Challenging Facebook and Google, Apple's New OS Warns Users When Data Is Collected

An anonymous reader quotes Forbes: Apple's updated operating system will now show you how often your location has been recorded and by which apps. It will do this proactively via a pop up, which shows a map of where you have been tracked, including the option to allow or limit it. Previously, many apps were able to track you in the background without your knowledge. They were able to collect vast amounts of data on you, which they could use to target you with advertising.

Along the same theme, another blow to apps such as Facebook and WhatsApp is a change in Apple's iOS 13 that will not allow messaging and calling apps to run in the background when the programs are not actively in use. Before, apps such as these were able to collect information on what you were doing on your device.

People are certainly becoming more aware of the way their data is used, following incidents such as the Cambridge Analytica scandal. In this context, many of the changes could be seen as a direct blow to Apple's rivals Google and Facebook: iOS 13 highlights their data collection practices and gives iPhone users the opportunity to stop them. In this way, it's an attack on Facebook and Google's business models. It's true: There are many apps that track you and collect data on you, and iOS 13 will affect all of these. But it is also worth considering the position that Apple holds in the market. When Apple speaks, people listen.
Forbes concludes that these features in iOS 13 "could encourage even the most apathetic Apple users to care more about their privacy."

Concrete step by Apple

[hcs_$reboot]

This daring move by Apple is welcome, and doesn't sound as demagogic as other previous attempts to "save our privacy".

Re:

[110010001000]

Actually it sounds like a more anti-competitive move. What use is WhatsApp if you can't receive messages when it is running in the background? I must be missing something.

Re:Concrete step by Apple

[olsmeister]

You're missing the part where you would still get a notification of a new message, allowing you to start the app if you want to read it.

Re:

[110010001000]

Ah, I didn't know that. Not sure how that is possible without the program "running in the background". Magical fairies I guess.

Re:

[olsmeister]

simple message handler.

Re:

[robdo]

Backend contacts Apple's servers which then notify the device

Re:

[110010001000]

Who knows? It is all closed source. It could be contacting Apple's servers and sending all your data to China for all we know.

Re:

[NoMoreACs]

Who knows? It is all closed source. It could be contacting Apple's servers and sending all your data to China for all we know.

So, when was the last time you examined all the Source for Android? And its Apps?

Thought so.

Re:Concrete step by Apple

[Freischutz]

Ah, I didn't know that. Not sure how that is possible without the program "running in the background". Magical fairies I guess.

Yes, but there are two magical fairies their names are 'Mrs. Event Driven' and 'Mr. Message Handling'.

Re:

[110010001000]

Yes, but that is how the system always worked. I don't see the difference. It is hard to see what exactly changed with closed source software.

Re:

[bobby]

A program / code can be loaded in RAM but receive no CPU cycles until a message tells OS to run that code. Much like an IRQ or a software interrupt, for example, calls up some loaded driver code that is otherwise sitting quietly.

If you think about it, a running OS is full of modules, and static (and some dynamic) library functions that sit until needed.

And some code could be in the run/task list, simply check for a "go do that thing" message, and otherwise do nothing but exit quietly.

Magical Faery's name: Cloud notifications

[DrYak]

The same has also been used on compatible Android devices (either running the official proprietary blob "Google Play Service", or some opensource reimplementation like microG [microg.org]): Cloud notifications .

- At setup, the app registers at a cloud server.
- There's a single system-wide daemon listening/checking periodically the cloud server.
- Whenever there's something like a new message on WhatsApp, the whatsapp server send the information to the cloud notification server.
- Your phone gets the notification from clo

Re:

[110010001000]

Yes, I've written Android apps that worked like that. In addition you can still access location services in the background, but you needed to have something in the toolbar that indicated the app was running. Not sure if that changed.

Apple provides developer an API, and users control

[drnb]

Ah, I didn't know that. Not sure how that is possible without the program "running in the background". Magical fairies I guess.

Apple has an API and service for 3rd party developers called Push Notifications. What's more the user gets to decide how their notifications are displayed on a per app basis. Everything from an alert sound plus a popup with verbose text from the message down to silently putting a numeric badge on the app icon to show how many unread notifications have arrived.

