164 comments

[ 2.0 ms ] story [ 76.2 ms ] thread
"App graph". Something about that phrase makes it sound even sneakier, like an innocuous technical thing that has nothing to do with people. Nothing to see here. Just an app graph.

I think I will build a social network where your profile pic is a split screen of your headshot and your exposed genitals. You will use your real name, home address, and cell phone number, and frequently upload your credit card statements.

This way, we can all just get it over with already.

So basically just a frontend to Experian?
Yeah..how is it a graph? Isn't it just an unordered list of data points?
That sounds rather scummy. Any time you are collecting information unrelated to your own application is inexcusable.
I wonder if the Twitter app will also be removed from the Apple Store due to using "public APIs in a manner nor prescribed by Apple." Hint: it won't.
Apple may not remove it, they'll just refuse updates.
Unlikely considering they work closely with Apple on integration with Twitter. Double standard sure but I doubt Apple cares.
Apple's integration is independent of the Twitter app, though.
They are "too big to ban".
It's sad how true that is. Reminds me of the early days when Apple would ban all "sexy" apps, except Playboy and such.
Playboy has good articles...
If Apple applied their rules evenly across publishers, they would.
Is there an API in iOS to get information about other apps? How is Twitter doing it? I thought all apps were 'sandboxed' in iOS.
Apps can register custom URL schemes to enable other apps to open them, pass them data and even deep-link to within them. There is an official API called canOpenUrl: which will let you check if a particular URL scheme is registered on a particular device. So that, along with a database of public URL schemes published by other apps, lets you detect which apps are installed.

I wasn't aware of this before but apparently you can also use sysctl() to check the names of running processes (which is less reliable as processes will get bumped off if the foreground app requires more memory).

More here: http://danielamitay.com/blog/2011/2/16/how-to-detect-install...

There is also private API that is not very difficult to hide, which gives you all the installed app bundle identifiers.
How would you hide calls to private APIs?
Hardcode the address on all known platforms and skip it on unknown ones, or disassemble a public function that calls it and figure out the address from there, or read the Mach-O headers and write your own dlsym, etc. etc.

Apple once blocked a updates for everyone using a common SDK because it had named a symbol something that happened to be the name of an unrelated private API, and the review process couldn't tell the difference. That implies things about the rigor of the review process.

You can

1.) Scan for custom URL schemes the applications register so you can open them from other apps or web URLs. 2.) Retrieve a list of currently running processes in the background

"We will notify you about this feature being turned on for your account by showing a prompt letting you know that to help tailor your experience, Twitter uses the apps on your device. Until you see this prompt, this setting is turned off and we are not collecting a list of your apps. If you do not see Tailor Twitter based on my apps in your account settings, app graph collection is not occurring for your account."
I do not trust Twitter to do the right thing with the special level of trust Apple has granted them.
I agree. And I should have the option to refuse by removing app permissions.
btdollar it appears you've been hell banned.

I really think this is a cruel waste of peoples time, and HN should strongly reconsider this method of moderation.

EDIT: Down votes for telling someone they are hell banned? Pathetic.

(comment deleted)
I didn't down vote, but it might be because it doesn't appear that btdollar is hell banned. I though hell ban = all their comments are dead, but it's plausible that his [dead] comments were just down voted.
How would you know if someone else is hellbanned?
Simply put: if you have to setup a help page like this, you probably shouldn't have added such feature first place.
This is such bullshit. I refuse to use any app that does this kind of snooping. Twitter ought to be ashamed of itself.
If the app checked what other apps were installed and used that data locally, no big deal. Calling home with private user data is evil.
I'm trying to think of a scenario wherein an app would wholesale collect all other installed apps for local use. Querying for specific capability via the existence of an app or URL handler, maybe. But iterating all installed apps?
Tasker (for Android) does, to let you choose one to launch automatically when something happens. But apart from automation and possibly "personal analytics", I don't remember any other use case.
One more reason I'm glad I don't use the official Twitter app. I highly recommend Twidere.
Notice how they casually slip in "..and occasionally updating". This means that Twitter now has a nice list of all apps on your Mobile via the malicious Twitter app that snoops on your phone. They get to then sell this info to advertisers so that they can tailor their "tweets" to you.

And Twitter is a relatively good citizen as far as apps go. Just imagine what other apps who don't care where their next buck comes from are capable of...truly scary stuff.

The worse problem is that even if you do research on the developers and owners of an app before allowing a permission that warrants a lot of trust, they can at any time be sold to a scummy company or data-mining agency who exploits the trusting user-base. This is exactly what happened to SourceForge.
The majority of Twitter's revenue comes from mobile ads, and app install ads are a major component of that major component. Knowing what apps you do or don't have installed allows them to better target app install ads, and I imagine that's the reason for collecting this data.

