I just want to thank Apple for pushing this agenda forward, introducing things I believe Google would never do themselves first unless pressured.
I still remember Apple introducing “track me while using the app only” in a new iOS years ago that stopped companies hoarding live geolocation of every app user.
And we still get new bits and bobs every major iOS release.
In just last few years we found out apps that unnecessarily scanned for our network devices or used clipboards for no apparent reason.
They can still do better. I want a feature that will let me programatically lie to any app that requests any permission. E.g. real data while Im in the app but maybe Im in paraguay if it requests it ourside.
Apps shouldnt be able to fully trust the data they get unless the user wants them to trust it.
Apple will probably implement this in the coming years. This feature will poison those Big Data datasets and will lower accuracy of user profiles, but so long as Apple can reliably distinguish fake location data, Apple will go for it. Then, I hope, Google will retaliate and do the same on Androids. Facebook will be out of luck, but who cares.
Its likely that both OS's allow you to do it, because it is part of their testability APIs. I have used an app on Google to fake my location because a restaurant that is hard to schedule (90+mins waiting) requires you to be within 1 mile of it before getting on their waitlist.
They actually do this already in a roundabout way: if you turn on iCloud Private Relay, you can choose the IP Address Location as Use country and time zone
This question about the cloud and services is especially prescient though, because it's about incentives. As a hardware and OS manufacturer, Apple was not highly incentivized to collect data on its users. But as a cloud/services provider, its incentives far more closely align with Google/Facebook. There are services, such as Apple's fitness apps, where they don't seem to play by the same rules as comparable apps. It has been unclear where Apple draws the line between itself and those in its ecosystem. To provide an almost silly example: you don't see the Phone app asking for permission to access your contacts. I do place a lot of trust in Apple, but I don't expect them to stay a neutral party.
I don't think there's anything stopping web browsers to have the same level of privacy features as the apps, is there? Apple, Google and Microsoft owns both the OS and the browser, so there's really no excuse I feel.
I don’t see how you could replicate blocking all network access with a website. Websites inherently communicate with a remote server which limits privacy guarantees.
With the exception of either investing time into targeted request black-holing or disallowing apps from contacting the outside world entirely (which would produce a pretty crappy AirBnB experience) I don't think this is really reasonable. Most useful apps have some legitimate reasons to talk to servers so blocking access before the app can get it (similar to how browsers block access before the site can get it) seems like the most reasonable approach. And websites don't need to inherently communicate with a remote server - there are a bunch of web tools out there that download a bunch of JS and then essentially run in local mode without ever sending that data home... yes the original stuff is coming from a foreign source but that's the same as Apps - the acquisition method is just different (and a lot more prone to abuse I'll grant you).
However, pretty much every useful app you're using is calling home for some moderately legitimate reason - so I don't think it's helpful to differentiate the two classes of executables based on remote asset usage.
The majority of Apps on my phone have zero reason to communicate to the outside world. A calculator, standalone game, etc should function without network access and if it doesn’t then delete the app and get something useful when the network is down.
Honestly, if I can’t block network access I don’t see the value in downloading a AirBnB app or just about any other app companies want me to install.
How would web protocols allow for more privacy? If Safari implemented all the Chrome PWA APIs it would open up the user to far more browser fingerprinting while also increasing the attack surface.
Also every crappy website will think it’s okay to force download a huge PWA payload and fill the phone up with notification spam. No thanks.
Not sure how the protocols themselves help, but at least for now, we still have things like content blockers and extensions for mobile web browsers.
Native apps have more freedom to do whatever they want, and they do it more opaquely. I guess the only thing that comes close to a web browser content blocker for iOS native apps is piping your traffic through one of those ad-blocker VPN apps like Lockdown, which sucks.
Of course, nothing compares to the amount of insight you have into websites on a desktop web browser where you can open a networking tab in the dev tools.
Web VR is being routinely used to add fingerprinting and tracking. Direct access to USB devices adds so many vectors for abuse I can't even imagine how it will end up being mis-used.
> If Safari implemented all the Chrome PWA APIs it would open up the user to far more browser fingerprinting while also increasing the attack surface.
Surely the answer is "so Safari shouldn't implement those APIs"? It's app makers who think we need constant push notifications from everyone; by and large they're subtractions rather than additions.
One can also use Airpods with ear sensing disabled to spy/listen for private conversations on people (within Bluetooth range), even people who have never used an Apple product. And, you know, some MacBooks are heavy enough to be able to cause physical harm if you'd hit someone on the head.
The wonders of humanity is that humans are creative and imaginative (not me, the examples I thought of are stupid and silly), so if they have a certain task in mind they can solve it through whatever technologies available, even if those technologies weren't designed for it...
One can also use Airpods with ear sensing disabled to spy/listen for private conversations on people (within Bluetooth range), even people who have never used an Apple product.
I’m not sure what OP is talking about but one can use their iPhone with the Live listen feature & AirPods to listen in to conversations. But you can just as easily leave your phone and record and listen later.
Yes, that's what I meant, thank you - putting an Airpod in next room to eavesdrop.
Airpods are pretty small, must be much easier to sneak them in compared to a phone. And unlike a phone, they're not providing any means to figure out who is the owner.
they thought they were ahead of the game by adding the anti-stalk features at all, because no one in the tracker industry does it… but it ended up causing the streisand effect
Apple still doesn't let you pick and choose specific permissions when installing an app. Other than location and a couple others, permissions are still all or nothing, unlike Android.
I can choose for each app: contacts, calendar, reminder, photos (whole gallery or choose pictures), Bluetooth, local network, UBW, microphone, speech recognition, camera, health, (sensors?, Never seen that before), Homekit, media, files, movement and focus.
And location of course (never, ask next time, when using and always) with a toggle to set it to "approximated position"
I just want to thank Apple for pushing this agenda forward, introducing things I believe Google would never do themselves first unless pressured.
I still remember Apple introducing “track me while using the app only” in a new iOS years ago that stopped companies hoarding live geolocation of every app user.
And we still get new bits and bobs every major iOS release.
In just last few years we found out apps that unnecessarily scanned for our network devices or used clipboards for no apparent reason.
Keep them coming.