Re:

[Richard_at_work]

Push notifications, which have been around since Apple launched the first iPhone in 2007. A standard format message with deep link hooks into your apps registered link schema is sent to your device, and the device formats and displays the message independently of the app. The user can then click on the notification and be taken into the app.

Re: Concrete step by Apple

[xushi]

+1 to that. In my example, TripAdvisor - an app I havenâ(TM)t used in months and only ever (sometimes) use it when Iâ(TM)m on vacation, was tracking me over 50 times the past 2 days. Deleted it.

Re:

[Applehu Akbar]

IASTHTBEI: It’s Apple, so there has to be evil intent.

Re:

[binarybum]

There is. But the enemy of my enemy...

Re:

[NoMoreACs]

IASTHTBEI: It’s Apple, so there has to be evil intent.

Spectacular! You win the Internets for today!

Notifcations for apps can display when not running

[drnb]

Actually it sounds like a more anti-competitive move. What use is WhatsApp if you can't receive messages when it is running in the background? I must be missing something.

An iPhone can receive and display notifications for WhatsApp when WhatsApp is not running. Apple has an API for that. You will not miss anything if WhatsApp uses the Push Notifications API.

Re:Concrete step by Apple

[olfdag_kerfunke]

Just remember that Apple was one of several that introduced this type of tracking in the first place. One of the major features of the original release of the iphone was the built-in GPS that could be used by apps to provide "restaurants near me" and other similar features. This "change" is the result of very limited levels of competition in the mobile phone market. Apple is forced to differentiate themselves from identical "commodity" competitor's products through these sorts of features. I'd like to see some real competition in the mobile phone market. In a competitive market I believe products using shoddy lowest-common-denominator software like iOS or Android could never survive as they do today. Originally there was limited mindfulness or care for the fact that 1984-like outcomes could be projected from the availability of these features. This is now nothing more than a reactionary move by Apple and for all the wrong reasons: product differentiation, not care or concern for the best possible functionality of the product or well being of the customer. CAPTCHA was: ingrate (no anonymous coward allowed?)

Re:

[tripleevenfall]

Regardless of what happened long ago, when the tech was all new and no one was concerned about these things, the market today has chosen positions decisions.

Google and Facebook don't really make anything. They have to try to profit from users' data. Apple makes devices so they are able to profit directly from users, from the sale of devices and from money spent in their ecosystem.

I know which one I want to do business with.

Re: Concrete step by Apple

[Cmdln Daco]

Or the other point of view is that Facebook makes content, whereas Apple just makes equipment to carry that content.

Re: Concrete step by Apple

[Puls4r]

Facebook's users make content, and 95% of it is "Can HAZ CHEZBURGER?" level content. I don't need to know if your dog had a healty BM. I very much would like to see the carriers (Comcast, Verizon, etc) divorced for the hardware manufacturers. Pretty much everyone would be better off if the carriers weren't actively discriminating against every other product on the market.

Re:

[BrainJunkie]

shoddy lowest-common-denominator software like iOS or Android

What mobile phone OS do you consider better than iOS and Android?

Re:

[Khyber]

The one that came with the N-Gage.

I can turn my phone on from power-off and call 911 in just a few seconds. Any iOS or Droid device takes at least a full minute or longer.

Re:

[retchdog]

i just timed my iPhone XS (iOS 13.0) and it took ~21 seconds. even my piece of crap android i bought cheap for research doesn't take 3x longer than that, so i call bullshit on your "statistic".

but say it was accurate; how often are you cold-booting a phone anyway, smart or dumb?

Re:

[soliter]

He was talking about symbian, developed by nokia. It's dead now. It was pretty fast, although it's not a smartphone OS.

Re:

[retchdog]

"Any iOS or Droid device takes at least a full minute or longer."

Re:

[Khyber]

Brand-spanking new Moto G6 takes over 70 seconds to boot.

Kyocera DuraForce Pro - 84 seconds.

Even your 20 seconds is almost TEN TIMES LONGER than my N-Gage.

Can you wake me when you can drop your boot time an order of magnitude? Probably not.

Re:

[NoMoreACs]

This is now nothing more than a reactionary move by Apple and for all the wrong reasons: product differentiation, not care or concern for the best possible functionality of the product or well being of the customer.

I'm glad you know exactly what is in the minds of the people directing iOS Development at Apple.

