
“We are only collecting the list of applications you have installed.” - some1else
https://support.twitter.com/articles/20172069
======
overgard
> If you’re not interested in a tailored experience you can adjust your
> preferences at any time

I don't mean to nitpick language, but does this sound incredibly condescending
to anyone else? They might as well have written "If you're a paranoid loser I
guess you can have the shitty experience where we don't try to ham-fistedly
guess at your interests"

The funny thing is I think if they just didn't speak in idiotic PR-speak
people probably wouldn't care. Sometimes I'm more annoyed that companies
aren't just direct. The direct case isn't even that bad: "Hey, so we have to
sell ads to make our business work and feed our families. It's better for you
and the advertiser if we can try to give you ads that you might like so we can
waste less of your time and the advertisers bandwidth. There's nothing in it
for us to mess with your important private info, and a world of legal and PR
downside. We're just asking to take a peek at your interests so we can guess
at what you might like."

You'd still be justified in saying "nope", but at least you'd feel like you
were treated like not an idiot.

~~~
userbinator
It sounds like pretty typical obfuscatory doublespeak to me. "tailored" really
means "targeted" and "experience" is a word used so often that it has lost
almost all meaning.

The other words that evoke an almost visceral reaction of disgust for me are
"offers" and "deals".

~~~
FlaceBook
It's a disruptive synergistic cloud experience!

~~~
TheOtherHobbes
You mean it's a disruptive synergistic cloud experience offer!

There seems to be some kind of institutional mental illness that forces corps
to think of users as exploitable prey who can be herded down a value-
extracting marketing funnel, and not as people who want a service.

It's disturbingly common, IME.

~~~
Abraln
I have alway thought "converting users to our brand" sounds suspiciously like
"converting people to our religion/cult" just say you want loyal customers,
not "devoted followers."

------
jotux
Apple should ban the app for this, right?

[http://danielamitay.com/blog/2015/5/29/shutting-
down-a-500mm...](http://danielamitay.com/blog/2015/5/29/shutting-down-a-500mm-
requestsmonth-api)

~~~
ajays
Is there an API in iOS to get information about other apps? How is Twitter
doing it? I thought all apps were 'sandboxed' in iOS.

~~~
kranner
Apps can register custom URL schemes to enable other apps to open them, pass
them data and even deep-link to within them. There is an official API called
canOpenUrl: which will let you check if a particular URL scheme is registered
on a particular device. So that, along with a database of public URL schemes
published by other apps, lets you detect which apps are installed.

I wasn't aware of this before but apparently you can also use sysctl() to
check the names of running processes (which is less reliable as processes will
get bumped off if the foreground app requires more memory).

More here: [http://danielamitay.com/blog/2011/2/16/how-to-detect-
install...](http://danielamitay.com/blog/2011/2/16/how-to-detect-installed-
ios-apps)

~~~
leonatan
There is also private API that is not very difficult to hide, which gives you
all the installed app bundle identifiers.

~~~
kranner
How would you hide calls to private APIs?

~~~
geofft
Hardcode the address on all known platforms and skip it on unknown ones, or
disassemble a public function that calls it and figure out the address from
there, or read the Mach-O headers and write your own dlsym, etc. etc.

Apple once blocked a updates for everyone using a common SDK because it had
named a symbol something that happened to be the name of an unrelated private
API, and the review process couldn't tell the difference. That implies things
about the rigor of the review process.

------
fny
Raise your hand if you feel like this is an unwarranted breach of privacy, but
you have a gmail account and heavily depend on Google services.

<ashamed>Raises own hand.</ashamed>

I was so trusting and willing to give away my emails to Google when I was a
kid (despite being fully aware of their intentions), but now, even though
privacy infringements from all these other companies disturb me, I'm still a
hypocritical sheep in Google's herd.

Time to make some pretty heavy changes...

~~~
zxyzzxxx
For most people it is just search and email. Replacing email is easy, but
search is harder since only Google has really accurate and relevant results(
besides other giants that also snoop ). The best way to replace search is to
use engines that respect privacy and if you need relevant results, those that
convey Google's results to you.

~~~
dredmorbius
Search is the easier: DDG. I've been using it all-but-exclusively for nearly
three years solid (and another couple on-and-off before). I do still make use
of some Google special collections (Scholar, Books), and for time-bound
searches (really wish DDG would support those).

Email took me a while longer to sort, but while I have a primary personal
account somewhere safe, anonymous / pseudonymous accounts were harder to
provision. Yahoo and Microsoft both throw barriers (phone confirmation
required) in the way. I ended up with an inbox.com account, like that.

