Your iPhone could be secretly spying on you via push notifications — what you need to know
Researchers say some iOS apps are using notifications to bypass Apple’s privacy protections
Although the best iPhones are considered to be more secure than their Android counterparts, a new report has revealed that many popular iPhone apps are using push notifications to secretly spy on users.
As reported by Gizmodo, security researchers at the app development company Mysk have released a new video detailing how some iOS apps are skirting Apple’s privacy rules to collect user data in the background.
Beginning with the release of iOS 10 in 2016, Apple added a feature to the iPhone that allows apps to customize push notifications even if that particular app isn’t running. In a post on X, Mysk’s researchers explain that some “data-hungry apps use push notifications as a trigger to send app analytics and device information to their remote servers” by abusing this feature.
If you’re worried about your iPhone spying on you, here’s everything you need to know about how push notifications are being abused by popular apps along with what you can do to prevent them from collecting additional data on you and your smartphone.
Bypassing Apple’s privacy protections
To make their research easier to understand, Mysk has released a video (embedded below) detailing how push notifications can be abused in iOS to collect user data even when an app isn’t running.
When iOS wakes up an app to allow its push notifications to be customized, detailed device information including system uptime, locale, keyboard language, available memory, battery status, device model, display brightness and more can be sent back to a company’s servers for further analysis. All of this info is commonly used for fingerprinting which is strictly prohibited by Apple on both iOS and iPadOS.
Based on Mysk’s own tests, this practice is more common than its security researchers expected. To make matters worse, some apps like Facebook and TikTok, also send data when clearing their notifications in Notification Center. Other apps like Gmail and YouTube, only collect data related to processing notifications according to the company’s security researchers.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
While using push notifications to collect additional user data may be possible now, Mysk points out at the end of its post that beginning this spring, Apple will require developers to explain why they are using APIs that return unique device signals like the ones that are often used for fingerprinting.
How to protect your iPhone from spying
So what if you want to limit the companies behind these popular apps from collecting additional data from your iPhone? Well, there’s good news and bad news.
You can prevent push notifications from being used to collect data on you and your smartphone, but to do so, you’ll need to turn them off altogether. Unfortunately, setting notification alerts to sounds or badges just isn’t enough and push notifications need to be completely disabled.
If you’re really concerned about apps collecting data, you’re going to want to use one of the best VPNs — or more specifically the best iPhone VPN — to further protect your privacy. Likewise, you may also want to enable Advanced Data Protection on your iPhone, though doing so disables web access to your iCloud.
Want to keep your iPhone safe from hackers too? Then you’re going to need to use either Intego Mac Internet Security X9 or Intego Mac Premium Bundle X9 as both of these programs allow you to scan your iPhone or iPad for malware when they are plugged into a Mac using a USB cable. Intego’s products are featured on our list of the best Mac antivirus software but they’re also the closest thing to an iOS version of the best Android antivirus apps due to Apple’s own malware-scanning restrictions.
Now that Apple has likely gotten wind that app developers are abusing push notifications to collect additional user data, the iPhone maker will likely severely limit the feature that allows them to do so with the release of iOS 18.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.
-
jpgaubier There is no evidence to suggest iOS is any more secure than Android. There's only ads from a company known for making exaggerated claims.Reply