Although the best iPhones are considered to be more secure than their Android counterparts, a new report has revealed that many popular iPhone apps are using push notifications to secretly spy on users.
As reported by Gizmodo, security researchers at the app development company Mysk have released a new video detailing how some iOS apps are skirting Apple’s privacy rules to collect user data in the background.
Beginning with the release of iOS 10 in 2016, Apple added a feature to the iPhone that allows apps to customize push notifications even if that particular app isn’t running. In a post on X, Mysk’s researchers explain that some “data-hungry apps use push notifications as a trigger to send app analytics and device information to their remote servers” by abusing this feature.
If you’re worried about your iPhone spying on you, here’s everything you need to know about how push notifications are being abused by popular apps along with what you can do to prevent them from collecting additional data on you and your smartphone.
Bypassing Apple’s privacy protections
To make their research easier to understand, Mysk has released a video (embedded below) detailing how push notifications can be abused in iOS to collect user data even when an app isn’t running.
When iOS wakes up an app to allow its push notifications to be customized, detailed device information including system uptime, locale, keyboard language, available memory, battery status, device model, display brightness and more can be sent back to a company’s servers for further analysis. All of this info is commonly used for fingerprinting which is strictly prohibited by Apple on both iOS and iPadOS.
Based on Mysk’s own tests, this practice is more common than its security researchers expected. To make matters worse, some apps like Facebook and TikTok, also send data when clearing their notifications in Notification Center. Other apps like Gmail and YouTube, only collect data related to processing notifications according to the company’s security researchers.
While using push notifications to collect additional user data may be possible now, Mysk points out at the end of its post that beginning this spring, Apple will require developers to explain why they are using APIs that return unique device signals like the ones that are often used for fingerprinting.
How to protect your iPhone from spying
So what if you want to limit the companies behind these popular apps from collecting additional data from your iPhone? Well, there’s good news and bad news.
You can prevent push notifications from being used to collect data on you and your smartphone, but to do so, you’ll need to turn them off altogether. Unfortunately, setting notification alerts to sounds or badges just isn’t enough and push notifications need to be completely disabled.
If you’re really concerned about apps collecting data, you’re going to want to use one of the best VPNs — or more specifically the best iPhone VPN — to further protect your privacy. Likewise, you may also want to enable Advanced Data Protection on your iPhone, though doing so disables web access to your iCloud.
Want to keep your iPhone safe from hackers too? Then you’re going to need to use either Intego Mac Internet Security X9 or Intego Mac Premium Bundle X9 as both of these programs allow you to scan your iPhone or iPad for malware when they are plugged into a Mac using a USB cable. Intego’s products are featured on our list of the best Mac antivirus software but they’re also the closest thing to an iOS version of the best Android antivirus apps due to Apple’s own malware-scanning restrictions.
Now that Apple has likely gotten wind that app developers are abusing push notifications to collect additional user data, the iPhone maker will likely severely limit the feature that allows them to do so with the release of iOS 18.
More from Tom's Guide