Ingrate, indeed!

Depends on location data being stored or not

[drnb]

It all depends on whether that location information was stored or not. If a location is determined, relevant recommendations sent, and neither is recorded for future analytics and profiling then there is no problem. Apple may have done so, maybe they do so now(*). Google and Facebook are unlikely to do so because their business models are built upon such harvesting of data, profiling users, selling the users to advertisers, etc.

(*) It all depends on whether Personally Identifiable Information (PII) is st

Can you just block them?

[AmiMoJo]

Can you just block those apps from collecting location information? On Android you can, and you have the option of only blocking background location checks too so the apps work when they are in the foreground.

I'm a little sceptical of their privacy credentials though, after they neutered ad blocking in Safari.

https://slashdot.org/firehose.... [slashdot.org]

Re:

[Anonymous Brave Guy]

I'm a little sceptical of their privacy credentials though, after they neutered ad blocking in Safari.

Right. Why does a phone OS come with a built-in ID to help advertisers?

Re:

[weilawei]

Because if you don't want them to track you so much, you have to give them a way to track you.

I didn't say it made sense.

Re:

[EvilSS]

I'm a little sceptical of their privacy credentials though, after they neutered ad blocking in Safari.

Right. Why does a phone OS come with a built-in ID to help advertisers?

Because the user has more control over that ID than they would with something being done in-app. The user can enable limits on it, and reset it whenever they want. The idea was to push in-app ads over to using the phone's ad ID, giving users a little more control over it.

Re:

[Anonymous Brave Guy]

Apple has effectively 100% control over which apps can be deployed on its platform, because aside from things like jailbreaks, it controls the only source in town.

If Apple didn't want its platform abused for tracking purposes, it could simply require that developers not do it, and kick anyone who did off the App Store.

Re:

[EvilSS]

Sure, but the app devs would revolt, and an ecosystem is really only as viable as its available apps. Just ask Microsoft's Windows Mobile team about that. It's a necessary compromise. If they didn't care, they could have just let advertisers set their own tracking IDs.

Re:

[haknick]

Yes you can. The problem is that generally for a little bit of convenience you give a lot of privacy away, since you still might need the background feature, once, or very rarely The way I understand this, is that it makes you aware of the times you actually don’t need it

Ad blocking can still be done. Kinda.

[BAReFO0t]

Not thanks to Apple, of course.

The trick is to use an ad server blocking DNS server. Obviously one that you trust. (Setting up BIND without forwarding on your or your tech friend's home server isn't hard.) Because it will of course know all your domain requests.

Re:

[chrissfoot]

Pi hole (https://pi-hole.net/) every time!

Re:

[AmiMoJo]

Unfortunately DNS based blocking is not very effective these days. It doesn't work at all with YouTube, for example, and the lack of dynamic rules makes the lists of banned domains hard work to maintain.

Despite what APK will tell you, in-browser content modifying blockers are far more effective.

What do you mean "with no help from Apple"

[SuperKendall]

Not thanks to Apple, of course.

iOS fully supports installing ad blockers for Safari, what are you even talking about.

Not to mention you can choose to reset advertising identifiers at any time, and they don't work across apps. So you can shut down even what limited tracking is permitted.

Re:Can you just block them?

[swillden]

Can you just block those apps from collecting location information? On Android you can, and you have the option of only blocking background location checks too so the apps work when they are in the foreground.

Android 10 also shows you recent location requests (under Settings -> Location), and occasionally notifies you when apps request location in the background, and offers you the chance to block them from doing so.

Re:

[Canberra1]

Misleading information is better to corrupt databases. so far only Copperhead OS gives people this choice. Location, sure, Antartica, Pitcairn Islands Midpacific. Name - Admiral Butthole. When people who PAY for leads see this, they get more than angry.

Yes of course, you can block, but this is ideal

[SuperKendall]

Can you just block those apps from collecting location information?

iOS has a rich set of mechanisms to work with location.

Per-app, you can:

* Block location entirely.
* Allow the app to get location updates only while the app is open.
* Allow the application to get location just one time, so you won't forget you enabled it if you open later.
* Allow app to get location in the background. This option now requires the user to manually go in and do this in settings, you cannot be granted this just by prompt in th

Re:

[NoMoreACs]

Can you just block those apps from collecting location information? On Android you can, and you have the option of only blocking background location checks too so the apps work when they are in the foreground.

