Protip: the harder a company pushes you to download their app, the more they have to gain from it. 99.999% of the time it's because they want access to as much of your data as they can sneak out of your device, usually for selling it.
One notable corollary is, the shittier the mobile browser webapp implementation is, the more they want to push people onto their app. See: Facebook, Twitter, Reddit, etc.
Exactly this. Never install a company's app unless you absolutely need to. Use websites instead whenever possible. If you do need to install an app, uninstall it as soon as possible even if you know you'll need it again at some point.
> the shittier the mobile browser webapp implementation is, the more they want to push people onto their app. See: Facebook, Twitter, Reddit
Yelp is the gold standard in this regard, blithely pretending that they can't show you any photos (or is it more than a few photos? I avoid yelp on mobile so much I can't recall). It's probably the right move for them, because the photos are 99% of the reason I ever want to use Yelp. Reviews can be outright lies or simply written by people ~~with no taste~~ whose tastes are not simpatico with mine, but photos don't lie*.
No, having a dumb phone is not enough. A malicious actor can pretend they need to deliver an SMS to you, which may result in a network disclosing your location (anywhere in the world). Mobile networks probably don't honour aggressive probing for just about any peer but it's not like nobody can do this at scale. None of this is new.
This isn't necessarily true. When you install the Signal app on an Android phone that doesn't have Google Play Services installed, it receives push notifications using its own notification daemon instead of using Google's. This, of course, has significant battery life costs.
Protip: the harder a company pushes you to download their app, the more they have to gain from it. 99.999% of the time it's because they want access to as much of your data as they can sneak out of your device, usually for selling it.
One notable corollary is, the shittier the mobile browser webapp implementation is, the more they want to push people onto their app. See: Facebook, Twitter, Reddit, etc.
Exactly this. Never install a company's app unless you absolutely need to. Use websites instead whenever possible. If you do need to install an app, uninstall it as soon as possible even if you know you'll need it again at some point.
> the shittier the mobile browser webapp implementation is, the more they want to push people onto their app. See: Facebook, Twitter, Reddit
Yelp is the gold standard in this regard, blithely pretending that they can't show you any photos (or is it more than a few photos? I avoid yelp on mobile so much I can't recall). It's probably the right move for them, because the photos are 99% of the reason I ever want to use Yelp. Reviews can be outright lies or simply written by people ~~with no taste~~ whose tastes are not simpatico with mine, but photos don't lie*.
* well, nowadays I guess they can
I think your comment comes after reading this line:
> - targeted users(s) following “foo” on X app
It seems "X app" means just any placeholder app (not the new Twitter rebrand), although I might be wrong.
Correct. That’s why I will continue calling it Twitter, to avoid confusions like this.
no it's more like: don’t have a smartphone and you are good (perhaps).
No, having a dumb phone is not enough. A malicious actor can pretend they need to deliver an SMS to you, which may result in a network disclosing your location (anywhere in the world). Mobile networks probably don't honour aggressive probing for just about any peer but it's not like nobody can do this at scale. None of this is new.
Dumb phones give up your location info just as smart phones do, but smart phones collect and leak a lot more data on top of your location.
When Mallory sends an sms to my personal phone number, it goes to twilio.
The location is always the same.
no, need to get rid of your smartphone completely.
Believe me, I wish I could.
Also, no Signal.
This isn't necessarily true. When you install the Signal app on an Android phone that doesn't have Google Play Services installed, it receives push notifications using its own notification daemon instead of using Google's. This, of course, has significant battery life costs.
What about WebPush on Firefox? That uses Mozilla's servers right? At least on Android? Could the govt be doing the same to Mozilla?
Thank you, I was looking for this answer. Signal, therefore, as a I understand it, is not vulnerable to this issue.
Not true. Battery double liftime on my LineageOS device without gaaps and other gservices that constantly connect to gservers.
2 replies →