~~~
zxyzzxxx
DDG is the fastest of all the privacy-respecting engines, but it consistently
gives me the least accurate results. It works if you search for mainstream
keywords, otherwise it mostly doesn't.

~~~
ajays
Google's strength lies in (and always has been in) the tail and ambiguous
queries. Everyone can get the query "facebook" right; try the query "how to
disassemble tile" on Google[1] and Yahoo[2] or Bing[3]. Google knows the
difference between "tile" (the gadget) and "tiles".

[1]
[https://www.google.com/#safe=off&q=how+to+disassemble+tile](https://www.google.com/#safe=off&q=how+to+disassemble+tile)

[2]
[https://search.yahoo.com/search?p=how+to+disassemble+tile&fr...](https://search.yahoo.com/search?p=how+to+disassemble+tile&fr2=sb-
top-search&fr=sfp)

[3]
[http://www.bing.com/search?q=how+to+disassemble+tile](http://www.bing.com/search?q=how+to+disassemble+tile)

~~~
e12e
Interesting example. The results for ddg improve dramatically if you add
"tracker" ("tile tracker"). I'm not sure I'd consider Google's default results
better -- but then I don't own a "Tile". I do get that inferring that the
connection "disasemble tile" implies something other than ceramic tiles (as
opposed to "repair tile" \-- here ddg and google are very similar for "repair
tile" and "repair tile tracker" \-- although none seem to give a result for
software/a device to track progress of repairing ceramic tiles...).

------
thought_alarm
> > What is Twitter using my app graph for?

> Twitter is using your app graph to help build a more tailored experience for
> you on Twitter.

No thanks.

> Some examples of how we may use your graph data include:

> \- Improved “who to follow” suggestions that share similar interests

No.

> \- Adding Tweets, accounts, or other content to your timeline that we think
> you'll find especially interesting

Good lord, no.

> \- Showing you more relevant promoted content.

Please, no.

~~~
djent
Amazing they're doing all this trying to make their service "better," yet they
continuously show me a feed of content I resent.

~~~
JimDabell
> they continuously show me a feed of content I resent.

Then why do you use Twitter at all?

~~~
djent
To be clear, I don't hate the content I choose to view from the people I
follow, I hate the content that Twitter provides for advertising. There was a
weird time when Twitter was actually showing me relevant ads - about computer
stuff, startups (close enough). Now the ads are all random.

~~~
chinpokomon
Maybe they'd do a better job if they knew what asps you have installed? /s

------
deepuj
Please leave a comment on the app store. That is the only way these companies
will learn to not snoop on their users:

iOS -
[https://itunes.apple.com/us/app/twitter/id333903271?mt=8](https://itunes.apple.com/us/app/twitter/id333903271?mt=8)

Android -
[https://play.google.com/store/apps/details?id=com.twitter.an...](https://play.google.com/store/apps/details?id=com.twitter.android)

------
lxe
I wonder if the Twitter app will also be removed from the Apple Store due to
using "public APIs in a manner nor prescribed by Apple." Hint: it won't.

~~~
TazeTSchnitzel
Apple may not remove it, they'll just refuse updates.

------
zxyzzxxx
_We 've designed app graph to exclude apps that appear to be especially
sensitive, such as ones dealing with your health, sexual orientation, or
religious beliefs._

I was alarmed until I read this. It is really nice of them to choose to keep
our sensitive private information private. Thanks Twitter!

( Of course I completely trust Twitter to make the right decision on which
apps are considered sensitive. )

~~~
pushrax
The sarcasm is strong in this one. Hopefully.

------
stbullard
The majority of Twitter's revenue comes from mobile ads, and app install ads
are a major component of that major component. Knowing what apps you do or
don't have installed allows them to better target app install ads, and I
imagine that's the reason for collecting this data.

So, if you don't have Clash of Clans installed, they can show you a Clash of
Clans ad. If do you have Clash of Clans installed, they can then prompt you to
reengage with it, or suggest other apps you're likely to install on the basis
of your having shown an interest in games.

------
athenot
Ironically, currently a few entries away from this article on HN, there's this
one [1] about iHasApp that has shut down due to "using public APIs in a manner
not prescribed by Apple".

[1]
[https://news.ycombinator.com/item?id=9625916](https://news.ycombinator.com/item?id=9625916)

~~~
snowwrestler
That article links to this Twitter support page, which is undoubtedly why
someone submitted this to HN.

------
brianstorms
This is such bullshit. I refuse to use any app that does this kind of
snooping. Twitter ought to be ashamed of itself.

------
tacone
Simply put: if you have to setup a help page like this, you probably shouldn't
have added such feature first place.

------
MereInterest
That sounds rather scummy. Any time you are collecting information unrelated
to your own application is inexcusable.

------
RyJones
I do not trust Twitter to do the right thing with the special level of trust
Apple has granted them.

~~~
shit_parade2
btdollar it appears you've been hell banned.

I really think this is a cruel waste of peoples time, and HN should strongly
reconsider this method of moderation.