I'm a little sceptical of their privacy credentials though, after they neutered ad blocking in Safari.

https://slashdot.org/firehose.... [slashdot.org]

You most certainly can block "Location Services" at both the System-Wide and App-Specific levels.

And it looks like Apple deprecated their old Extensions model in Safari, likely due to security concerns, and replaced it with an arguably less-capable (but likely more secure) Extension-system. You failed to mention that. And that Ad-Blockers were not the only Extensions affected. So, unlike your disingenuous claim that "Apple neutered Ad-Blockers in Safari" (as if they specifically targeted them), they real tr

why?

[AndyKron]

If the OS knows an app is tracking you why can't it block it too?

Re:why?

[gnasher719]

If the OS knows an app is tracking you why can't it block it too?

Because it is based on permissions. I want my GPS to know where I am. I don't want Facebook to know where I am.

Any app can only track you after asking for your permission and getting it. One thing that the AppStore does is not allow apps even asking for permission unless there is a good reason why they would need your location. For example, a flashlight app won't need that information, and Apple doesn't allow it on the store if it tries to ask.

The big change that Apple made: No app can ask you anymore to allow tracking while the app is not actively running. You can only allow that in Settings, which means 99% of users won't allow it, only the 1% that have a good reason to allow it.

And if you didn't give permission to track the location, or if you went to "Settings" and turned it off, then Apple does indeed block tracking.

Re:

[Mordaximus]

If the OS knows an app is tracking you why can't it block it too?

It can. These are apps that were previously given permissions (in the case of location data.) It's sort of a sanity check to let the user change their mind.

Can't trust Apple

[ryuzakixd]

Will Apple also warn when contractors listen to your microphone? For a company that made a billboard [independent.co.uk] about privacy, that was an inexcusable error.

Redbox App

[Dan East]

Normally on my iPhone, I only give apps that need location data access while the app is in use. However, I started getting notifications from the Redbox app at seemingly random times promoting their service and trying to get me to rent a movie or game. Over the course of a week, the software developer in me starting recognizing a pattern - every time I was approaching our local Walmart (which has a Redbox kiosk in the foyer) and got within about 100 yards, Redbox would send me a notification (typically just once a day). On a hunch I checked my location settings for Redbox, and lo and behold, it was set to always allow even when the app is not running.

They were tracking my location just to send me a notification "ad" when I was very close to a Redbox. I set it to "only while using app" (I do use the app to locate kiosks sometimes while traveling), and that completely stopped. That's a bit ridiculous, tracking my location and sending it to their server pretty much continuously just to send me a notification when I got in the vicinity of one of their Kiosks. This is the kind of service that we risk so much of our private data being passed around and potentially stolen or misused, just so a company can very, very slightly try and optimize their ads to get our money. Not worth the risk to our privacy for the profit margins of some company, especially for something like this.

Re:

[110010001000]

"They were tracking my location just to send me a notification "ad" when I was very close to a Redbox"
 
Yeah, well, um, that is kind of the point. There would be no other reason for Redbox to track your location in the background. Data collection isn't nefarious: it is just used by companies to sell you stuff. People on Slashdot act like data collection is coming from the CIA or something. It is just companies trying to make a buck.

Re: Redbox App

[BytePusher]

Probably with Redbox it isn't nefarious, but only because not many people use DVDs today. Facebook, Google, Microsoft and Amazon are all actively collaborating with intelligence agencies and the justice department. This means they might infer you are an enemy to the state, or society, through indiscriminate data sweeps. It's a constitutional loophole that protected us from illegal searches and should be made illegal, except almost all our politicians are old white men who don't understand technology and hav

Re:

[110010001000]

No they aren't. They are capable of doing it, but don't bother. That is just paranoid nonsense. Companies collect data on you in order to make money. That is literally all what people care about.

Re:

[Puls4r]

Companies would never do this for no reason. Because it does cost them money. If, however, the government got a secret FISA warrant, or just told them "that's a nice network. It'd be horrible if something happened to it", then these companies would roll over instantly. They will do whatever generates them the most money.

