64 comments

[ 5.4 ms ] story [ 77.5 ms ] thread
Are there any firewall style apps to block this type of behavior? Something like uBlock or uMatrix but for apps. I'm not inclined to trust any apps and would prefer explicit control over what they do.

Also, it's a bit strange to me that we didn't/don't seem to have this explosion of data leakage for desktop apps despite them having unique ids just like on mobile (idfa/google ad id).

You can use Will Strafach's new app Guardian that blocks trackers in apps. I think Apple is going to purge them from iOS apps over time, they've already started with kids apps.

https://guardianapp.com/

it's a vpn from all i see

cloud firewalls are their own brand of yikes, unless you run them yourself

It could be implemented as a local VPN server using the NetworkExtension API.
It's not though, typical VPN provider claims.

  Network Traffic Encryption
  
  Protect all passwords, communications, and other sensitive
  network data with AES-256 encryption, mitigating any
  attempts to monitor your electronic activity.
I think Apple is going to purge them from iOS apps over time, they've already started with kids apps.

To be clear, Apple isn't purging apps that protect kids in favor of its own apps.

Its my understanding that Apple is purging apps that take over the phone entirely (including the ability to remotely control the camera and microphone) by misusing enterprise certificates. There are plenty of kid protection apps out there that play by the rules and will continue to work.

I believe the parent was referring to a change in Apple's guidelines that was making the rounds a couple of weeks ago, “Apps intended for kids may not include third-party advertising or analytics”

This was previously discussed here https://news.ycombinator.com/item?id=20108096

As the other comments mentioned, I meant purging trackers from iOS apps.

There's a privacy reason to do it but also a business reason. Apple shouldn't have apps on their platform with dependencies to major competitors like Google and Facebook. And it's probably going to be ruled illegal anyway after the GDPR cases get litigated, so it's better to get ahead of it.

This app does not work in all countries and regions as yet.

The pricing for the firewall capability also seems to be on the higher side:

"The cost is $9.99/month (or $99.99 per year) for VPN + Firewall capabilities. VPN-only service will be available at no cost." [1]

[1]: https://guardianapp.com/blog/2019/06/introducing-guardian-fi...

And the VPN-only part is free, but it's not a locally emulated VPN. I'm gonna take a wild guess of how that particular service is financed.
You can use Pi Hole both on your local network and on cloud as VPN on your iPhone (only DNS or for full traffic)
DNS filtering can only do so much. For apps that hardcode addresses you'd have to set up your own firewall. And then to protect yourself when you are "in the wild" you'd have to use an always on VPN to your own network.

There might be commercial products that do this for you. Setting this up is definitely outside of the comfort zone for the overwhelming majority of phone users.

One of the main things Pi-hole does is give you transparency into what domains are being contacted and with what frequency, so you can identify and block relevant domains manually.

https://discourse-cdn.pi-hole.net/uploads/default/original/2...

https://discourse.pi-hole.net/uploads/default/original/2X/5/...

Not if the analytics companies start being contacted by hardcoded IP address, or the apps otherwise avoid DNS. May not by a common technique now, but it could become one.
All of this describes my Chromecast nicely. There are others that do it too. Forcing this traffic through the Pihole isn’t always helpful though, as blocking it entirely breaks the Chromecast (which is used mainly for playing local media).
So and so. I have a PiHole and a firewall. Plenty of stuff bypasses the PiHole and doesn't show up in the dashboard. It's much better than nothing but vendors are also getting sneakier. Also when you go out of your WiFi you're competently exposed unless you VPN back into your network or use some service that provide similar functionality.
Some routers can do something like NAT !<Pihole> and on port 53 —> pihole. Mine is a Uniquiti Edgerouter. It’s not a thing for everyone though, as you say.
A while back I used NoRoot Firewall on Android which works as a “local VPN” funnelling all web tragic through the app and you whitelist every outbound connection. Only thing is that you don’t always have enough context on each IP address for each app to make an informed decision.
The article mentions one.
running software is inherently unsafe -- beyond legit security threats where an app is getting information you haven't granted it, their use of sensitive information you have permitted needs to be more carefully audited

of course they're sometimes violating their privacy policy -- no real history of punishment / legal consequences here except (1) at the highest size scale (FB / G), and even they get away with minor fines in the US. And (2) sometimes terms get read by courts in other matters, i.e. zappos.

Plus product probably doesn't know the policy at some small companies; lawyers don't get involved enough.

the solution here is much stronger OS-level permissions models that can track the provenance of sensitive information. very big difference between my location getting uploaded as part of a 'search nearby' (i.e. a click) vs in the background. sensitive information should audit every read and should be required to dump communication messages to an audit DB visible to the user.

this is an area where open source can lead because it's easier for us to both run a policy checker / privacy linter and prove that it's running.

I would argue that a far better solution is community maintained software like what’s used on many open source OSes. Occasionally these end up with backdoors inserted by large governments but it’s no where near as bad as what happens with smartphone apps.
Open source and smartphone apps is not mutually exclusive. I guess you mean you want open source smartphone apps instead of closed source / proprietary smartphone apps.

