Branch - these guys provide deep links into phones and tools to analyze who clicked on the links and if they worked.
mParticle, Appsflyer, Braze formerly Appboy, Appboy all provide internal app marketing teams tools like mobile push or analytics from the app on the phone.
While NewRelic, letsencrypt (free SSL certificates), crashalytics etc are all developer tools to monitor usage and issues with your app.
In summary majority are 3 classes of traffic: CDNs which cache data, Marketing tools such as deep linking analytics etc, and finally developer tools.
Seems like a missed opportunity for Apple and Google to allow users to opt in or out but send data back to one place and then push that out to all these guys so the phone isn’t sending the same data over and over to so many partners and wasting battery.
But the public claim, "it saves battery life!" would not make it defensible for most analytics companies, in my opinion. That would mean Google and Apple get duplicated access to just about all mobile analytics data in the world overnight. They already get vast data from the mobile phones through telemetry and their own apps; I think the largest third party analytics providers would revolt. They would all be at the mercy of Apple and Google's benevolence, which is basically backing their business into a corner. You don't want to be reliant on the whims of a giant tech company.
There are probably also some (maybe weak) anti-trust arguments against it, because all analytics other than e.g. Google Analytics become literal second class citizens on the phone. That would basically be telling app developers they're not allowed to send requests to specific hosts within their apps, only Apple and Google can do that (on their respective phones).
So I don't know if this is a missed opportunity, so much as Apple and Google realizing it would burn their walled gardens to the ground.
Would anyone care? I don't think a game company is going to refuse to publish on iTunes or Google Play because some tool they use for analytics stops working.
Nothing against analytics companies, but they just aren't a relevant party in Apple's (or Google's) ecosystem.
I don't see why these companies can't simply push all analytics to their own servers then out to the analytics company, bypassing apple/google.
Most of the biggest mobile games companies have custom analytics engines and likely do this anyway.
Furthermore, from experience, duplication within a single app often happens all on its own because, say, different departments use different toolchains with different integrations, thus want different analytics providers and it's easier to just have the app send to both. It's inefficiencies all the way down because the only one to really pay for this is the user, and the user doesn't know they're paying for this (be it in battery life, PII leakage, etc).
In the short term you're probably right, nothing would "burn" except a lot of developer good will. But in the long term it'd be a great way to get many different parties thinking hard about how to get off your platform or replace you.
Twitter wiped out dev support even more completely than is suggested here, and it hasn't really hurt them aside from some persistent grumbles.
I was not thinking about the anti-trust implications by not allowing folks to send data back but perhaps there is a middle ground.
It could also increase transparency for consumers by allowing the opt in opt out on the device for each app and letting customers know “this app is tracking your clicks on it”.
The one point about them essentially getting all data, don’t you think they are already doing this? Look at the amount of calls the iPhone is doing back to Apple or the amount of data Android is shipping to Google. I believe they literally are already doing all of it, this would just be a way to give developers access to what they want transparently and reduce the number of unnecessary calls, all the calls would still happen but server side.
Wait, what? How would a client app get SSL certs from letsencrypt?
Regarding Android: I switched to Android for the "NoRoot Firewall" and since most Android phones are Root-able I can also edit my hosts file.
The article gives a very good analysis of what I have been telling friends, and my constant complain towards that Cancer called Facebook: why does my e-banking app or Booking.com or practically every air carrier's app, need to alert FB that I am using this or that app?
Anyone with an Android can install that NoRoot Firewall and see in 60seconds what their phones are doing when you are not looking. This in combination with the applications running in the background 24/7 makes privacy a thing of the past.
Facebook has no business knowing when I'm making trades, listening to music, sending money or anything else.
A simple example:
What I mean is you wipe the phone, reinstall either AOSP or LineageOS (or other custom ROM), do NOT install any Google Apps (to include Google Play Services, Google Store, Google Maps, etc.). Use F-Droid (https://f-droid.org/) as your App Store.
I have been using OsmAnd (https://osmand.net/) as my map service.
