{"id":705,"date":"2021-11-19T06:50:35","date_gmt":"2021-11-19T05:50:35","guid":{"rendered":"https:\/\/monblogeur.tech\/index.php\/2021\/11\/19\/security-researcher-finds-facebook-app-tracking-iphone-movements-forbes\/"},"modified":"2021-11-19T06:50:35","modified_gmt":"2021-11-19T05:50:35","slug":"security-researcher-finds-facebook-app-tracking-iphone-movements-forbes","status":"publish","type":"post","link":"https:\/\/monblogeur.tech\/index.php\/2021\/11\/19\/security-researcher-finds-facebook-app-tracking-iphone-movements-forbes\/","title":{"rendered":"Security Researcher Finds Facebook App Tracking iPhone Movements &#8211; Forbes"},"content":{"rendered":"<div class=\"cfbc967f0983488262956e73eca9483a\" data-index=\"1\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3859091246952232\" crossorigin=\"anonymous\"><\/script>\r\n<!-- blok -->\r\n<ins class=\"adsbygoogle\" data-ad-client=\"ca-pub-3859091246952232\" data-ad-slot=\"1334354390\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\r\n\n<\/div>\n<p>A stark new warning for almost all iPhone users, as Facebook is suddenly caught \u201csecretly\u201d harvesting sensitive data without anyone realizing. And worse, there\u2019s no way to stop this especially invasive tracking other than by deleting the app.<br \/>New Facebook warning for millions of iPhone users as secret user tracking suddenly exposed. <br \/>A week ago, I <a href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2021\/10\/16\/apple-user-warning-stop-facebook-secretly-tracking-your-iphone-12-iphone-13\/?sh=73106f5946ff\" target=\"_self\" class=\"color-link\" title=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2021\/10\/16\/apple-user-warning-stop-facebook-secretly-tracking-your-iphone-12-iphone-13\/?sh=73106f5946ff\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/zakdoffman\/2021\/10\/16\/apple-user-warning-stop-facebook-secretly-tracking-your-iphone-12-iphone-13\/?sh=73106f5946ff\" aria-label=\"warned\" rel=\"noopener\"><span data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/zakdoffman\/2021\/10\/16\/apple-user-warning-stop-facebook-secretly-tracking-your-iphone-12-iphone-13\/?sh=73106f5946ff\">warned<\/span><\/a><span> iPhone users that Facebook still captures location data using the metadata from your photos and your IP address, even if you update your settings \u201cnever\u201d to track your location. Facebook admits to this harvesting, refusing to be drawn on why that\u2019s so wrong when users specifically disable location tracking.<\/span><br \/><span>Now security researchers have suddenly warned that Facebook goes even further, using the accelerometer on your iPhone to track a constant stream of your movements, which can easily be used to monitor your activities or behaviors at times of day, in particular places, or when interacting with its apps and services. Alarmingly, this data can even match you with people near you\u2014whether you know them or not.<\/span><br \/>Just like the photo location data, the most serious issue here is that there is absolutely no transparency. You are not warned that this data is being tracked, there is no setting to enable or disable the tracking; in fact, there doesn\u2019t seem to be <em>any<\/em><span> way to turn off the feature and stop Facebook (literally) in its tracks.<\/span><br \/>Researchers&nbsp;Talal Haj Bakry and Tommy Mysk&nbsp;warn that \u201cFacebook reads accelerometer data all the time. If you don&rsquo;t allow Facebook access to your location, the app can still infer your exact location only by grouping you with users matching the same vibration pattern that your phone accelerometer records.\u201d<br \/>The researchers say the issue impacts Facebook, Instagram and WhatsApp, albeit with WhatsApp, it\u2019s possible to disable the feature and the platform assured me that no data ever leaves a user\u2019s device. \u201cIn Facebook and Instagram,\u201d Mysk told me, \u201cit is not clear why the app is reading the accelerometer\u2014I couldn&rsquo;t find a way to disable&nbsp;it.\u201d That means you need to delete the app and access Facebook via your browser instead.<br \/>Facebook is awkwardly exposed here, with Mysk telling me: \u201cI tested TikTok, WeChat, iMessage, Telegram and Signal. They don&rsquo;t do it.\u201d <br \/>App Store Charts<br \/>Given Facebook dominates iPhone social media installs\u2014this will impact almost all the billion-plus iPhone users around the world. Facebook confirmed to me that \u201cwe use accelerometer data for features like shake-to-report, and to ensure certain kinds of camera functionality such as panning around for a 360-degree photo or for camera.