Comment by gruez
5 months ago
>One big privacy issue is that there is no sane way to protect your contact details from being sold, regardless of what you do.
>As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.
Fortunately this is changing with iOS 18 with "limited contacts" sharing.
https://mobiledevmemo.com/wp-content/uploads/2024/09/image.p...
The interface also seems specifically designed to push people to allow only a subset of contacts, rather than blindly clicking "allow all".
The far bigger issue is the contact info you share with online retailers. Scraping contact info through apps is very visible, drawing flak from the media and consumers. Most of the time all you get is a name (could be a nickname), and maybe some combination of phone/email/address, depending on how diligent the person in filling out all the fields. On the other hand placing any sort of order online requires you to provide your full name, address, phone number, and email address. You can also be reasonably certain that they're all accurate, because they're plausibly required for delivery/billing purposes. Such data can also be surreptitiously fed to data brokers behind the scenes, without an obvious "tiktok would like access to your contacts" modal.
On android you can choose whether to grant access to contacts. And most apps work fine without.
GrapheneOS, which I use, also has contact scopes, so troublesome apps that refuse to work without access will think they have full access. You can allow them to see no contacts or a small subset.
There's also multiple user profiles, a "private space", and a work profile (shelter) that you can install an app into, which can be completely isolated from your main profile, so no contacts.
It surprises me how far behind iOS is with this stuff. Recently I wanted to install a second instance of an app on my wife's iPhone so she could use multiple logins simultaneously, there didn't really seem to be a way to do it.
The point is that it doesn't matter whether YOU grant access to your contacts. As long as anyone who has you in THEIR contacts decides to just press "share contacts" with any app, you are doxxed and SkyNet is able to identify you for all practical purposes.
Same with DNA testing really.
A relative did a genealogy test through ancestry.com and suddenly I'm doxed for all eternity.
Ah yes, that is a problem.
You have two different points in your comment. Firstly, iOS has not been behind on having apps work if they don’t get access to a specific sensor or data. It’s on Android that apps refuse to work if they’re not given contacts access or location access and so on. Comparing the same apps on iOS and Android, I have found that Apple’s requirements for apps not to break when a permission is not granted is well respected and implemented on iOS apps. The same apps on Android apps just refuse to work until all the permissions they ask for are granted. YMMV.
I do agree that iOS is behind by not providing profiles and multiple isolated installations of apps, and it would be great if it did.
It would be useful to pick which details we share, not just contacts.
E.g.: I might be okay with sharing a friend's phone number or email, but I don't want to share their photo, dob, home address, etc.
I think it's not properly appreciated that Apple fully endorses all of this. For two reasons: (1) the provision of the output of billions of dollars of developer time to their users for no up front cost (made back via ads) is super valuable to their platform; and (2) they uniquely could stop this (at the price of devastating their app store), but choose not to.
In light of that, perhaps reevaluate their ATT efforts as far less about meaningful privacy and far more about stealing $10B a year or so from Facebook.
>I think it's not properly appreciated that Apple fully endorses all of this. [...] they uniquely could stop this (at the price of devastating their app store), but choose not to.
A perfectly privacy respecting app store isn't going to do any good if it doesn't have any apps. Just look at f-droid. Most (all?) of the apps there might be privacy respecting, but good luck getting any of the popular apps (eg. facebook, tiktok, google maps) on there.
>In light of that, perhaps reevaluate their ATT efforts as far less about meaningful privacy and far more about stealing $10B a year or so from Facebook.
What would make you think Apple's pro-privacy changes aren't "about stealing $10B a year or so from Facebook"? At least some people are willing to pay for more privacy, and pro-changes hurts advertisers, so basically any pro-privacy change can be construed as "less about meaningful privacy and far more about stealing".
F-Droid will never have popular apps because it requires them to be open source. In fact F-Droid does the build for you, generating reproducible builds and avoiding the risk of adding trackers to the binary that aren't actually in the source code. With F-Droid the code you see is what you get.
> A perfectly privacy respecting app store isn't going to do any good if it doesn't have any apps.
40 years ago apps were sold on floppy disks. 30 years ago they were sold on CD-ROMs. 20 years ago, DVDs.
Online-only apps are a recent thing. A privacy respecting app store certainly can be a thing. Apps being blocked or banned from stores for choosing to not respect your privacy is a good thing.
3 replies →
> good luck getting any of the popular apps (eg. facebook, tiktok, google maps) on there
That makes sense, considering they’re not privacy respecting.
