Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy IT Technology

Now Apps Can Track You Even After You Uninstall Them (bloomberg.com) 118

If it seems as though the app you deleted last week is suddenly popping up everywhere, it may not be mere coincidence. From a report: Companies that cater to app makers have found ways to game both iOS and Android, enabling them to figure out which users have uninstalled a given piece of software lately -- and making it easy to pelt the departed with ads aimed at winning them back. Adjust, AppsFlyer, MoEngage, Localytics, and CleverTap are among the companies that offer uninstall trackers, usually as part of a broader set of developer tools. Their customers include T-Mobile US, Spotify Technology, and Yelp. Critics say they're a fresh reason to reassess online privacy rights and limit what companies can do with user data. "Most tech companies are not giving people nuanced privacy choices, if they give them choices at all," says Jeremy Gillula, tech policy director at the Electronic Frontier Foundation, a privacy advocate.

Some providers say these tracking tools are meant to measure user reaction to app updates and other changes. Jude McColgan, chief executive officer of Boston's Localytics, says he hasn't seen clients use the technology to target former users with ads. Ehren Maedge, vice president for marketing and sales at MoEngage Inc. in San Francisco, says it's up to the app makers not to do so. "The dialogue is between our customers and their end users," he says. "If they violate users' trust, it's not going to go well for them." Adjust, AppsFlyer, and CleverTap didn't respond to requests for comment, nor did T-Mobile, Spotify, or Yelp.

Uninstall tracking exploits a core element of Apple's and Google's mobile operating systems: push notifications. Developers have always been able to use so-called silent push notifications to ping installed apps at regular intervals without alerting the user -- to refresh an inbox or social media feed while the app is running in the background, for example. But if the app doesn't ping the developer back, the app is logged as uninstalled, and the uninstall tracking tools add those changes to the file associated with the given mobile device's unique advertising ID, details that make it easy to identify just who's holding the phone and advertise the app to them wherever they go.

This discussion has been archived. No new comments can be posted.

Now Apps Can Track You Even After You Uninstall Them

Comments Filter:
  • Member when you had some modicum of control of your software and OS.
    Member when software main purpose was to do something useful, and not just display ads.
    Would really be nice to get rid of my computer/phone completely just not to deal with any of this shit anymore, but that is impossible.
    • You can regain it, but it'll take a concerted effort...

      Just bombard the app's page in Google Play or iOS App Store with one-star reviews filled with mentions of how spammy they are, and the reason why you uninstalled the application. If enough folks do that, the app maker might (maybe?) figure out that uninstall tracking is a really bad idea.

      (I know, pipe dream...)

    • by anegg ( 1390659 )

      Another good reason not to install any more apps than you really need to on your smartphone. I use the browser wherever possible. The risk of giving someone else's code the authority to execute on my hardware if I can access the info I want through the browser isn't worth it.

      I also reset the advertising ID every once in a while, and set "Limit Ad Tracking" on, and clear the history and website data regularly. It would be nice if Apple would build in a single button to do this... perhaps give it a cute n

    • Re:Member? (Score:4, Insightful)

      by Gravis Zero ( 934156 ) on Monday October 22, 2018 @04:26PM (#57519833)

      Member when you had some modicum of control of your software and OS.

      Member when software main purpose was to do something useful, and not just display ads.

      Yeah, I do, it's called FOSS. I use it and so should you.

    • Apple still allows some control. It can show a distinct advertising ID to the app advertising to you and to the app you uninstalled, preventing this. And, it can let you disable push notifications, cause fuck that (literal) noise. (For 99.99% of apps at least).

    • by guruevi ( 827432 )

      On iOS you can always disable push notifications. Now whether that (lack of) functionality is acceptable to you is another thing but people will always be able to glean data when you use an online thingymajigger.

      • Does that disable the visible notifications or all communication from Apple servers to your apps?

        • by guruevi ( 827432 )

          It's a per-app setting. It's basically revoking access for a particular app to talk to Apple (which then communicates with the app creator) about your device.

  • Fuck! (Score:5, Funny)

    by nospam007 ( 722110 ) * on Monday October 22, 2018 @03:02PM (#57519289)

    Now my ex-app is just like my ex.

    • by Anonymous Coward

      Now my ex-app is just like my ex.