EDIT: Down votes for telling someone they are hell banned? Pathetic.

~~~
oh_sigh
How would you know if someone else is hellbanned?

------
wintom
Just removed the Twitter app... Sorry Twitter but no thank you.

------
suprgeek
Notice how they casually slip in "..and occasionally updating". This means
that Twitter now has a nice list of all apps on your Mobile via the malicious
Twitter app that snoops on your phone. They get to then sell this info to
advertisers so that they can tailor their "tweets" to you.

And Twitter is a relatively good citizen as far as apps go. Just imagine what
other apps who don't care where their next buck comes from are capable
of...truly scary stuff.

~~~
dm2
The worse problem is that even if you do research on the developers and owners
of an app before allowing a permission that warrants a lot of trust, they can
at any time be sold to a scummy company or data-mining agency who exploits the
trusting user-base. This is exactly what happened to SourceForge.

------
unclebucknasty
"App graph". Something about that phrase makes it sound even sneakier, like an
innocuous technical thing that has nothing to do with people. Nothing to see
here. Just an app graph.

I think I will build a social network where your profile pic is a split screen
of your headshot and your exposed genitals. You will use your real name, home
address, and cell phone number, and frequently upload your credit card
statements.

This way, we can all just get it over with already.

~~~
A_COMPUTER
So basically just a frontend to Experian?

------
austenallred
"You can opt out any time...three stages deep in the settings." What a cop
out.

That's provided because 99% will never even know it's there. It doesn't matter
if it's technically an option.

When your product is used by millions of people and updates automatically, the
defaults matter.

~~~
austinhutch
Not only that, I followed the instructions (on iOS) and there is no "Tailor
Twitter based on my apps", only "Tailor ads based on info from ad partners".

------
kumarm
Twitter really is a terrible: Refer to first comment in link below. In the
name of providing open source tools to Developers, They are collecting Contact
lists of app users that has their SDK's:
[http://www.reddit.com/r/androiddev/comments/37hx7y/twitter_j...](http://www.reddit.com/r/androiddev/comments/37hx7y/twitter_just_open_sourced_twitter_kit_and_digits/crn9ivi)

------
icehawk
_" We will notify you about this feature being turned on for your account by
showing a prompt letting you know that to help tailor your experience, Twitter
uses the apps on your device. Until you see this prompt, this setting is
turned off and we are not collecting a list of your apps. If you do not see
Tailor Twitter based on my apps in your account settings, app graph collection
is not occurring for your account."_

------
benguild
This should be opt-in not opt-out.

------
WhitneyLand
This is how they do it:
[https://github.com/danielamitay/iHasApp](https://github.com/danielamitay/iHasApp)

The read me explains that Apple does not approve of this.

Twitter should back off on this. The goodwill lost is not worth what they are
getting here.

------
adwn
Upon reading this, this is the first thing that came to my mind:
[https://i.imgur.com/WiOMq.jpg](https://i.imgur.com/WiOMq.jpg)

Now, how do we get people to pay for the services they use? Is that even
desirable for us, the consumers?

------
amluto
Why do iOS and Android give apps this data in the first place? Mobile apps
will invariably abuse any trust granted to them, so platforms should just stop
granting any more trust than necessary.

~~~
WhitneyLand
They don't explicitly provide it. Twitter uses a form of IPC built into iOS
(canOpenUrl) to find out by brute force whether or not well known apps are
installed.

In other words if you just submitted mynewobscureapp to the AppStore, Twitter
would not be able to detect it until they added your app to their targeted
list.

~~~
__z
Sounds like the technique that uses CSS to "brute force" your browser history.
[http://davidwalsh.name/jquery-spyjax](http://davidwalsh.name/jquery-spyjax)

------
Rainymood
I hate how this is opt-out instead of opt-in.

I can see why they want to do this but it just feels kind of icky or
something.

------
JoshTriplett
One more reason I'm glad I don't use the official Twitter app. I highly
recommend Twidere.

------
frontsideair
It's been said, but really, it should be opt-in rather than opt-out. If you
really need this, just ask. If I'm feeling particularly nice that day, I might
even allow it, but when I discover their mischief after they've done it,
there's no way I'll be okay with it.

If there's one good thing, they remove the data they've collected from you if
you opt-out. (But it'll be already fed to the machine learning system, I
guess.)