\u201d <br \/>\u201cAlthough the accelerometer data seems to be innocuous,\u201d Mysk says, \u201cit&rsquo;s jaw-dropping what apps can make up of these measurements. Apps can figure out the user&rsquo;s heart rate, movements, and even precise location. Worse, all iOS apps can read the measurements of this sensor without permission. In other words, the user wouldn&rsquo;t know if an app is measuring their heart rate while using the app.\u201d<br \/>While there may be valid benefits in using the camera, this does not explain why your movements are tracked constantly, rather than only when those camera features are in use. It would be simple for Facebook only to tap the accelerometer when needed. As for the shake to report function, Facebook could use Apple\u2019s functionality to limit how much data it pulls\u2014but that\u2019s not how Facebook operates. Worse, even when users toggle off this reporting feature in the Facebook app, Mysk told me, \u201cnothing happens when you shake the phone, but the app continues to read the accelerometer.\u201d<br \/>The researchers cite the example of a bus journey to show how such data might be used. \u201cIf you are on the bus and a passenger is sharing their precise location with Facebook,\u201d they explain, Facebook can easily tell that you are in the same location as the passenger. Both vibration patterns are going to be identical.\u201d<br \/>If you think this is spurious, Facebook actually has a <a href=\"https:\/\/patents.justia.com\/patent\/10111059\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/patents.justia.com\/patent\/10111059\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/patents.justia.com\/patent\/10111059\" aria-label=\"patent application\"><span data-ga-track=\"ExternalLink:https:\/\/patents.justia.com\/patent\/10111059\">patent application<\/span><\/a><span> to use wireless phone signals to connect strangers, and even cites the example of just such a bus ride, \u201cit can be advantageous to provide an approach for users, who have met or have likely met, to connect with one another if they so choose.\u201d Remember, none of this information exists in isolation, Facebook\u2019s trillion-dollar magic is joining the data dots. Put more simply, you know all those mysterious new friend connection ideas&#8230;<\/span><br \/><span>\u201cWe tested several apps,\u201d Mysk explains, \u201cand Facebook and Instagram stood out. While Facebook reads the accelerometer all the time, Instagram only reads it when the user is texting in the DM. In addition, WhatsApp also reads the accelerometer by default to animate chat wallpapers. So, this puts these three apps together, and you wonder if they are matching vibration patterns among users. This can get nasty, and the way to end it is by protecting this valuable sensor with a permission.\u201d<\/span><br \/>You need to remember that Facebook is a trillion-dollar empire built on data, and only data\u2014with Facebook, it\u2019s not so much a <em>metaverse<\/em><span> as a <\/span><em><span>dataverse<\/span><\/em><span>. If the company can use this data, combined with everything else it holds on you and those around you, then it will. Why would it suddenly decide to exercise restraint? <\/span><br \/>Just look at the staggering privacy labels behind Facebook\u2019s iPhone app\u2014while much of the data Facebook gathers comes from its platform and services, the data it can pull from the app simply adds more third-party information into its mix. All this is linked to your identity, nothing is wasted or thrown away.<br \/>Privacy Labels: Facebook&rsquo;s &lsquo;Dataverse&rsquo;<br \/>As ESET\u2019s Jake Moore warns, \u201cthis is, in clear terms, another violation which seems to have gone under the radar when scooping up yet more personal data from iPhones. Many people may not even think twice what sensors an iPhone has, let alone fully understand what this information can offer companies.\u201d<br \/>This is another app permission issue. If you use the Facebook app on your iPhone, then you essentially give Facebook permission to access data and information on and about your phone. And while you can restrict some of this, there is other data\u2014just as here with the accelerometer\u2014that you will not know about.