I saw a very interesting talk last year about how Google Maps is often useless in third world areas, and OpenStreetMaps provides the only useful coverage.
It's due to armies of volunteers mapping an area during disasters, while Google has no economic interest in mapping the area.
Google has an economic interest in mapping anything as long as it's useful to some people. Google is playing a very long term game: provide free services online (Email, Maps, Search...) to entice more and more people to go online. The more Internet users there are in the world, the higher their ad revenues are. It's that simple.
I don't doubt your experience.
The talk is about disaster response, so it only describes maps in regions where a response is taking place.
Elsewhere, the rest of the time, I'm under the impression there is no serious mapping taking place, neither by Google or OSM.
What I found surprising from the talk I linked was instances where there was a hardly usable Google Map to use for the area (just big expanses on the map and the occasional large feature), and the fact that at times up to 1000 volunteers would work together mapping a region at short notice, down to street and building level, by analysing satellite images, and coordinating with responders on the ground.
In the opinion of those disaster responders, those volunteer created maps were much more useful than the Google ones.
We haven't exactly had one of those in decades, so yeah. I'd say it's a bit telling that there's only interest/means for volunteers to map the developing world when there has been a disaster, but I digress.
Google Maps is perfectly usable where I live (apart from its continued if understandable confusion about how...irregular roads and road access can be here), and in my experience has been at least useful in all the cities in my home country I've visited. OpenStreetMaps is...not.
I wish there was a system that lets me whitelist specific hosts per app.
Also, downloading netguard from github will give you the option to use hostfile to block providers (not available via Play Store).
Separately, if you have root should look into XprivacyLua from the same dev
Of course this is only useful at home. As soon as my phone leaves the house, everything is open again.
I’d love to take a look if you end up doing that!
- have full network access
- view network connections
- run at startup
That's a pretty serious list of permissions to consider giving something that while it would seemingly be beneficial, is also a great vector into my phone activity for a malicious actor (not accusing them of being such btw).
By block list is huge at the moment, and have basically stopped installing any apps, or allowing non-allowed apps to update.
I feel the push for DoH will make this even worse - because then you won't even know which servers your apps are connecting to.
There is lots of good security reasons to do this. Further, if they didn't people would just roll a Swift / OBj-C SSL library and do it all themselves, which would be worse I think.
If Apple wanted, they could prohibit the last point by requiring all apps to delete TLS handling to the OS and failing the review otherwise.
Also, we already have several systems to manage app access to things that could potentially be misused. Why not manage user certificates the same way?
E.g., pop up a consent prompt before letting an app install anything - or, if that is too annoying, don't give apps access to the functionality at all and exclusively manage certificates via the system UI.
> It stops people who have root certificates installed on their phone... [emphasis mine]
Indeed. That's my point. I'd consider this a bug, not a feature.
Well, yeah, you need to go beyond a traffic sniffer because if a traffic sniffer was enough, where is the security gain?
Apps using custom certificates is a best practice and absolutely essential for communicating securely with devices that can not participate in the web CA (because, duh, they are not websites). Think your local network WiFi camera.
1. Use AdGuard DNS. https://news.ycombinator.com/item?id=18788410
2. Do not install the app if there's a website equivalent you could use (Facebook, Banking Apps).
3a. Force Stop or Disable apps you use frequently despite web equivalents (Google Maps).
3b. Enable permissions required by apps used occasionally only when in use. Disable them again, once usage is complete (Banking Apps).
4. Use websites on mobile on Firefox with uBlockOrigin/uMatrix, PrivacyBadger, CanvasBlocker, WebRTC blocker.
5. Prefer using 'lite' versions of apps, if you must use an app (Uber Lite).
6. Try to use apps that do not require GooglePlayService or slowly force yourself to (OpenStreetMaps).
7. Use privacy-oriented apps as a replacement to apps that you you use very frequently (Signal, ProtonMail, DuckDuckGo) or use a separate user-profile for those apps (WhatsApp) altogether. https://news.ycombinator.com/item?id=18873433
8. Use LawnChair as your default launcher (or some such privacy oriented launcher).
Of course there's a big matter of Google services running the show underneath, and you couldn't get rid of that unless you went the microG+LineageOS route. https://news.ycombinator.com/item?id=15617615
EFF's Surveillance Self-defense https://ssd.eff.org/en#index
Dumber Phone: https://nomasters.io/posts/dumber-phone/
Bouncer - Temporary app permissions seems to be a brilliant tool for this. I installed it the other day together with Glasswire. Both are paid, and I happily pay (reasonable amounts) for good tools.
