're talking about privacy which is a
| lot more amorphously defined culturally vs typical CS security
| which is defined as subverting technical access controls.
|
| The key question is whether Apple will play a curator role in
| trying to reign in the ecosystem. They have in the past (eg
| Uber was doing shady shit and there was a game of chicken to
| get them to stop). Of course Alipay and WeChat may be harder
| especially how Apple China is such a huge market for Apple and
| critical to their success now. It'll be interesting to see how
| Apple adjusts to this over the next few years.
|
| Open platforms also have this problem and also operate on pinky
| promises (perhaps even worse) so I'm not sure the point you're
| trying to make unless it's that "well if this problem isn't
| solved I'd rather have an open platform". The problem with that
| argument is that there are many issues and this is only one
| failure case which may be addressed in the future whereas open
| platforms have this one and many more that are unadressed.
| thund wrote:
| Open platforms can be reviewed and fixed more easily and
| faster
| vlovich123 wrote:
| Can you clarify with examples/technical description how an
| open platform will be able to review & fix privacy/security
| issues like this more easily/faster? As far as I know this
| wouldn't be news on Android because such permissions are
| granted as a matter of course without review. Keep in mind
| that most people use the Google or Samsung stores which
| aren't open platforms for verifying permissions aren't
| misused.
|
| For what it's worth spyware/malware consistently seems to
| target Android more than iOS [1]. To be fair Android has
| more units, but that's just one axis - iOS users should be
| more valuable to exploit because they're usually in a
| different socioeconomic bracket. Another data point is that
| Android developers get paid anywhere from $2k to $20k to
| add malware to their Google Play store app [2] - I can't
| find any articles similar for iOS so would be interesting
| to compare the marketplaces if anyone knows it for iOS.
|
| [1] https://nordvpn.com/blog/ios-vs-android-security/
|
| [2] https://www.bleepingcomputer.com/news/security/cybercri
| minal...
| kevinsync wrote:
| Whenever location data collection comes up, I always think about
| that Seinfeld episode where Kramer is receiving misdialed
| MovieFone calls -- at first he just talks to the person and reads
| the movie times out of the newspaper. Very helpful.
|
| Eventually, he starts emulating the phone menus, asking the
| caller "Using your touch-tone keypad, please enter the first
| three letters of the movie title, now."
|
| When this doesn't work, he blurts out "Why don't you just tell me
| the movie you want to see???"
|
| Why in the holy hell do app developers who are trying to provide
| some kind of location-specific data not just ASK YOU WHERE YOU
| ARE? "I'm in Los Angeles" would suffice 99% of the time. If you
| go to Idaho, and care enough, change your location in that app --
| now you get local bulletins about russet potatoes instead of
| encampment fires.
|
| This is a rhetorical question, no need to answer it, just
| screaming into the void.
| ryandrake wrote:
| I know you said not to answer, but for everyone else, apps can
| already do this using the OS's native permission controls, as
| of iOS 13 with the "Allow Once" option and as of Android 11
| with the "Only this time" option.
| WendyTheWillow wrote:
| You want to change your location in every app manually, even
| when your device has a GPS receiver installed?
| mikepurvis wrote:
| A happy medium would be if as part of the location-granting
| prompt, you could tell the OS "just give a city-level fix--
| this app doesn't need to know _exactly_ where I am ".
| 0cf8612b2e1e wrote:
| As someone who keeps GPS off, absolutely.
|
| Not that I think I can trust the phone actually disabled the
| GPS, but there is no reason my movements need to be tracked
| and recorded in detail. Make them go through the effort and
| pull up all the cellphone towers I ping.
|
| Day to day, there is a very good chance I am still in my home
| city as first configured.
| WendyTheWillow wrote:
| What percent of users would agree with you, in your
| estimation?
| 0cf8612b2e1e wrote:
| I guess I should just give up on privacy, because the
| typical user prioritizes convenience.
| WendyTheWillow wrote:
| That's your choice! But suggesting everyone operate on a
| substantially less convenient basis due to your specific
| desires for privacy seems... selfish.
| extraduder_ire wrote:
| It'd make for a useful additional option, as long as the app
| doesn't know it's happening. There are already ways to spoof
| GPS location, as many pokemon go players know.
|
| iOS already has an option to give a very loose fix to an app.
| sneeze-slayer wrote:
| Since Android 12, there is the option to choose between
| providing "precise" and "approximate" location data to an app.