There are some. For example, Marcel Bokhorst developed the following applications: NetGuard, XPrivacyLua, and FairEmail [1]

[1] https://github.com/M66B

Note my phrasing, I'm aware of OSS apps.

I'm sure the development experience is less extreme on android but smartphone development is nothing like the experience on the PC where dev tools (visual basic/TCL/python/bash even gcc) are very lightweight and easy to work with. On the iphone you actually have to send apple money and sometimes even fax them a copy of your drivers license.

Yes, you can have "open source smartphone apps" (although it's much closer to source available since the users really have no way to modify it) but you absolutely can't have community maintained software (again, on the iphone. You can on android in theory but the tooling really doesn't seem built for sharing with other people.)

Yup. In some cases it's not actually the app doing this either. That is to say, the devs at Yoyodyne Inc, who wrote the functionality you're actually paying for, also had to include some third-party SDKs for ads or SSO or analytics or whatever as part of the business requirements. And this is the problem: that SDK has all the same permissions as the code that the devs can see and audit. Even if the app isn't explicitly passing info into the SDK for tracking, the SDK can do whatever the heck it wants. (And there are sneaky workarounds like IP-based geolocation, which isn't perfect but also can't be easily stopped.)

This is not to absolve the company that incorporated the SDK of responsibility; but it's also worth noting that in a lot of cases they're probably not doing it deliberately, aren't benefiting directly, and may not even know that it's happening. We, as iOS developers selling an app to our users, absolutely should know, but don't always.

This is something that I think engineers should be pushing back on the business side whenever we can. These leaks that we open up aren't worth the gain. I would love it if Apple came up with a way to expand their extension model and let us easily sequester third-party code. We'll see if something like that develops.

Why is this titled this way? This is not inherent or specific to iPhones. The title should really be "Apps can do whatever you let them including send your data to unknown servers". This is the worst kind of piggyback article out there. It's piggybacking on another, more detailed source and it's using the term "iPhone" just to be more sensationalized.
"Why is this titled this way? This is not inherent or specific to iPhones."

My guess is that it's because that's what the article is about. Specific, named apps (for example "DoorDash"), running on an iPhone, and sending specific, named data ("device name, model, ad identifier and memory size") to other companies servers. So it's a very accurate title.

It's bizarre to complain about this with whatabout statements. It's like reading an article about soldiers from a given country killing civilians and saying that we already knew this, and that soldiers from other countries do it too. So what? This story is about this specific instance of it.

Ok but that entire insinuation is disingenuous. The article is taking a statement that Tim Cook made about what happens on an iPhone users phone in terms of Messages, FaceTime, and Apple Pay and is attempting to apply it to the entire App Store when that's never ever been the argument Apple's making. If anything, Apple is the only company that's tried to educate users about their data and isn't actively seeking to make a profit off that data.

And even your "whatabout" complaint seems disingenuous. This is more like reading an article that says that the US government is killing innocent civilians and then someone pointing out that the civilians were actually killed by an individual that worked for a contracting company that the US government hired. You can't, in good faith, make the connection that the actions of an individual somehow equate to the actions of the whole organization just because there was some tangential relationship.

Apple doesn't do this. Full stop. Specific apps do it and they do it regardless of the platform. This has nothing to do with Apple and the article, source and re-post, are simply dragging Apple into it for clickbait headlines.

What's the point of the walled garden to the end user if they don't use it to stop behavior like this? The entire pitch was that it allowed quality control. Without that it's just blatantly getting a cut of other people's work.
The walled garden isn't some impenetrable fortress, though. It does allow quality control and that is shown time again and easily seen when you compare the Apple App Store against the Google Play store, for example. All Apple is verifying, though, is that the app is coming from who it says it's coming from. It's these companies themselves that are selling the data to third-party companies. Unless Apple can someone predict and detect this reliably for every app, the onus of responsibility should be on the companies and their developers, not on Apple.
"simply dragging Apple into it for clickbait headlines."

The headline doesn't mention Apple at all. It's about iPhone apps. Your desire to defend Apple ("...the only company...actions of an individual....Apple doesn't so this"). is causing you to lose sight of the point of this story. The story is about iPhone apps communicating with unknown servers. You're welcome to write your own story about how good Apple is at stopping iPhone apps communicating with unknown servers, but that isn't what this story is about.

Now you're being disingenuous or just flat-out lying. The title and headline of the story is literally "It’s the middle of the night. Do you know who your iPhone is talking to? - Apple says, 'What happens on your iPhone stays on your iPhone.' Our privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week."

It's taking something that Apple said out of context and applying their actions to it as if they're somehow being duplicitous.

apple has been promoting themselves as the safe and private operating system. Tim Cook would probably argue that it's not newsworthy when android apps steal from you.

Articles like this put apple's claims in context: even if the OS is nicer to you, it's hard to tame the apps.

