Comment by lmeyerov
2 days ago
Apple and Google are facilitating the data sales
Specifically, these big companies revenue share with app companies who in turn increase monetization via selling your private information, esp via free apps. In exchange for Apple etc super high app store rake percentage fees, they claim to run security vetting programs and ToS that vet who they do business with and tell users & courts that things are safe, even when they know they're not.
It's not rocket science for phone OS's to figure out who these companies are and, as iOS / android os users already get tracked by apple/google/etc, triangulate to which apps are participating
I'm game for throwing rocks at Apple and Google, but I don't get this one.
> consumer apps embed ad SDKs → those SDKs feed location signals into RTB ad exchanges → surveillance-oriented firms sit in the RTB pipeline and harvest bid request data even without winning auctions
Would you ban ad supported apps? Assuming the comment you're responding to is realistic, I'm not sure how the OS is to blame.
Neither big players have refined enough permissions. These set users up for giving away more data than they think.
Maybe one clear example is needing a permission once for setup and then it remaining persistent.
An easy demonstration is just looking at what Graphene has done. It's open source and you wana say Google can't protect their users better? Certainly Graphene has some advanced features but not everything can be dismissed so easily. Besides, just throw advanced features behind a hidden menu (which they already have!). There's no reason you can't many most users happy while also catering to power users (they'll always complain, but that's their job)
https://grapheneos.org/features
> Would you ban ad supported apps?
There's no need to ban ad supported apps when you can just ban the practice of using ads targeting users based on individual characteristics.
You trust the adtech companies to pinky promise to totally not do that anymore?
4 replies →
I would ban apps using unsafe ad platforms
If I was simultaneously also the owner of the ad platform, I'd fix it & knock out the bad players, or get ready to be sued for a decade+ of knowing malpractice
And if I was a US citizen seeing the companies being involved be sued for being monopolies and abusing their position, and then seeing them cry security in court yet knowingly do this for a decade+, I'd feel frustrated by successive left + right US administrations & voters
They are all unsafe. It’s a huge source of revenue for ad companies.
This is really simple to explain:
Apple does not let you restrict app network access[1]
You have no ability to know who your app is connecting to, and you cannot select or prevent it.
[1] except maybe the cellular data toggle
The only way Im aware of is if you do it thru Settings > Cellular and always use data for internet on your phone
Settings > Privacy & Security > App Privacy Report will at least show domains contacted by each app.
1 reply →
You can trace the big players
If Google & Apple & friends refused to take a rake and opened distribution, then I'd agree, net neutrality etc, not their problem
But they own so much, and so deep into the pipeline, and explain their fees to courts because "security"... and then don't do investigations. They employ some of the best security analysts in the world and have $10-30B/yr revenue tied to just the app store fees, so they very much can take a big bite out of this if they wanted.
I'll never not be impressed by how many people will defend trillion dollar organizations and say that things are too expensive. Especially when open source projects (including forks!) implement such features.
I'm completely with you, they could do these things if they wanted to. They have the money. They have the manpower. It is just a matter of priority. And we need to be honest, they're spending larger amounts on slop than actual fixes or even making their products better (for the user).
1 reply →
Apple supposedly does this with the privacy report cards.
However, I'd be shocked if a cursory audit comparing SDKs embedded in apps and disclosed data sales showed they were effectively enforcing anything at all.
> Would you ban ad supported apps?
Yes, I absolutely would. Advertisements are a scourge upon people's wellbeing on top of being ugly and intrusive.
If you want to build a free product, that's great. Build a free product.
If you want to make money from your product, then charge for your product.
>Yes, I absolutely would.
And then you will get fired by the end of day.
3 replies →
Ultimately the fact that ad sdks have such wide access to location information is a choice by the platforms. I've long wanted meaningful process isolation between the app and its ad sdks, but right now there's oodles of them that just squat on location data when the app requests it.
> I'm not sure how the OS is to blame.
Read the TOS.
If I have a free app that hits location services on the device and I sell this data, how does Apple and Google make money from me?
[dead]
Apple doesn't even allow apps to know whose device they are running on without the user's explicit opt-in permission.
Just as importantly, apps aren't allowed to remove functionality if the user says no.
You need additional permissions to do things like access location data or scan local networks for device fingerprinting.
And Facebook/Meta. Their trackers are everywhere.
It's everyone. Especially google, but all the big tech companies play in the same pool. Amazon, Google, Apple, Meta etc make money selling ads, which ultimate enables the tools that result data harvesting from everyone across the internet. I wrote a little data investigation [1] (mostly finished) that show cases how every major news organization across the globe I scanned had some level of data collection integrated. This is just one industry, but its important (as it connects back to the incentives these media organizations have, which is to make money by selling ads at any cost). The eff also released an angle in how the bidding process to buy ads is itself a massive privacy nightmare[2]
[1] https://quickthoughts.ca/autotracko/ [2] https://www.eff.org/deeplinks/2026/03/targeted-advertising-g...
cloudflare is more everywhere than facebook
Yeah, but unlike facebook, they weren't just caught making videos of people having sex then paying people to watch the videos.
Also, unlike facebook, they also weren't just caught running a dark money lobbyist network with the goal of forcing more collection of minors' private information.
1 reply →
Not Experian, TransUnion, and Equifax?
Or for location, the cellular providers?
There are plenty of bad actors
The interesting part is Google & Apple, as part of explaining to courts why their large app store fees are legit and not proof of monopoly positions, hid behind the security argument that they need to be the clearing house of what software runs on the devices. Except... they've knowingly punted on this one for 10+ years.
I would 100% agree that losing privacy through any utility-level carrier (credit cards, phone, OS provider, etc) should be default disallowed, and any opt-ins have a clear transparency mode with easy opt-out. At least two areas the US can learn from the EU on digital policy is digital marketplaces and consumer privacy protection, and this topic is at the intersection of both.