People will share their whole list because it’s simpler
Or because they were tricked. eg. LinkedIn’s “Connect with your contacts” onboarding step which sounds like it’ll check your contacts against existing LinkedIn users but actually spam invites anyone on your contact list that doesn’t have an account.
Linkedin is so terribly evil these days.
I also see the shenanigans of adding new 'privacy' settings and setting them open by default. Another typical Microsoft ploy by the way.
8 replies →
This is how a load of emails were sent out from my Hotmail account to anyone I had ever contacted (including random websites) asking if I want to connect with them to Facebook. The onboarding seemed to imply it would just check to see if any of my contacts were already using facebook.
God damn this feature. About ten years ago I inadvertently did something in LinkedIn and ended up spamming everyone I knew with LinkedIn invites. It annoyed a lot of people.
How about a no/limited internet setting? So many apps spy on you and they don’t need network at all to function.
Fully denying internet access for an app is actually in iOS and has been there for many years.
But it's only available in China.
https://tinyapps.org/blog/202209100700_ios_disable_wifi_per_...
Grapheneos lets you pick this for apps before they even launch. You can revoke their network access, as well as define storage scopes for apps at a folder level, so if an app needs access to photos, you can define a folder, and that is the only folder it can scan for photos.
I used that when submitting parental leave at work. I didn't want to provide full access to all my photos and files for work, so all they got was a folder with a pic of a birth certificate.
A big problem with GrapheneOS is the fact it only officially supports Google phones. Google is apparently incapable of selling those things globally, limiting availability.
There's also the fact hardware remote attestation is creeping into the Android ecosystem. There's absolutely no way to daily drive something like GrapheneOS if essential services such as banks and messaging services start discriminating against you on the basis of it. Aw shucks looks like your phone has been tampered with so we're just gonna deny you access to your account, try again later on a corporation owned phone.
GrapheneOS is amazing from a security and privacy perspective but it doesn't matter. The corporations will not tolerate it because it works against their interests. They will ban you from their services for using it. Unlike Google and Apple, they have no leverage with which to force the corporations to accept terms unfavorable to them.
2 replies →
iOS and Mac also let you do this, for photos, contacts and files.
Apple is also pushing developers toward using native picker components. That way, you don't need to request consent at all, as you only get access to the specific object that the user has picked using a secure system component.
2 replies →
Until the app's devs get wise to this, and do not allow the app to function without the network access. It could be as simple as a full screen, non-closable screen that says the app requires network access with a button to the proper setting to correct the issue.
Such "go away" screens are in violation of Apple's AppStore rules. You cannot make a permission a condition of using the app, and stop the user from using it if they don't grant that permission. The app should gracefully do as much as it possibly can without the permission.
5 replies →
You can't do this, because some users are genuinely offline sometimes.
Yeah like the ChatGPT app that doesn't work without a Google account. I have Google play on my phone, just no account logged in. I do have Google play services like firebase push which many apps legitimately need. But ChatGPT just opens the login screen in the play store and exits itself.
I'm always wondering why these idiots force the creation of an account with their direct competitor. It's the only app I have that does this. But anyway I don't use their app for that reason, only use them a bit through API.
1 reply →
I would love an iOS setting that blocks all network access for certain apps
GrapheneOS has that. It asks every time you install a new app whether it should have network permissions.
Android can do this
>Fortunately this is changing with iOS 18 with "limited contacts" sharing.
Its not. Apple still owns your stuff. There is no difference between Apple and other 3p retailers. Apple just wants more of your money.
>Its not. Apple still owns your stuff. There is no difference between Apple and other 3p retailers.
That could be taken to mean anywhere between "Apple controls the software on your iPhone, therefore they control your contacts" and "Apple gives out your data like the data brokers mentioned in the OP". The former wouldn't be surprising at all, and most people would be happy with, and the latter would be scandalous if proven. What specifically are you arguing for?
Why do you inherently trust Apple?
Remember, the big celebrity photo leak happened because of a vulnerability within Apple Software.
3 replies →
Doesn’t help against your cousin who shares your data.
Useless without limiting the kind of data I want to share per contact. iOS asks for relationships for example. You can set up your spouse, your kids, have your address or any address associated with contacts. If I want to restrict app access to contacts, I also want to restrict app access to specific contact details.
Interesting thing is that security practices mention that you should always grant the minimal set of permissions.
So in case Apple allowed for “share all” it means that they did it by design and are changing it now only because of backlash.