Re: Redbox App

[Cmdln Daco]

Why do you need a Redbox app in the first place?

I avoid vendor-specific apps as much as possible.

Apple cares about its privacy.

[BAReFO0t]

And that of its swarm body parts.

Or did you think they have root on that iJewelry for nothing, and you don't, to empower your freedom?

Apple cares about ITS privacy. Yours is still subject to every admin and developer and CEO and indirectly shareholder of the Apple lifeform.

Re:

[NoMoreACs]

And that of its swarm body parts.

Or did you think they have root on that iJewelry for nothing, and you don't, to empower your freedom?

Apple cares about ITS privacy. Yours is still subject to every admin and developer and CEO and indirectly shareholder of the Apple lifeform.

Jeez!

How about another layer for that tinfoil hat?

Visibility Is Important For Non Tech Literates

[dryriver]

I have met so many people who have no clue they are being tracked. People who discuss marriage problems over WhatsApp with their spouses. People who send sensitive business or financial or medical documents over similarly questionnable messenger apps. I've even met someone who claimed "I can't be listened to. I have an iPhone. iPhones can't be listened to, right?" The average person does not know they are being tracked and then ML profiled. Even those who do know they are being tracked do not seem to realize the extent to which they are tracked and profiled. A lot of people have an "I'm not an important or interesting person. What would they possibly do with my data anyway?" mindset. So anything that pops up a "you are being tracked" warning is very important for these users. Some people need to be told they are being tracked as it happens in order to realize it is even happening.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: Visibility Is Important For Non Tech Literates

[BytePusher]

Two things...

First, with Ring, people are giving away YOUR privacy, not so much their own.

Second, digital rot, data becomes less relevant with time and often becomes disorganized or lost as the software it was designed for goes through iterations(usually storing more and more fine grained details). So, in some sense you can get your digital virginity back if you start successfully evading tracking, it just takes years.

Re:

[Ryzilynt]

Born-again digital virgin?

I'm that guy

[raymorris]

> I have seen people here that they like getting targetted advertising. I rather have smap about female hygene products that about something Linux related

That's me - if I'm going to see ads, I'd prefer to to see ads for something I might actually be interested in.

Would I order even more if all the services on the internet ran on magic, rather than money? Sure. That's not reality. The reality is software developers, writers, etc need to get paid. The people who make the internet get paid from advertis

Typo - *prefer* even more

[raymorris]

That should be:

Would I *prefer* even more if all the services on the internet ran on magic, rather than money?

Re:

[account_deleted]

Comment removed based on user account deletion

Nobody cares

[DogDude]

People already know that they're being tracked 24/7. They don't care. I talk to people about it all the time. I have yet to find anybody who cares (except for me). People have no sense of dignity or autonomy any more. They will give anything for those stupid little addictive tracker devices.

Re:

[LynnwoodRooster]

How does a person lose dignity or autonomy if advertisers know where they are currently located? Serious question.

Most people I know don't care - because they ignore pretty much all pushed ad content. Flip right by those ads in their social media feeds, ignore the sponsored restaurant ads at the top of the Yelp review search, etc. Most of the public has become "ad blind" - they simply ignore them.

Re:

[DogDude]

How does a person lose dignity or autonomy if advertisers know where they are currently located? Serious question.

I don't really know how to put it into words. I don't understand why people are ok with companies tracking them everywhere they are, 24/7. Would these same people be OK if governments did it?

Re:

[drinkypoo]

How does a person lose dignity or autonomy if advertisers know where they are currently located? Serious question.

I don't really know how to put it into words. I don't understand why people are ok with companies tracking them everywhere they are, 24/7. Would these same people be OK if governments did it?

Well, here's one way: the government has a long history of warrantless surveillance, and if the corporation knows about it, the government can find out trivially — either by surveillance of the corporation, or through NSL-related request.

Re:

[LynnwoodRooster]

Personally, I am a lot less "afraid" of corporations than I am of Government. Corporations can't really imprison me, or strip me of my rights - but Government can. If I am wronged b a company, I can seek redress with the Government. If I am wronged by the Government, it is nearly impossible to seek redress from the Government. If the tradeoff for free e-mail/maps/searches is that I let a company know where I am when I am using those apps - so be it, it's a fair trade as far as I am concerned.

