Benvenuto nel Poliverso

🤯 Instagram is testing new iOS push notifications that include a profile photo. Each time the notification is shown on your screen, it triggers a GET request to fetch that image, letting Meta track every on-screen impression.

The app still misuses push notifications to send detailed device analytics about the device (uptime, battery, volume, locale, timezone, memory, CPU, etc.)

#privacy #infosec #privacymatters #Apple #iOS #meta
More 👇🧵

A GET request sent by Instagram when the notification was shown on screen.

#privacy #Apple #infosec #ios #privacymatters #meta

reshared this

in reply to Mysk🇨🇦🇩🇪

Mysk🇨🇦🇩🇪

in reply to Mysk🇨🇦🇩🇪 • 1 giorno fa • •

We detailed this last year and we checked again today. Meta collects everything it needs to track users across apps, a practice strictly prohibited by Apple.

Stop using the native app. Use the web app.

#privacy #fingerprinting #iOS #PWA
More 👇

#privacy #fingerprinting #ios #pwa

CDCastillo reshared this.

in reply to Mysk🇨🇦🇩🇪

Mysk🇨🇦🇩🇪

in reply to Mysk🇨🇦🇩🇪 • 1 giorno fa • •

Link to our demo from last year. Apple's Required Reason API rules aren't being enforced - either they're ignoring it or they can't do it.

youtu.be/4ZPTjGG9t7s?feature=s…

- YouTube

Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.

^youtu.be

in reply to Mysk🇨🇦🇩🇪

Mysk🇨🇦🇩🇪

in reply to Mysk🇨🇦🇩🇪 • 1 giorno fa • •

P.S.: The data collection is massive. We can't consistently simulate accounts that aren't based in the EU. Data collection isn't as massive for EU accounts. Our entire team is currently in the EU, which makes recording a demo capturing the massive data collection difficult. Our time is limited. It would be great if researchers outside the EU investigated this. We're happy to help.

⇧

Mysk🇨🇦🇩🇪

Mysk🇨🇦🇩🇪 1 giorno fa • •

Mysk🇨🇦🇩🇪

Mysk🇨🇦🇩🇪

- YouTube

Mysk🇨🇦🇩🇪

Mysk🇨🇦🇩🇪
1 giorno fa • •