
Ask HN: Flightradar24 on iOS knew my location without having access to it - f055
Here’s what happened: I was driving nearby an airport with my iPhone connected to CarPlay. I received a push notification from Flightradar24 welcoming me to that airport. But Flightradar24 wasn’t opened, wasn’t in the background, wasn’t active, doesn’t have background app privileges (I’ve unset it manually months ago) and had location privileges set to “only while using”. Flightradar24 doesn’t have Bluetooth access but has Camera access. But again, it wasn’t opened nor in recently active apps. WTH?
======
bitcrazy
It's entirely possible that a different app (that sells your location data)
notified FlightRadar.

~~~
f055
Turns out it's Apple itself that "sells" my data. Most likely because of I
have Siri enabled with location access to "frequent places" or "important
locations"... I'm quite disappointed. I thought this data wasn't shared with
third parties, but as usual I didn't read the TOS/Privacy word by word...

\-
[https://twitter.com/flightradar24/status/1109817945864179714...](https://twitter.com/flightradar24/status/1109817945864179714?lang=en)
\-
[https://twitter.com/flightradar24/status/1208949494315986944](https://twitter.com/flightradar24/status/1208949494315986944)

~~~
bitcrazy
Wow, did not expect that from Apple. Disappointing indeed!

~~~
f055
Digging deeper it seems these notifications are a one-way street, so
Flightradar24 app may not even know it was pushed. It seems like a local on-
device notification.
[https://developer.apple.com/documentation/usernotifications/...](https://developer.apple.com/documentation/usernotifications/unlocationnotificationtrigger)

------
f055
I’m on latest iOS version. Could they be using the contact tracing api in some
malicious way?

------
sunnylemon
Wifi hotspot SSID?

~~~
f055
I thought about it, but how would this work exactly? I passed the airport on a
highway, so I didn't connect to any wifi. Maybe my phone probed some access
point, but still this would require the said point to send my phones identity
to FR24 servers. Or maybe it was my cell provider? I pinged a cell base
station nearby the airport, and this fact was registered and sent to a 3rd
party, and FR24 has a subscription with that 3rd party monitoring users? But
that'd be surveillance on another level. Thus my first guess is something
happened on my phone, FR24 somehow came up with a solution to go around
various privacy restrictions of iOS.