Re:

[DogDude]

f I am wronged b a company, I can seek redress with the Government.

Via what mechanism, exactly? How is the US government going to help you if Google badly abuses your data, exactly?

If I am wronged by the Government, it is nearly impossible to seek redress from the Government.

Huh? We have all sorts of laws and appeals processes. And of course, you can vote.

Re:

[LynnwoodRooster]

My data, or their data? If I willingly give them information - then it's theirs, not mine. But if they release private information, or do something illegal, I can pursue in a Court of law.

Re:

[DogDude]

I can pursue in a Court of law.

Under which law, exactly?

Challenging Facebook and Google...

[Freischutz]

Challenging Facebook and Google, Apple's New OS Warns Users When Data Is Collected .

It was about time that somebody, anybody, sent those two a kick-in-the-nutsagram.

Apple upset the social media applecart

[sinij]

I am surprised to see Apple taking huge risks to make a stand for consumers.

Against Google. Ftfy

[raymorris]

The biggest threat to Apple is Google.
Apple found a way to nick Google's revenue.

Whether it is good for the consumer or not is purely coincidental.

Does this restrict all Apple programs as well ?

[Alain Williams]

Ie everything: not just Apple's apps but other things in the operating system ?

Re:

[EvilSS]

Ie everything: not just Apple's apps but other things in the operating system ?

If you go into Settings/Privacy/Location there is a section called System Services where you can enable and disable location access for individual iOS services. Apple applications can be enabled/disabled in the same way as 3rd party apps.

Use web apps

[Dallas May]

This is easy to fix by not downloading apps that just give you the same information as the company's web site.

You don't need Facebook or Twitter on your phone. You don't need Google anything on your phone. The web sites literally do the same thing.

Re:

[antdude]

Or better, you don't need a phone. :P

How about their own apps?

[LynnwoodRooster]

Does Apple report when it collects location data?

Re:

[EvilSS]

Does Apple report when it collects location data?

System services don't, but you can manually disable them individually in the privacy settings (Settings/Privacy/Location Services/System Services)

Re:

[EvilSS]

Also, going through the list, none of the Apple applications on my phone have an option for always on location tracking. They are only requesting "while using".

Re:

[NoMoreACs]

Does Apple report when it collects location data?

Do you have recent proof that they collect non-anonymized location data?

I might switch if...

[wakeboarder]

I used to believe in android, the platform was more open and you can tinker with your phone and there is more control with what you can do with your phone. But I'm constantly tracked, and google has sunk it's roots so deep into android. Any changes in the platform that lead to non-tracking are rolled back or dulled. Even games were given a front-seat pass with a completely different set of permissions. That apple is looking pretty delicious right now, even after years of android.

Re: I might switch if...

[JoeB777]

Iâ(TM)m in the same boat. Used to greatly prefer Google and Android, but now Apple is the only large tech firm that I trust to protect my privacy (somewhat): They have very, very loudly and repeatedly integrated a pro consumer privacy stance into their entire business model. Which means if they renege, at this point, it will cost them a lot of money.

Re:

[swillden]

Any changes in the platform that lead to non-tracking are rolled back or dulled

Cite?

Bluetooth too !!!

[ripvlan]

I have noticed several apps causing iOS 13 to ask me "Allow this app to access Bluetooth" The first app to cause this was Amazon Alexa - my first thought was "I do stream music to the Alexa speaker - must be why it is asking me" But "no" you can't access it anymore, thanks for asking.

But then FB wanted access, and another app, and another... -- neither of which I could think of a good use case for needing this. I denied the access. I have forgotten what the other apps were - but it was so odd that I

How about this alternative?

[TimHunter]

Consider how many security problems could be solved, not by switching phones, not by tightening settings, but by simply deleting Facebook.

Re:

[BeaverCleaver]

I really wish I had mod points for you.

Messaging change is bonkers

[stikves]

While it sounds nice in theory, if you think about it, the WhatsApp change makes it much worse for privacy.

If you trust a messaging provider (let it be WhatsApp, Signal, or your own custom implementation), then the last thing you would want is having a third party (apple messaging service) be there as an intermediary. Especially for Signal which has proper end-to-end encryption, having someone keep track of who and when you have sent messages to is not helpful.