Nothing to do with Apple at all, if apps call services it can call anything at any time, some companies even hide things while Apple is reviewing then turn them on later. No way for Apple to know you are calling https://sometwiddle.com is nefarious or not, at runtime. At least in iOS the app has to ask for specific permissions to access things the app should not get without informing the user. But what it does with the info you give it permission to is not something Apple can control.
> No way for Apple to know you are calling https://sometwiddle.com is nefarious or not, at runtime

They could blacklist the common tracking app's domains/IPs. It might be futile since I'm sure they'd jump IPs daily/hour/etc if they need to. Perhaps they have a better way to detect them during app approval. Either way, the point is that Apple is trying to combat tracking in safari but it seems like they've completely missed this attack surface and that might be why they're being targeted.

But you're still right that a better article would also investigate Android apps since they're surely doing the same thing.

Hypothetically they could require developers to show up in person to their genius bar with government ID. There you would sign a legal agreement.

If you are found to have breached the agreement they'd then call in a swat team to shoot your dog and put you in the rape cage for the rest of your days.

Hypothetically.

Please don't do this here.
Probably because you have agency to restrict this on other platforms.
Because apple constantly markets the iPhone as a private and secure device.

"What happens on an iPhone stays on an iPhone" is a blatant lie.

Are these just the 3rd party analytics servers used by a lot of Apps?

My UniFi dashboard always shows spikes around 3-5am. I figured it was mostly iCloud backups.

Not directly related to the apps mentioned in this article, but one key permission that iOS lacks that Android has is the network access permission. There are many apps that I just don't want accessing the network or the Internet at all. I want them to run as local pieces of software with whatever other permissions I choose to grant them.

Even in our connected world, there is no reason to provide blanket network access to every app on the device.

Android does have the FULL_INTERNET_ACCESS permission, but the UI hides it pretty well, to discourage people from rejecting apps with advertising.
Yes, that and not being able to root a device is also restricting in some sense for power users.

You'd be surprised that some of the most popular OEMs (Xiaomi, and the Oppo trifecta) have removed the ability to restrict specific apps from using data. Some OEMs do remove certain security and privacy oriented user settings like Private DNS, for instance.

If you can root a device, you're good to go. There's no such escape with Apple, for both the developers (a good thing given Apple's privacy charm offensive) and the users.

> If you can root a device, you're good to go

If you can root the device, bad actors can root the device, and all the nice security/isolation guarantees made by the OS are moot.

It's a two way street and not for everyone (note that, I mentioned no-root restricts power users, not everyone), yes, but being able to root an Android device is the reason extensions like XposedMod+XPrivacyLua (uMatrix for all apps) and tools like Frida.re (dynamic and static reverse engineering) exist.

I don't see laptops sold without root due to security implications. Why the distinction for handheld devices? That said, I do get there's a lot of malware on laptops, and a malware being able to assume root is game over. So, I kind of get your point too (not necessarily agree with it).

AFAIK you can't refuse the network access permission on Android, even though the permission exists and is necessary for the app.
Doesn’t the “Off” setting for wireless data do this for iOS? With the other two options being “WLAN” and “WLAN & Cellular”, what’s the alternative network route?
You can't turn off network access for specific apps on iOS.
I don’t understand. For each app I have the above mentioned setting. What’s the network access method that’s outside of WLAN and cellular?
On my iPhone, the setting is “mobile data”, I.e. you can stop it from using cellular data (normally payable), but you can not stop it from using WiFi (presumably free).
Im using 12.3.1, maybe this is a new feature?
Where in Settings do you see a way to disable WiFi access to each app separately? Please provide the full navigation path. It's always been Cellular data that one could turn on or off for each app.
In the wireless settings for each individual app.

Sure, open settings, scroll to the app you’re interested in, click it to access its individual settings (location, notifications, background refresh, etc), click “Wireless Data”, then select “Off”.

Is there a reason to keep wifi enabled on a mobile phone while one is sleeping? There are certainly reasons against it. For one, it drains battery when one is not using the device.

Unless I am downloading something while I sleep, I disable the interfaces on computers while I am asleep. If I control the gateway that the mobile phone uses, then I can disable the interface on the gateway.

Turn it off and it'll just use the mobile networks instead. Turn that off, and now you won't get phone calls or text messages. I guess you could go and turn off mobile data for apps too, but its not like they won't just upload that data once you flip wifi back on...
This is what I do. If an app doesn't need an internet connection, it can't access the internet.
> "but its not like they won't just upload that data once you flip wifi back on..."
Only if gateway is up. I can't really control a mobile phone loaded with a corpotate OS (I guess this is the point the replies are trying to make), but I can significantly control a router loaded with an OS I edited, compiled and installed myself. I have found that I can reliably keep a mobile phone from getting access to the internet when it is relying on me provding the internet access.
Have mobile data turned off. Only use in emergencies where no wifi available. Don't use many third party apps and, on Android phones, the only ones are sideloaded. Disabled Google's app store. Still get cellular calls and texts when wifi and mobile data are off. Background data disabled too, FWIW.

Not really keen on mobile phones because despite the deep cascades of settings I do not feel I am really in control of them. Prefer computers where can easily compile and install own choice of UNIX-like OS.

Your phone will just use its cellular data connection if it doesn't have wifi, which drains your battery more.
Mobile data turned off. In some phones there is not even a SIM card.
The funny thing is that Safari works really great blocking all this kind of stuff on websites. So I want what Safari does, in all of my apps _unless I opt-in_.