      My wife doesn't even talk to me, much less my ex's. Guess I'm doing something right.

    • Brilliantly succinct. Bravo.
  • by cshark ( 673578 ) on Monday October 22, 2018 @03:09PM (#57519327)

    Remarketing. That's what the practice is called. And it's the latest craze among marketing gurus, whom, as usual, do more to drive prospects away than make them convert. You might remember this crowd from such hits as the recursive self propagating pop up window, the pop up overlay, the popup overlay with long form manipulative cancel button, the landing page craze that recently ended (thank god), and various other forms of clickbait nonsense. As with the others, this too will die when the people actually spending money on it realize that there's absolutely no ROI in it for them.

    • by Anonymous Coward

      Constantly pushing their mobile app. The "Continue" button does not let you continue browsing the site but pushes you to download the app. Underneath in a tiny font is "mobile site" which is the correct thing to click if you want to continue browsing. And no matter how often you choose this they keep popping up the ad for their app.

  • They're not uninstalled. What gives?

    • No, the app uninstalls, but in the process of uninstalling, it notifies the seller of the app so they can try to browbeat you into reinstalling it. Why does the app seller have your address or why can they still send you notifications aren't quite clear... hmm, perhaps there is money to be made in blocking this kind of harassment.
      • by mark-t ( 151149 )

        Why does the app seller have your address or why can they still send you notifications aren't quite clear

        That's what I'm wondering... Honestly, this seems to me like only so much smoke.

      • by PIBM ( 588930 )

        It doens't notify the seller of the app that you've uninstalled it. Rather, the next time the owner of the app tries to notify that user of something, apple/google answers that no one is listening anymore at that address. It's been like this for years, maybe some people understood that just now ?

        • by tlhIngan ( 30335 )

          It doens't notify the seller of the app that you've uninstalled it. Rather, the next time the owner of the app tries to notify that user of something, apple/google answers that no one is listening anymore at that address. It's been like this for years, maybe some people understood that just now ?

          Not even.

          What happens is the app developer sets up their server to send a "ping" to your device every so often as part of the notification mechanism. The use of this is to tell apps they have new data to fetch (e.g.

          • by PIBM ( 588930 )

            Silent push notifications can have any payload the app programmer needs to send. Any silent push notification campaign will result in the feedback service updating the list of invalid devices. They can't send a ping to your device, they need to go through apple APNS service to contact the device, which will cause the aforementioned feedback service to update the list. The same process happens with Android.

            https://developer.apple.com/li... [apple.com]

            • by PIBM ( 588930 )

              Also, I guess that you could send a payload to trigger an app awake signal and ping back to the server, but that would use more of the device battery and processing time, and on android at least it would show that the app is using background process and the user would be presented with an option to turn that off. It`s better to only rely on the feedback mecanism not to cause those issues.

              Anyway..

      • by gtall ( 79522 )

        "Why does the app seller have your address or why can they still send you notifications aren't quite clear"?

        Because, they have the
        "mobile device's unique advertising ID"

        Imagine that, the ad exec who thought up this notion now has shrines devoted to him/her in every marketing dept. Marketing drone bow down before starting every day:

        Oh Blessed Drone,
        You who giveth them our daily dread,
        Smile on your

        • by mark-t ( 151149 )

          Because, they have the "mobile device's unique advertising ID"

          And at least on iOS, that unique ID is different for every distinct application. In fact, it is even different if you uininstall and then reinstall the same application.

      • by nnull ( 1148259 )

        Let me root my device so I don't have to deal with this crap

    • by PPH ( 736903 )

      They are uninstalled. But when the advertisers attempt to contact an app that was there once but no longer is, they start sending you nag messages.

      Someone needs to develop an app that does nothing but reply in place of the apps that you uninstalled: "Yep. I'm still here."

      • by mark-t ( 151149 )

        they start sending you nag messages.

        To where, exactly? If you've uninstalled the application, the unique ID that they may have had previously when you installed the app won't associate with a specific device.

        • Works for apps that make / invite you to register using your email address, or apps that harvest your mobile phone number. Once you start using the app they link the Push ID device as well as your account, and when you uninstall the app and a push message comes back "Push ID unknown", the app's author can look up the email address to start nagging.
          • by mark-t ( 151149 )

            apps that harvest your mobile phone number

            The app needs to get permission from the user to do this.

