curious about Android side of things.
before uninstalling App, is it better to do logout from App, clear cache, clear data , force stop , and then Uninstall the App ?
> curious about Android side of things. before uninstalling App, is it better to do logout from App, clear cache, clear data , force stop , and then Uninstall the App ?
Logging out from the app might result in other side effects (e.g. invalidation of the session cookie) that an uninstall wouldn't trigger, but the other steps shouldn't provide any benefit over a regular uninstall.
if you jailbreak your phone you can clear the keychain for an app. it also might be possible to use third party tools to tamper with the iphone backup. imazing has support for backup editing but i'm not sure if it allows you to change the local keychain: https://imazing.com/guides/how-to-edit-iphone-ipad-backup
Yes this has been a thing for a good while.
If I recall right, they wanted to make the keychain erase itself after app uninstallation in iOS 10, but rolled it back due to compatibility issues, and here we are a few good years later.
The design guidelines for iOS currently recommend using the autofill feature for authentication, which don't use the app based keychain.
Saying that, we still use the keychain to store a login token, and, also been under pressure to not do it the recommended way as it's slightly more convenient for users to store and then restore credentials without the additional authentication check autofill does, according to sales.
I've seen this as well, and yes, it freaked me out
Uninstalled Chrome/Youtube app, 5-6 months later reinstall it, it automatically logs me in-- and I was like "Is Google tracking me?" But looks like its Apple's fault.
I would have though deleting an app got rid of all its data (like iOS so clearly warns), but looks like it doesnt.
I’ve seen an Android app (DFNDR antivirus/cleaner) take over Androids package manager before the user has even opened the application or agreed to any terms of service.
If you download the app from Google Play and try and clear the cache or storage of the app it brings up its own cache cleaner and doesn’t allow to purge the storage or cache of the DFNDR app.
This app is also heavily advertised by fake virus warnings to trick users into installing and many users have complained of receiving fake virus warnings right after they’ve uninstalled the app.
a lot of iPhone apps also try to collect information from the environment they are running in to try and fingerprint a user. this can be used to track a user even when the apps do not share keychain access. this article on nshipster has a good summary of the technique: https://nshipster.com/device-identifiers/
i've seen extremely high quality fingerprinting being used by some apps and they are going to extreme lengths to hide the collection of this data from apple or other interested parties. over 48 bits of entropy being recorded which should uniquely identify users.
Could this stored data be at all responsible for the sometimes huge “other” category in the storage consumption? Or can it only store small bits of data?
I’ve seen reports that wiping and restoring your phone from backup is the only way to get rid of this cruft so I wonder if it’s related.
13 comments
[ 4.5 ms ] story [ 35.6 ms ] threadLogging out from the app might result in other side effects (e.g. invalidation of the session cookie) that an uninstall wouldn't trigger, but the other steps shouldn't provide any benefit over a regular uninstall.
On MacOS you can clear the keychain but iOS has no such tool.
Saying that, we still use the keychain to store a login token, and, also been under pressure to not do it the recommended way as it's slightly more convenient for users to store and then restore credentials without the additional authentication check autofill does, according to sales.
Uninstalled Chrome/Youtube app, 5-6 months later reinstall it, it automatically logs me in-- and I was like "Is Google tracking me?" But looks like its Apple's fault.
I would have though deleting an app got rid of all its data (like iOS so clearly warns), but looks like it doesnt.
If you download the app from Google Play and try and clear the cache or storage of the app it brings up its own cache cleaner and doesn’t allow to purge the storage or cache of the DFNDR app.
This app is also heavily advertised by fake virus warnings to trick users into installing and many users have complained of receiving fake virus warnings right after they’ve uninstalled the app.
i've seen extremely high quality fingerprinting being used by some apps and they are going to extreme lengths to hide the collection of this data from apple or other interested parties. over 48 bits of entropy being recorded which should uniquely identify users.
I’ve seen reports that wiping and restoring your phone from backup is the only way to get rid of this cruft so I wonder if it’s related.