So, if you don't have Clash of Clans installed, they can show you a Clash of Clans ad. If do you have Clash of Clans installed, they can then prompt you to reengage with it, or suggest other apps you're likely to install on the basis of your having shown an interest in games.

(comment deleted)
Why do iOS and Android give apps this data in the first place? Mobile apps will invariably abuse any trust granted to them, so platforms should just stop granting any more trust than necessary.
They don't explicitly provide it. Twitter uses a form of IPC built into iOS (canOpenUrl) to find out by brute force whether or not well known apps are installed.

In other words if you just submitted mynewobscureapp to the AppStore, Twitter would not be able to detect it until they added your app to their targeted list.

They don't explicitly give it. You can define your own URL schemes, e.g. hackernews://, and the OS will tell you if a handler for that URL scheme is installed.
Ironically, currently a few entries away from this article on HN, there's this one [1] about iHasApp that has shut down due to "using public APIs in a manner not prescribed by Apple".

[1] https://news.ycombinator.com/item?id=9625916

That article links to this Twitter support page, which is undoubtedly why someone submitted this to HN.
Just removed the Twitter app... Sorry Twitter but no thank you.
"You can opt out any time...three stages deep in the settings." What a cop out.

That's provided because 99% will never even know it's there. It doesn't matter if it's technically an option.

When your product is used by millions of people and updates automatically, the defaults matter.

Not only that, I followed the instructions (on iOS) and there is no "Tailor Twitter based on my apps", only "Tailor ads based on info from ad partners".
> > What is Twitter using my app graph for?

> Twitter is using your app graph to help build a more tailored experience for you on Twitter.

No thanks.

> Some examples of how we may use your graph data include:

> - Improved “who to follow” suggestions that share similar interests

No.

> - Adding Tweets, accounts, or other content to your timeline that we think you'll find especially interesting

Good lord, no.

> - Showing you more relevant promoted content.

Please, no.

Amazing they're doing all this trying to make their service "better," yet they continuously show me a feed of content I resent.
(comment deleted)
They didn't say it was better for you.

They're likely making it better for their customers. (Hint: if you're not paying them, you are not the customer).

There's a big difference between a user and a customer. Users are the raw materials used to make the product that gets delivered to customers.

I've noticed this with other services, apparently it's difficult to distinguish between "love thing X so much you share it" and "hate thing X so much you complain about it"
A lot of people seem to enjoy complaining. If you like posting this kind of thing to your friends, what's the difference?
> they continuously show me a feed of content I resent.

Then why do you use Twitter at all?

To be clear, I don't hate the content I choose to view from the people I follow, I hate the content that Twitter provides for advertising. There was a weird time when Twitter was actually showing me relevant ads - about computer stuff, startups (close enough). Now the ads are all random.
Maybe they'd do a better job if they knew what asps you have installed? /s
(comment deleted)
Allow me to translate:

> Twitter is using your app graph to help build a more tailored experience for you on Twitter.

The more we can prove to advertisers we deliver targetted content, the more they will pay us.

> Improved “who to follow” suggestions that share similar interests

We will continue to suggest you to follow people who paid us but they are more likely to actually be remotely interesting to you (no promise, though).

> Adding Tweets, accounts, or other content to your timeline that we think you'll find especially interesting

See first item.

> Showing you more relevant promoted content.

See first item.

Why is it called a graph? Isn't it just a plain list?
A sneaky attempt at making the idea more digestible by associating it with 'social graph', for which we are already used giving access to.
I removed Twitter and Facebook from my phone because I found them too distracting. Not having them snoop on what else is on my phone is just a bonus.
to be fair the web apps work well. I did the same on my mobile, no more snooping. But i had to root my phone to remove Twitter and Facebook so everybody can't do that.
This should be opt-in not opt-out.
We've designed app graph to exclude apps that appear to be especially sensitive, such as ones dealing with your health, sexual orientation, or religious beliefs.

I was alarmed until I read this. It is really nice of them to choose to keep our sensitive private information private. Thanks Twitter!

( Of course I completely trust Twitter to make the right decision on which apps are considered sensitive. )

The sarcasm is strong in this one. Hopefully.
I feel sorry for the apps that are trying hard to fit in and "appear" unsensitive. They probably still get snooped. That must really hurt their feelings.
Use MyFitnessPal

get spammed with weight loss products

Well that took about 2 seconds to delete..