Really, it seems like they can’t help it.
Several social networks have been pinned by a group of cybersecurity researchers. Their fault? Have found a new way to collect your personal data, this time through notifications. What makes this story, usually rather banal, memorable is that this new way of recovering personal information is a priori only available on Apple products, once again calling into question the branding of the brand. , who would very much like you to trust her when she explains that “ what happens on your iPhone stays on your iPhone »
.
Push notifications, a good way to track you
A group of researchers at Mysk noticed that many apps collect a lot of data about you and your device simply by sending you notifications, even if the app in question is not open on the device. The principle is relatively simple: when they want to send you a push, Apple briefly allows them to run the application in the background. A small window of opportunity which would be more than enough, according to researchers, to know quite enough about you.
So, depending on the applications, a simple notification may be enough to determine your IP address, the duration since the last restart of your phone, the storage space available on it, or even the time zone in which it is located. And of course, whether or not you clicked on the notification in question, or how long it took you to dismiss it.
A very widespread practice
The Mysk group noted that the practice was not confined to one or two companies, and not necessarily practiced by malicious actors: almost all major social networks do it. This concerns: LinkedIn, X.com, TikTok, and of course all the Meta group applications. This revelation is a new blow to the brand image of Apple, which would really like to maintain its reputation for protecting privacy, and has even developed activatable options explicitly allowing the collection of information by these applications.
The researchers behind the study note that the information thus obtained makes it possible to obtain fairly precisely the identity of the person concerned, and in particular to establish their commercial profile. Note that a LinkedIn spokesperson explained that these were in no way used for advertising purposes, but only for the purpose of ensuring that the applications worked well.
However, as the study notes, Apple already provides feedback to application developers regarding the notifications sent to its devices. But above all, other companies like Google, although not always impeccable on the issue, do not engage in this collection. Maybe they didn’t know it was possible.
We spend almost 2.5 hours a day surfing the web in France. A not so trivial activity: we share, without realizing it, a lot of information about our private life. To mark Data Privacy Week, here is a selection of services that will help you better protect your data.
Read more
Source : Gizmodo, Mysk
0