------
cageface
I removed Twitter and Facebook from my phone because I found them too
distracting. Not having them snoop on what else is on my phone is just a
bonus.

~~~
aikah
to be fair the web apps work well. I did the same on my mobile, no more
snooping. But i had to root my phone to remove Twitter and Facebook so
everybody can't do that.

------
mschuster91
And while making the UX of their Android app shittier and shittier, they block
popular 3rd party clients. This time on the shitlist: tweecha
([https://twitter.com/tweecha_en](https://twitter.com/tweecha_en)).

Seriously, I like Twitter but the way they keep degrading the user experience,
it's no wonder people leave en masse.

------
jamesmcq24
Ugh! It's such a shame companies like Twitter do this shit. I'll admit,
twitter and facebook provide useful services, they really do, but it's all
this sneaky invasive stuff that makes me hate it all. I know you have to make
money, but this kind of behavior is going to be their downfall.

------
ricardobeat
I am using the latest iOS version and the setting to disable this is nowhere
to find. This is fucked up.

------
hellbanTHIS
It's hilarious how these guys have spent billions looking for the lost city of
targeted advertising and all they've done is invent new ways of scaring away
customers.

How about telling us what's on sale at nearby grocery or hardware stores?

------
droithomme
Only? I don't want Twitter to collect a list of applications I have installed.
That is none of their business, massively violates my privacy, is an illegal
practice in many countries, and constitutes a unique fingerprint.

------
endymi0n
Ihasapp (2011):
[https://github.com/danielamitay/iHasApp/blob/master/README.m...](https://github.com/danielamitay/iHasApp/blob/master/README.md)

Discussion here:
[https://news.ycombinator.com/item?id=8671080](https://news.ycombinator.com/item?id=8671080)

Fun fact: Lots of major analytics SDKs read out your app list in this way
(Android is even simpler). Your app list is already known to lots of 3rd
parties if you have downloaded any of about 80% of the top 100 apps in the
last 4 years.

------
chippy
Questions about using an older version. I no longer update my mobile apps.
Twitter state:

"On versions of Twitter for iOS before 6.19.1, the Tailor Twitter based on my
apps setting may not display correctly. If you are impacted by this issue,
please upgrade to the latest version of Twitter for iOS."

Does this mean that it is disabled for those old versions? Does it mean that
they will do it but users will not be able to disable it? Does it imply that
the old apps are already sending this data to them? Or is it a ploy to get
people to upgrade, and not upgrading could also be a way to remain more
private?

------
nkw
Well that took about 2 seconds to delete..

------
abalone
How does Twitter actually do this on iOS? Is it only apps that use Twitter
logins? Are they using canOpenURL (I kind of doubt it)? sysctl()?

------
ssddEErr
Hehe, well yeah... thanks but no thanks. I mean at least they are honest about
it, but when this option exists within the app, doesn't mean that they are not
using it. Maybe they are just not giving you your "tailored" information but
are still grifting your data.

------
brettcvz
I would say it's safe to assume many, many apps do this. For anyone looking to
tailor ads/recommendations to their users, the opportunity to peek at all the
apps you have installed is too tempting to resist.

------
coupdejarnac
My solution is to install as few apps as possible. Go to mobile website, from
browser menu select "Add to Home Screen". I get fewer features that way but
fewer distractions.

~~~
robmiller
> I get fewer features that way but fewer distractions.

Not necessarily. I use the Facebook web app because I'm not crippled from
using Messenger as I am on their main app. Who needs the notifications anyway?

And seriously, why does Facebook need to be a >30 MB download? It's just a
frontend pulling from an API.

------
chris_wot
Stick this in 140 characters: "Twitter has and always will suck, as a service
and as a corporation".

The medium is ridiculous, I really see it as the dumbing down of our society.

------
Aoyagi
Just out of curiosity, is there even something else in the "other" part of the
Twitter client's settings, or is that just a typical obfuscation?

------
venomsnake
Geee thanks twitter ... you can learn nothing for me from the fact that I have
grindr installed /sarcasm

------
flurp
I see a lot of (rightfully) upset comments but this doesn't really come as a
surprise to me given that Twitter (and others like FB, GOOG, ad networks)
already track websites you visit.

I know there are ways of blocking that but I would have a hard time believing
that many (outside of HN readers) block that type of tracking.

------
ing33k
stopped using their native app few months ago , hope they won't remove their
mobile web app . even if they do I will just spend more time on hacker news !

------
panjaro
What the F __* is wrong these big money makers?

------
ciokan
Android user? Just go to settings > applications and count how many times
'Google' appears in there. Twitter is a small child

------
chasing
What the fuck? Is it April Fools?

------
FlaceBook
It amazes me that people are still dumb enough to install apps from any of the
social networks.

------
staunch
If the app checked what other apps were installed and used that data locally,
no big deal. Calling home with private user data is evil.

~~~
unclebucknasty
I'm trying to think of a scenario wherein an app would wholesale collect all
other installed apps for local use. Querying for specific capability via the
existence of an app or URL handler, maybe. But iterating all installed apps?

~~~
icebraining
Tasker (for Android) does, to let you choose one to launch automatically when
something happens. But apart from automation and possibly "personal
analytics", I don't remember any other use case.

