It has been pointed out that many iPhone applications such as Facebook and TikTok are collecting data by using 'notifications' for purposes other than their original purpose.

iOS apps are not allowed to run in the background for reasons related to privacy and performance, but push notifications are allowed in the background. It has been pointed out that there are many apps that customize these notifications to their liking and collect data.

??????? Privacy Concerns about Apple Push Notifications

TL;DR: data-hungry apps use push notifications as a trigger to send app analytics and device information to their remote servers, even if the apps aren't running at all on your iPhone. Such apps include TikTok, Facebook, FB…

pic .twitter.com/qyFDbmrBjq

— Mysk ?????????????????? (@mysk_co) January 25, 2024

#Privacy: Facebook, TikTok, and Other Apps Use Push Notifications to Send Data about Your iPhone - YouTube


Starting with iOS 10, a feature has been added that allows you to send push notifications even when the app is not running. When an app sends a push notification, iOS launches the app in the background and allows the user to customize the notification for a limited time before showing it to the user. Originally, this grace period was used for the purpose of further enriching the notification content, but it seems that some apps are abusing the specification that ``the app starts in the background'' and collecting data. .

According to security researcher Tommy Musk, developers can use notification mechanisms to run code in the background and track system uptime, user location, keyboard language, battery status, and device information. It is said that it is possible to send some signals to the server, such as the model of. These signals, commonly referred to as fingerprints, are used to track users. In addition, it seems that fingerprint collection is severely restricted in iOS and iPadOS.

When tested by Mr. Mask and others, many apps send device information, and some apps, such as Facebook and TikTok, send data when users delete notifications. It seems that this data is processed through Google Analytics, Firebase, etc.

In order for users to refuse such processing, they will need to completely disable app notifications, but fortunately, starting in the spring of 2024, Apple will introduce an API that returns device signals such as those commonly used for fingerprinting. They have set a plan to require developers to declare the reason for their use, and the current method of collection may be regulated.