Friday, October 26, 2018

Apps Can Track You Even After You Uninstall Them

Gerrit De Vynck:

Uninstall tracking exploits a core element of Apple Inc.’s and Google’s mobile operating systems: push notifications. Developers have always been able to use so-called silent push notifications to ping installed apps at regular intervals without alerting the user—to refresh an inbox or social media feed while the app is running in the background, for example. But if the app doesn’t ping the developer back, the app is logged as uninstalled, and the uninstall tracking tools add those changes to the file associated with the given mobile device’s unique advertising ID, details that make it easy to identify just who’s holding the phone and advertise the app to them wherever they go.

The tools violate Apple and Google policies against using silent push notifications to build advertising audiences, says Alex Austin, CEO of Branch Metrics Inc., which makes software for developers but chose not to create an uninstall tracker. “It’s just generally sketchy to track people around the internet after they’ve opted out of using your product,” he says, adding that he expects Apple and Google to crack down on the practice soon. Apple and Google didn’t respond to requests for comment.

Previously: Push Notifications to Send Promotions.

Update (2018-11-06): Tanner Bennett:

I got fed up with this the other day. There’s all sorts of public APIs, few of which should be public imo, that allow companies to fingerprint devices.

To name a few, apps can see your connected WiFi SSID, the name of your device (“Tanner’s iPhone”), and the device model.

It was fun writing a tweak to randomize all of these and see which apps broke because of it.

Comments RSS · Twitter

Leave a Comment