Facebook, here's how to exploit the iPhone sensors to get around the Privacy Protections - Cyber Security 360 Our ServiziserviziSiCiCiCiarea PremiumwhitePaPeVentiTiTiTiTiCanicybersecurity Nationalmalware and attack and adequatement of company company cyber'speredeNews Analysisci We are online and personal item
Facebook has found a way to get around the Privacy Protections of the Apple Transapercy Framework app and access a considerable amount of "indirect" personal data collected by the iPhone sensors.Here is how practical advice to limit the collection of this type of information
02 Dic 2021FElio FrancoAvvocato, Founder presso Franco, Pirro & PartnersIt all started with Apple who, in the wake of the defense of its users' privacy, introduced with iOS 14.5 The Transperentcy Framework app, i.e. a particular function that allows users to disable the tracking of the apps, so as to significantly reduce their profiling mechanisms: the novelty has been so successful that it is estimated that almost 90% of usersiOS have activated it in a very short period.
It is useless to underline that the big players of online advertising such as Google and Facebook have immediately resorted to solutions that allow them to continue obtaining important revenues from their services.
If the first is attempting new roads, such as the creation of sets of users divided by tastes, the second, on the other hand, tries to circumvent the limitations by accessing the accelerometer data, the gyroscope and the barometer to georeference their members without their knowledge e, therefore, to loom them to send them relevant ads.
Indice degli argomentiIPhone sensors: the law made, found the hack
Each iPhone currently in circulation is equipped with three sensors whose data can be exploited by apps for a whole series of functions:
WEBINAR27 Gennaio 2022 - 15:00PIPL, tra privacy e cyber security: quello che devi sapere sulla normativa cineseLegalSicurezzaIscriviti al WebinarFacebook, however, found a way to use both sensors to get around the Apple Transparency Framework app, taking advantage of a weak point: in fact, the data of the three sensors are freely available for all developers, without limitations of any kind, and canTherefore, to be structured, elaborated and analyzed in order to obtain a precise measurement of the place where the user is located, even if he has disabled the sharing of his position via GPS.
How?The Meta Social collects the data collected by the user's phone sensors and compares them with the information collected by those who, on the other hand, did not disable georeferencing, both on iOS and on Android.
With such a wide data of data that it can compare, the comparison between the data collected by the three user sensors that wanted to limit their profiling with those of those who, on the other hand, have not limited anything, manages to circumvent the restrictive measures ofiOS.
The importance of vibrations
The alarm comes from the pages of Forbes, from which researchers Talal Haj Bakry and Tommy Mysk warn that Facebook constantly reads the accelerometer data, in order to create homogeneous groups of users who produce the same vibrations pattern.
Not even to say, even the other Meta, WhatsApp and Instagram apps are so invasive, so as to create increasingly precise profiles of its users.
For the record, it is appropriate to specify that the former continually records the accelerometer and gyroscope data, officially to offer the user the parallel effect of the chats backgrounds;The second, on the other hand, collects the mentioned data only and exclusively if you use Direct, i.e. the integrated private messaging service.
Meta, whose app dominate the download charts of the Apple App Store for years in the social networks and photos and videos categories, has declared that information relating to accelerometer data is used only and exclusively for the functionality of Shake-to-Report(i.e. to report a problem or abuse to customer assistance) or, again, to improve the functions relating to the use of the camera or to allow the viewing of 360 ° photos.
As if this were not enough, Talal and Mysk found that the data collected from any type of iPhone sensor are, in fact, available to all developers and, sometimes, even without the permits to collect them being guaranteed: therefore,There is the concrete danger that Facebook developers can exploit them to the detriment of users' privacy.
GPS data are also in the photo gallery
As if this were not enough, Facebook has also found a way to obtain the data relating to the geolocation of the user also from other sources, still present in the iPhone and to which, often, the average user does not pay attention to.
For example, if you allow access to the entire photo bookshop of your smartphone, the app will take care of reading the metadata of each photograph in order to precision, with precise, the user's position.
Furthermore, the Meta apps can georeference their subscribers also from the reading of the IP address of the device they used.
How to limit data collection
Fortunately, there are two ways to limit the collection of this type of information: the first is not to allow Facebook, WhatsApp and Instagram indiscriminate access to the photographic roll, but, instead, only pass the elements that are actually to publish.
The second is to sign a subscription to iCloud+, also included in the plan from a couple of euros per month, which allows you to use a private relay to anonymize your IP address and encrypt the data exchanged with the servers.
The digital footprint of the device
Apple, in addition to no longer allowing access to the Idfa (i.e. the unique identification for advertisers) has always discouraged the use of the practices that allow the C.d.Fingerprinting device, i.e. the registration of a fingerprint that identifies a certain device uniquely.
Obviously, this does not entail the real identification of the user who uses it, but, at least, of a "person" associated with him.
Unfortunately, however, what has just been illustrated highlights how a destination can collect other data in order to profile its users.
If, therefore, you want to avoid being profiles through "indirect" data, the only solution is to uninstall Facebook, WhatsApp, Messenger and Instagram from your smartphones.
WHITEPAPERCertificazioni GDPR: tutti i vantaggi per le organizzazioni che vi aderisconoLegalPrivacyScarica il White PaperScarica il Whitepaper@RIPRODUZIONE RISERVATAPersonaggiEElio FrancoArgomentiAappleFfacebookIiOSIiPhonePPrivacyCanaliNorme e adeguamentiPPrivacy e Dati personaliPrivacy e Dati personaliDATA PROTECTION