            But obviously if you send any other personal identifying information to the publisher, of course they can potentially try and contact you outside of the app... my point is that the unique identifier that the publisher uses to send you push notifications will be useless to them if you uninstall the app.

        • by EvilSS ( 557649 )

          they start sending you nag messages.

          To where, exactly? If you've uninstalled the application, the unique ID that they may have had previously when you installed the app won't associate with a specific device.

          They can target your device through mobile ad networks since they have the device advertising unique ID. So you uninstall the app and suddenly you start seeing ads for it in other ad-supported apps and possibly when you browse from the phone.

          • Re:So then.. (Score:4, Informative)

            by mark-t ( 151149 ) <markt@ner[ ]at.com ['dfl' in gap]> on Monday October 22, 2018 @04:55PM (#57520077) Journal

            They can target your device through mobile ad networks since they have the device advertising unique ID

            That advertising ID, at least on iOS, is specific to that application only... trying to send messages to that ID after you've uninstalled it wouldn't do anything.

            Even if you reinstalled the application, you would get an entirely new unique advertising ID associated with the app.

            Unless you choose to send other personal identifying information to the publisher, they don't have any way to send you messages about anything if you either disable push notifications from the app or simply uninstall it.

            The only thing the publisher will know is that the unique ID associated with a particular purchase is not working.

            • Re:So then.. (Score:4, Informative)

              by viperidaenz ( 2515578 ) on Monday October 22, 2018 @08:11PM (#57521173)

              Or if you regenerate your advertising id in Android.
              Settings -> Google -> Ads -> Reset advertising ID

            • by EvilSS ( 557649 )

              Uninstall tracking exploits a core element of Apple's and Google's mobile operating systems: push notifications. Developers have always been able to use so-called silent push notifications to ping installed apps at regular intervals without alerting the user -- to refresh an inbox or social media feed while the app is running in the background, for example. But if the app doesn't ping the developer back, the app is logged as uninstalled, and the uninstall tracking tools add those changes to the file associated with the given mobile device's unique advertising ID, details that make it easy to identify just who's holding the phone and advertise the app to them wherever they go.

              • by mark-t ( 151149 )
                The so-called "unique advertising ID" does not actually uniquely identify a specific piece of hardware outside of the application for which that particular unique advertising ID was generated. Those unique advertising ID's are generated when the application is first installed, and have no connection to any other unique advertising ID's that may exist on the device in other applications. If the application is uninstalled, the owner has no way to send any advertisements to them.
                • by mark-t ( 151149 )
                  duh... freudian slip.... didn't catch in on preview. I meant the *developer* has no way to send any advertisements to them.
    • by EvilSS ( 557649 )
      They are uninstalled. No one really read the summary I guess.

      Uninstall tracking exploits a core element of Apple's and Google's mobile operating systems: push notifications. Developers have always been able to use so-called silent push notifications to ping installed apps at regular intervals without alerting the user -- to refresh an inbox or social media feed while the app is running in the background, for example. But if the app doesn't ping the developer back, the app is logged as uninstalled, and the uninstall tracking tools add those changes to the file associated with the given mobile device's unique advertising ID, details that make it easy to identify just who's holding the phone and advertise the app to them wherever they go.

  • by Anonymous Coward

    If I find out your app is doing this I will let everyone know to stop putting bread on your table you evil cunts.

  • hiding and staying installed. Any corporate store Apple, Google whoever that allows this is just as criminal and unethical as the developers and companies who commit the act.
    Any developers and companies caught doing this should have a permanent ban given for any current (even other apps that did not do this but from the same source) or future products.
    I know some will say this is to hard. But until there is a price this will continue.

    Just my 2 cents ;)
    • by thomst ( 1640045 )

      oldgraybeard proclaimed:

      hiding and staying installed.

      No. No, they're not doing that. Not even. Not at all.

      If you had actually bothered to read TFA - or even TFS - you'd know that.

      But, what am I saying? A slashdotter with an ID near the 3M mark actually reading the article? Or the summary, for that matter?

      I know, I know - ludicrous, right?

      Sorry to interrupt your stream-of-consciousness ranting. By all means, do carry on blathering ...

    • hiding and staying installed.