<br \/>Mysk and Haj Bakry have form for just such privacy exposures. They discovered the <a href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2020\/06\/26\/warning-apple-suddenly-catches-tiktok-secretly-spying-on-millions-of-iphone-users\/?sh=7bad919434ef\" target=\"_self\" class=\"color-link\" title=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2020\/06\/26\/warning-apple-suddenly-catches-tiktok-secretly-spying-on-millions-of-iphone-users\/?sh=7bad919434ef\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/zakdoffman\/2020\/06\/26\/warning-apple-suddenly-catches-tiktok-secretly-spying-on-millions-of-iphone-users\/?sh=7bad919434ef\" aria-label=\"iOS clipboard issue\" rel=\"noopener\">iOS clipboard issue<\/a> that ultimately prompted Apple to change its settings and provide a clipboard warning, <a href=\"https:\/\/www.androidpolice.com\/2021\/05\/19\/android-12s-clipboard-is-taking-steps-to-keep-your-copied-text-private\/\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/www.androidpolice.com\/2021\/05\/19\/android-12s-clipboard-is-taking-steps-to-keep-your-copied-text-private\/\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/www.androidpolice.com\/2021\/05\/19\/android-12s-clipboard-is-taking-steps-to-keep-your-copied-text-private\/\" aria-label=\"which has now led to Android 12 doing the same\">which has now led to Android 12 doing the same<\/a>.<br \/>Just as then, Apple needs to act here. The accelerometer should not be a free-for-all, not when data giants such as Facebook can use this as yet another data point to feed into their algorithms, plotting social graphs and tracking locations and behaviors.<br \/>\u201cAll data which is personal and unique should be viewed as sensitive and must be protected,\u201d Moore says. \u201cThis permission needs to be restricted along with other obtrusive data tracking especially if users were previously unaware this information was being analyzed.\u201d And it\u2019s that lack of awareness that is most critical here.<br \/>Apple has done a great job this year, preventing data abuses from the likes of Facebook and Google. App Tracking Transparency has already inflicted a <a href=\"https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2021\/10\/09\/apples-stunning-plan-to-strike-facebook-is-a-triumphant-success\/?sh=6ec3b61b2fa7\" target=\"_self\" class=\"color-link\" title=\"https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2021\/10\/09\/apples-stunning-plan-to-strike-facebook-is-a-triumphant-success\/?sh=6ec3b61b2fa7\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2021\/10\/09\/apples-stunning-plan-to-strike-facebook-is-a-triumphant-success\/?sh=6ec3b61b2fa7\" aria-label=\"drastic impact\" rel=\"noopener\">drastic impact<\/a> on data-fueled revenues. In iOS 15, we have seen new privacy innovations around mail tracking, web anonymity and privacy reports. Now we have another simple update that Apple needs to develop, to clamp down on this clear-cut data abuse.<\/p>\n<p><a href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2021\/10\/23\/apple-iphone-users-delete-facebook-app-after-new-tracking-warning\/\">source<\/a><\/p>\n<!--CusAds0-->\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>A stark new warning for almost all iPhone users, as Facebook is suddenly caught \u201csecretly\u201d harvesting sensitive data without anyone realizing. And worse, there\u2019s no way to stop this especially invasive tracking other than by deleting the app.New Facebook warning for millions of iPhone users as secret user tracking suddenly exposed. A week ago, I [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"googlesitekit_rrm_CAow1sXXCw:productID":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-705","post","type-post","status-publish","format-standard","hentry","category-non-classe"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/monblogeur.tech\/index.php\/wp-json\/wp\/v2\/posts\/705","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/monblogeur.tech\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monblogeur.tech\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monblogeur.tech\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/monblogeur.tech\/index.php\/wp-json\/wp\/v2\/comments?post=705"}],"version-history":[{"count":0,"href":"https:\/\/monblogeur.tech\/index.php\/wp-json\/wp\/v2\/posts\/705\/revisions"}],"wp:attachment":[{"href":"https:\/\/monblogeur.tech\/index.php\/wp-json\/wp\/v2\/media?parent=705"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monblogeur.tech\/index.php\/wp-json\/wp\/v2\/categories?post=705"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monblogeur.tech\/index.php\/wp-json\/wp\/v2\/tags?post=705"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}