| I have found it quite nice, even if it sometimes breaks a
| random app if a developer hasn't planned to use it.
|
| https://www.howtogeek.com/763227/what-are-precise-and-approx...
| toasted-subs wrote:
| Apple sometimes provides a prompt for letting photos be shown.
| Seems like sometimes they expose all your photos to application
| without asking.
|
| Seems worse to give your users a false sense of security.
| dang wrote:
| We've heard complaints that this title is overstated, and I'd be
| happy to replace it with a better (i.e. more accurate and
| neutral) one, if anyone has a suggestion?
| joshstrange wrote:
| "iOS apps can track a user via SSID scan with a special
| entitlement"
|
| I think that best describes it? Not sure but I agree the title
| as-is doesn't really ring true after reading the article.
| crotchfire wrote:
| I think the title is fine.
| Pesthuf wrote:
| This three class developer system on iOS is ridiculous. There's
| the normal developer who can do little more on iOS that you
| couldn't also do with a web app. There's the "blessed" developer
| with special entitlements that lets them violate the privacy of
| their users in new and fun ways and also provide features nobody
| else can so the normal developers can't compete with their app.
| And then there's Apple and for their apps, the restrictions
| everyone else has to deal with are little more than suggestions.
| Wouldn't want third party apps to compete with Apple's on their
| own platform.
|
| If there's a legitimate use for these entitlements, everyone
| should be able to use them. And the ultimate choice for what an
| App should and shouldn't be able to do should be in the users'
| hands. But Apple needs to protect their shareholders from this
| horrid vision of the future.
| aurelien wrote:
| Apple is evil
| EchoReflection wrote:
| case study in the power of word choice, _this_ "headline" reads
| "Apple allows _SOME_ iOS apps to track "... but the actual
| article to which this page links does _not_ include the word
| "some", making (imo) Yingyu's article seem to indicate a much
| more nefarious situation.
| happytiger wrote:
| Wait until people learn about Google sidewalk if they think this
| is bad.
|
| It is fundamentally intrinsic to the technology of most digital
| technology that: 1) their very data-driven nature leads to
| information gathering, and 2) the colossal and inherently
| inexhaustible recurring revenues in that data collection will
| always pull organizations and their leadership towards data
| collection at scale.
|
| The only conceivable framework for preventing information
| collection is to attach data privacy to the individual as an
| human right. Even "opting out" as an intrinsic default won't be
| enough, though it is regulators' and industries' favorite kick-
| the-can strategy.
|
| Otherwise it's just a question of time, as the incentive for
| profit is overwhelmingly attractive to companies, regulators and
| markets.
|
| Apple, for all the talk of privacy, cannot maintain the fiction
| of privacy while simulaneously answering to shareholders with a
| scale advertising business or really any advertising business of
| any revenue importance at all. Their promise of privacy for users
| died spiritually if not practically the moment they decided to
| dramatically expand their ad business, as it shifted the company
| from serving users as their customer with devices to _making
| those same users the product to be sold_.
|
| So this kind of thing is inherent and will continue to emerge
| from Apple. The opt-in, limited nature of who is allowed access
| matters very little. Just follow the incentives to understand
| corporate behavior.
| KindAndFriendly wrote:
| For the last few months, I am consistently receiving spam calls
| (on my mobile number) shortly after I left the house regardless
| of weekday, time etc.
|
| I never thought about the idea that an app can track when I leave
| my (most frequently) used WiFi and derive from that I left home.
| tremarley wrote:
| And unfortunately, there is no way to truly turn off WiFi &
| Bluetooth on iOS devices.
| forward1 wrote:
| Can we talk about the fact iOS/macOS turns on the Wifi and
| Bluetooth radios after each system update? Almost as if the
| devices were made deliberately to maximize spying, contrary to
| the marketing lullabies.
| emmo wrote:
| Yeah I find this incredibly annoying.
| ShakataGaNai wrote:
| Hanlon's razor: Apple is just lazy and defaults all these
| things to on, rather than keeping tract of the settings since
| they are used or needed by 99% of people. Apple loves its
| Bluetooth keyboards and mice, after all.
| graftak wrote:
| The latest iOS allows more (all?) automations to run without user
| acknowledgement so I made one that fully disables my WiFi when I
| leave my home.
|
| This does not solve the entire problem of course, but at least
| alleviates some of it.
___________________________________________________________________
(page generated 2023-12-21 23:01 UTC)