      No, the apps aren't responding to pings (which they can do regardless of if they are running.) That's how they know they're uninstalled. The default "listen for background pings" behavior is off. Which usually means the app is uninstalled.

      • OK clarify this for me, is the uninstall tool doing this on the device? "changes to the file associated with the given mobile devices unique advertising ID"?
        And then a silent push is used to send the reinstall ad? And what app/service is being used to display the ad?
        I have written in house ipad apps for several clients and maintain remote dep devices using an MDM. I am curious what is maintaining the allowed device connection/permissions device side without user interaction? Something is installed yes/no?
        • ... the file they have with your details associated with your ad id.
          No silent push. It's the lack of response when they send a push that implies you installed the app. A long period of no network access could also trigger it I suppose, unless Google/Apple response with an error when they try to push notifications to uninstalled apps.

        • The silent push is sent to the app. The push gets a response 'push processed.' (or similar) once handled by the app. The companies us a silent push on app A periodically. If it fails [add conditions which indicate its uninstalled instead of the device off, like 7 times over a week], Company A (which makes app A) marks it as uninstalled. But it already knows that the ad id of the device from when the app was installed. So when Company B with App B auctions off the rights to advertise to that id, Company

          • Thanks interesting, If I get some free time I may take a look at the ad stuff. Have not had a need since I have just been involved in writing in-house business apps.
            I do know I would be a little irked if I tried an app then decided I did not want it on my device and deleted it. Then I kept getting ads to reinstall
            But I am a very out of the loop user, My cell is an old HTC G1 I bought when it first came out and the only apps I ever installed way back then were tether bot so I could use my phone to get my l
  • Use Adblock, Ublock, or whatever you have to. DO NOT TOLERATE ADS.

  • Can't you reimage your phone like you can a real computer? Or do the companies restrict you from doing even that?

    Might be a way to start fresh so even the trackers wouldn't be around.

    • by thomst ( 1640045 )

      smooth wombat inquired:

      Can't you reimage your phone like you can a real computer? Or do the companies restrict you from doing even that?

      Yes, you can - if you drive an Android device (although many users don't know how to access the bootloader to do what's called a "factory reset"). You can even replace your phone's OS with a third-party substitute [xda-developers.com] that doesn't load it down with crapware to begin with.

      Assuming your phone's carrier permits you to do that, of course. Many of them will not allow you to unlock the bootloader of a brand-new phone. (In the U.S., they can legally require you to be current on your payments for

    • Can't you reimage your phone like you can a real computer? Or do the companies restrict you from doing even that?

      Sure you can. But I don't want to do that, just because some shitty company sends me ads after I uninstalled their shitty app.

      The real solution for iOS is an addition the app store rules: "If you send adverts to an iOS device or to a user because an app of yours was uninstalled, your app will be removed from the App Store".

    • Would that matter? All they're doing is noticing that your deviceID/account doesn't ping them back for the app in question anymore, meaning you removed it. It's like if you got advertisements to your IP address for Windows 10 because Microsoft noticed they stopped getting telemetry because you installed Linux.
  • 2 things here:

    1. Are we supposed to believe that there are developers out there that truly believe that someone would uninstall an app by accident?

    2. Are we supposed to believe that there are developers out there that truly believe that someone intentionally uninstalled an app, but that they may be talked back into using it, by a push-notification?

    No, I feel like this is the first step in some new development to extort any means by which a user can be advertised to. The good news is that it'll end

  • by Zorro ( 15797 )

    Time for Congress to clean out Silly Con Valley.

  • The iPhone is looking more and more reasonable every day.

    The best thing that Google could do for Android at this point is to create a universal unlocker / re-locker that worked with all versions of Android going forward, and legally require that licensees not interfere with it.

    If Google is afraid to strip the shit-ware out, then at least publish the tools so that end users can do it themselves.
  • Basically when you install the App, the app gets your unique device id. That ID is trackable all the time.

    They can still track you and pelt you with unwanted ads with the knowledge you were dumb enough to install their app at some point in time.

    Even if these OSes did not support push notification, they can always make their app call home and update usage stats. When the usage stat is missing for a while they can mark it as uninstalled and pelt you with a different set of ads.

    Once you have uninstalled

"Ask not what A Group of Employees can do for you. But ask what can All Employees do for A Group of Employees." -- Mike Dennison

Working...