Announcement: we are working on a new #privacy app for iOS that raises awareness about which device signals and data a native app can see once installed on the iPhone even without requesting any permission.
-
@mysk Great
what will be the name of the app? 
-
@mysk Great
what will be the name of the app? @nemo This is the toughest part of the project
-
@nemo This is the toughest part of the project
@mysk Hahaha xD oh⦠oops
maybe along the lines of Little Snitch or Snoop Snitch. Something like Privacy Rat or something xD idkIn the animal kingdom, some birds or other animals shout to alert others to predators β maybe something along those lines.
The behavior is called an alarm call (or more broadly, alarm signalling); when individuals watch for predators and warn the group, it's also called sentinel behaviour. 1/2 -
@mysk Hahaha xD oh⦠oops
maybe along the lines of Little Snitch or Snoop Snitch. Something like Privacy Rat or something xD idkIn the animal kingdom, some birds or other animals shout to alert others to predators β maybe something along those lines.
The behavior is called an alarm call (or more broadly, alarm signalling); when individuals watch for predators and warn the group, it's also called sentinel behaviour. 1/2@mysk 2/2
Examples of birds that do this include the black-capped chickadee (its calls encode predator size), various jays and magpies, and many social species like swifts and starlings.
Or maybe lighthouse
-
@mysk thank you for this
I know for example that the device accelerometer is accessible.
That means that the app can log this data and know if Iβm on a desk, standing up, using my phone in movement, etc
I donβt know why Apple didnβt make a portal for this yetIn fact only an orientation api is requiredβ¦
-
@mysk thank you for this
I know for example that the device accelerometer is accessible.
That means that the app can log this data and know if Iβm on a desk, standing up, using my phone in movement, etc
I donβt know why Apple didnβt make a portal for this yetIn fact only an orientation api is requiredβ¦
@Atom0 Exactly, the app will cover all these signals and present them to the user in a nice and informative way.
-
@mysk 2/2
Examples of birds that do this include the black-capped chickadee (its calls encode predator size), various jays and magpies, and many social species like swifts and starlings.
Or maybe lighthouse
-
For example, there's an API that returns a global counter which increments every time you copy something to the clipboard in any app. In this early prototype, the count is 1349. All installed apps can silently read this value and potentially abuse it for fingerprinting.
-
For example, there's an API that returns a global counter which increments every time you copy something to the clipboard in any app. In this early prototype, the count is 1349. All installed apps can silently read this value and potentially abuse it for fingerprinting.
Yes, every app installed on your iPhone can see your local IP address if you're connected to a Wi-Fi. No permission is required for this and a VPN cannot prevent it.
Knowing the local IP address could for example allow an app to infer if youβre at home or visiting a friend if the two networks use different subnet values (e.g. 192.168.x.x and 10.0.x.x)
-
Yes, every app installed on your iPhone can see your local IP address if you're connected to a Wi-Fi. No permission is required for this and a VPN cannot prevent it.
Knowing the local IP address could for example allow an app to infer if youβre at home or visiting a friend if the two networks use different subnet values (e.g. 192.168.x.x and 10.0.x.x)
π€― Every app installed on the iPhone can read the iPhone's storage volume creation timestamp (down to the second). No permission required. This value remains the same until the volume is erased. Yikes!!
The UUID seems to be the same for all devices.
-
π€― Every app installed on the iPhone can read the iPhone's storage volume creation timestamp (down to the second). No permission required. This value remains the same until the volume is erased. Yikes!!
The UUID seems to be the same for all devices.So, every installed app can see your device's local IPs (WiβFi, cellular SIM, VPN). A VPN doesn't prevent that. I tested iVPN, Mullvad VPN, and Proton VPN. I tried several options such as blocking LAN traffic. Nothing worked to hide the IPs
β
οΈ
-
So, every installed app can see your device's local IPs (WiβFi, cellular SIM, VPN). A VPN doesn't prevent that. I tested iVPN, Mullvad VPN, and Proton VPN. I tried several options such as blocking LAN traffic. Nothing worked to hide the IPs
βοΈ@mysk oh man wait till folks hear about carrier enrichment
-
E em0nm4stodon@infosec.exchange shared this topic