Together they should hopefully mitigate the risk connected to useful apps with broad permissions.
Haven't tested them too much yet, so if anyone knows problems with those apps, feel free to let me know.
Bouncer is available here:
Glasswire is here;
Of course, depending on your threat model some of you might never be safe with a smartphone or any portable phone at all. Personally however I feel this might solve it for me for now.
What he is doing will not prevent apps from extracting information and uploading it to their servers. For example, by using an ip address instead of a hostname/domain, an app/service can exclude themselves from the "domain graph" he created with this vpn. Sure you could eventually track down the public ips an app communicates with and block those, but the app will always keep collecting and storing your data, and at some point in time they update their app and change the ip - by the time you notice this your data is already uploaded to the new ip.
The only proper solution is an app firewall for iOS, which is not allowed by Apple.
Apple is crippling our freedom with their walled garden/dictatorship, which makes me sad.
and a way to turn off deep linking
and a way to turn off ble beacons
and the possibility of local location services only such as photo tags, without all the rest.
92% (!!!) of the requests that phone generates got blocked. Laptop is at 5% (admittedly with an adblocker too), iphones at 1%.
The nice thing about this is that it blocks requests from any device in my network, especially from those which cannot be configured with a firewall or adblocker.
We live in a 'fantastic' world where the same people who have made a billion dollar business model of behavioral targeting and creepily stalking people 24/7 aggressively push things like https claiming to care about user privacy and security.
Where Android can be promoted as 'open' in-spite of abusing all the driving principles of open source. Tech folks cannot be unaware of the massive and ever growing surveillance ecosystem in operation and many are infact actively building it, and pretense of surprise by such articles only serves to affect some kind of fabricated normalcy.
It's fascinating to peer into the dark alleys of your iPhone.
I've got it on my list to play with Charles proxy. I'm curious to peer into a few of the requests if possible. But I've read that, especially with mobile apps, they may use cert pinning which defeats something like Charles.
And if so are those responsible for the http (as opposed to https) traffic because they want to see if you're on a captive portal?
Not that many years ago, I had imagined that microcomputers and cellphones would merge. But I was expecting something like Linux. Or at worst, like Windows.
And it clearly didn't work out that way. We have smartphones that are never really owned by users. They run apps that have more rights than they do. With no practical way to change that.
It's sad, because I can't have a smartphone that I can trust. But so it goes.
I'd be interested to know what the Google queries were for. Does he use GMail?
I'm asking because I'd assume for most of their customers it just doesn't reveal much. Everyone shops at supermarkets, Target vs Walmart isn't going to reveal a whole lot more than a residential address.
The car insurance could know if you visit dragstrips, which might imply specific driving habits. Or how often you visit the gas station, from which could be estimated your mileage. Or if you already report your mileage, might be used to estimate you fuel consumption, which could imply specific driving habits.
The health insurance might know if you visit the same bad-neighbourhood address as some known-heroin-users do. Or if you just visit the tobacco shop.
Car insurance gets a lot of information from past claims, age and sex/gender, they aren't going to make a bunch of money turning away a few people that go to dragstrips.
In the US, health insurers are specifically prevented from considering such things in setting their premiums, they get to consider age and smoking. Carriers that offer plans to the general public are also subject to a "guaranteed issue" provision, they are not able to refuse coverage to anyone that can pay.
OpenWRT's adblock package (which I already used) can create a DNS report and each list has a Blacklist/Whitelist button. Superb!