Any time a company sends a push notification to an iPhone, its application can gather information about the user, including their location, according to security researchers. Meta and TikTok reportedly use push notification tracking, and many other companies do it, too.
Fortunately, there’s a simple solution for users to protect their privacy and keep apps from spying on them.
Social media companies are really advertising companies, and they make more money off their ads if they can target them to users. So they collect personal information in every way they can. Turns out one of the ways is push notification tracking, according to Mysk, a pair of security researchers.
When an iPhone application such as Facebook receives a notification — maybe the user has received a “like” — a lot more happens than a simple on-screen popup. iOS allows closed apps to activate in the background and run to process the notification.
The idea is to enable the third-party software to make the notifications shown on the iPhone more useful. But companies are using the feature to gather data on users whenever they receive a notification.
As the security researchers at Mysk explain:
“Unsurprisingly, many social apps notorious for their aggressive data harvesting practices are taking advantage of the background execution time enabled by push notifications. In fact, developers can harness this workaround to run code in the background on demand. All they have to do is send push notifications to their users. As a result, iOS would wake their app in the background on every device, then the app runs whatever code the developer has built into the app.”
Many apps ask to track the user’s location, but users can limit that to only when the app is running. But an application that’s processing a notification is running and so can record and transmit location information.
It doesn’t stop there. Mysk reports that that iPhone applications are using push notification tracking to collect “system uptime, locale, keyboard language, available memory, battery status, device model, display brightness, to mention a few. Such signals are commonly used for fingerprinting and tracking users across different apps developed by different developers.”
The practice is apparently widespread. It’s used by TikTok, Facebook, FB Messenger, Instagram, Threads, X and “many more,” according to Mysk. Last December, Apple confirmed that some governments use push notification spying.
Fortunately, there’s an easy way to block push notification tracking: Simply stop allowing questionable iPhone applications to send you notifications.
Making the change isn’t difficult, but it has to be done for every app. And the security researchers at Mysk say it’s necessary to disable all notifications for a given app — switching to badges or only alert sounds isn’t enough.
To make the change, go to Settings and scroll down to Notifications. Find the app you want to disable notifications for and tap on it. A page with a full range of notification options will appear, but all you need is the one at the top: Be sure Allow Notifications is toggled off.
Repeat the process for Facebook, X, etc.
Obviously, protecting your privacy means giving up receiving alerts whenever someone likes or responds to one of your social media posts. But the change will probably make you more productive … and might even make you happier.
Mysk created a video with more details on push notification tracking:
As Google continues to release more updates, confirmed and unconfirmed, a broader range of business stakeholders are becoming more aware not only of the changes made by Google, but also of how evolving technologies are impacting consumerism as a whole. Gartner publishes an annual study of CEOs and CFOs, and a key takeaway for 2024...
The app market today is crowded with free apps, but their developers seem to be raking in the cash. They know that there’s a lot of profit to be had with mobile apps — if you know where to look. It turns out that there’s quite a bit of money at stake. How much do...