Apple and their promotion for Privacy & Security

  • Thread starter ForgottenSeer 85179
  • Start date
F

ForgottenSeer 85179

Thread author
Apple devices have a UDID that was previously available to app devs, so they often used it to track people because it's an unchanging machine identifier. Apple deprecated that back somewhere around v5 or v6 of IOS, and implemented this ADID. UDID still exists, but they're not supposed to be able to access it through conventional APIs i.e. Apple's sandboxing. The thought was an alternative identifier that users could reset similar to clearing a browser cookie.

That's nonsense: out of the millions of apps out there, a very small minority will ever access the ADID. By the time Apple announced they were deprecating UDID, devs already had workarounds like OpenUDID in place.

Today, there are tons of fingerprinting methods and none of them use Apple's identifier. Here's an example of how user tracking actually works in the real world DeviceAtlas | Device Detection & Intelligence - Real-Time Insight on All Connected Devices These companies sole reason for existing is they supply APIs to devs who bake them directly into their apps. The sophistication of these libraries have grown considerably since ten years ago, and they're better today at tracking users across apps and devices.

Again, absolutely none of this relies on the Apple identifier. What devs actually do is fingerprint your device using these classes baked into the app, then store the tracking info within the app storage and within the Apple keychain. This is a persistent storage that Apple created which stores data like wifi passwords. Except it's open to any app, it cannot be viewed or modified by average users without a jailbreak, you cannot delete entries, and it will be carried over across device restores as well as uninstalling the apps. Developers constantly abuse this to store identifier and tracking data, this is why if you ever uninstalled an app then reinstalled it and their server still recognizes you.

If you own an Apple device and ever viewed your own keychain, you're going to find just about every app you ever used storing some kind of encrypted data here, especially ones that would have no legitimate use like login data that's supposed to be stored here.

Every one of those apps on your phone carries hundreds of classes from those third party APIs. Often apps incorporate multiple tracking including Facebook, Google, Adjust, Unity, Amazon, Appsflyer, Chartboost, Smartbeat, Tapjoy, Quant, the list goes on. All of these are logging data on you and report it to their servers every time you use their apps. This is the state of mobile tracking today that Apple have fostered and has nothing to do with their advertising identifier. Resetting the identifier accomplishes nothing, it's a placebo.

So, Apple doesn't provide any better privacy nor security against Android.
Even less, cause Google protect it's keychain.

Hard times.
 

blacksheep

Level 4
Verified
Well-known
Mar 8, 2020
181
They just need to remove all together tracking ID's. That would be a step in the right direction.
 
  • Like
Reactions: Venustus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top