Hacker News new | past | comments | ask | show | jobs | submit login
iOS 13’s privacy pop-ups of Facebook data grabs (techcrunch.com)
200 points by metaphysics 37 days ago | hide | past | web | favorite | 122 comments

I've been using the iOS 13 developer beta for a couple months, and I can confirm that within the first week, several apps from the big 4 requested permissions for things that should be absolutely unnecessary.

iOS 13 has several great privacy-focused changes:

- WiFi SSID is protected behind location permissions (ie, an app must request and be granted location permissions to be able to access the current SSID)

- Bluetooth has additional permission prompts (as detailed in the article)

- When an app has been using location data, the user is periodically prompted to confirm continued background location use (with a map of locations the app has used).

- Safari has several on top of all these, like prompting a user to allow cross-site cookie loading, etc

In some of these, Apple is catching up to Android, and in others, it is ahead. Either way, it seems that most of these come from a directive from inside Apple to clean up 3rd party app behavior, likely prompted by things like last year's analytics & enterprise deployment scandals.

Great! Now, one more thing I’d like to have added: get rid of photo library access and separate this into several permissions:

- write access

- read access (all photos)

- read access (through a special iOS picker that acts as a middle man)

The longer people have their phones, the more photos they have. And with them a whole lot of meta data such as location etc.

I simply don’t trust most apps these days that they really don’t touch any of that data.

Of course, you can already "share" a photo with an app, but this doesn’t let you change a profile picture in Instagram for example.

The cynical person might say: why not stop using these apps in the first place? Because it’s difficult to say who is exploiting photo library access and who is not. Does VSCO do it? I’d think they have no interest, but it’s too much based on trust vs. something I can control.

> The longer people have their phones, the more photos they have. And with them a whole lot of meta data such as location etc.

Stripping location metadata before handing photos off to apps would be nice too.

IOS does this for apps that don't have photo library permissions and use the system photo picker.

Yes, this is actually one of my biggest peeves. iOS 13 takes a good step in the right direction by creating 'only once' permissions, but I'd also like it to be 'only this photo' (or perhaps iOS already does this if an app uses the standard photo picker?)

No, full photo access is required for an app to pick photos using the standard picker (as of iOS 12 anyway). I also wish they would separate these. I think it’s a legacy thing, since the photo picker pre-dates the remote-view-controller stuff used to isolate apps from system views (first seen when they introduced the in-app “safari view controller” thing)

And the same with contacts! I should be able to select the minimum of contacts that some app sees. And also to narrow down which fields of all possible contact fields.

This is something I've been wishing for too! Apple does have this differentiation in permissions but it leaves it to the developers to ask for and respect. This permission should be akin to the location permission - enforced and differentiated by the OS and not the dev.

> In some of these, Apple is catching up to Android

Where Android/Google itself is a bigger problem perhaps than the 3rd party apps.

What's funny is with Android 10 you get these prompts now too (can't say how comparative the two features are though). My biggest offender is Google's apps requesting location access in the background; Hangouts, Messenger, Phone, etc. all asking for access when I'm not using the app. Naturally I block them, but since they're all Google products I wonder how much that even matters.

Since Google Play Services is the location provider on most Android phones, Google already has everything. At least with newer Android versions Facebook is blocked from accessing your location...

AFAIK, if no apps are requesting location through Play Services/location is disabled then Google wouldn't get anything?

One of the things that lead me to drop Gmail was the fact that the Gmail app on my phone started harassing me to turn location services back on. Why does it need to know my GPS coords to send an email?

Plus they added mouse support (on iPad). iOS 13 really is a great release. I just wish they allowed you to full hide the mouse cursor when the mouse isn't plugged in (the option that implies it does exactly that does not).

You can use the accessibility shortcut to quickly turn on/off the cursor.

Its constant presence is an artifact of apple pretending the mouse will only be used by those who need the pointer always for accessibility reasons.

Have you tested this? Is it true mouse support, with a right click (for things like remote desktop) and everything?

You can customize what different mouse buttons do. I've used it every day for months, no substantial problems.

As I said above the only real criticism I have is that the pointer/accessibility box doesn't disappear when the mouse is disconnected.

I haven't tried it over Remote Desktop (I don't know if the "raw" mouse presses are relayed), only to interact with native iOS Apps.

Mouse on an iPhone?

Apple is catching up to Android in privacy ? Good joke :)

WiFi SSID has been behind a location permission gate on Android for several releases

It looks like this was released either in 8.x[0] or 9.x[1] series. Unclear to me which one. That means that only up to about 1/3 of Android devices[2] have the feature. Version distribution is one of the things that seems to tip stuff like this in favor in iOS[3].

Admittedly, the distribution of Android devices on 8.x+ is higher than I even expected before looking at this.

[0] https://developer.android.com/guide/topics/connectivity/wifi...

[1] https://developer.android.com/about/versions/pie/android-9.0...

[2] https://developer.android.com/about/dashboards

[3] https://developer.apple.com/support/app-store/

Location access started being required for WiFi scans in Android 6.0 Marshmallow (2015).


By eye, that covers nearly 75% of current devices.

Thank you. I figured I was probably missing something on that point.

And yet "Phone status and identity" are somehow still one permission like a decade later.

How on earth it occurred to someone in the first place, that determining whether the phone is in use or not and reading the phone #, IMEI, etc. should be the same permission is beyond me.

This kind of comment indicates how effective the marketing/media kool-aid has been. Having paid very close attention to how both systems work (and having used both iOS and Android extensively in recent months), I don't think I'd necessarily declare either of these platforms a clear privacy champion.

If you’re trusting third-party apps with important data and not effectively restricting their permissions, then the OS doesn’t really matter. I’m glad that Apple is doing more to make permissions granular. If you don’t install anything outside of what your phone came with, iOS would certainly be the clear privacy champion.

On iOS, your adversaries are third-party app developers. On Android, your adversaries are third-party app developers and the OS vendor, whose entire business model is hoovering up your data. iOS is, in mathematical jargon, strictly better on that basis alone.

How exactly is in case of Android the OS vendor the adversary? Considering the fact it was Apple that lied about not streaming Siri conversations while giving them out to 3rd parties? With no ability to revoke consent or even choose?

Also Apple (as opposed to Google) is the one actively cooperating with Chinese government and giving them decryption keys for iCloud.

If you look beyond the marketing spiel it's kinda ridiculous marking one of those corporations to be more trustworthy than the other.

> Considering the fact it was Apple that lied about not streaming Siri conversations while giving them out to 3rd parties?

Sorry, what?

1.) Apple plasters a building sized "What happens on your iPhone, stays on your iPhone" ads to mock competition in CES: https://9to5mac.com/2019/01/05/apple-privacy-billboard-vegas... [January 5th]

2.) Apple admits it was giving Siri recordings to contractors with no ability to opt out of the functionality. This included false activations not meant for Siri. Seemingly what happened near iPhones did not stay on iPhones:

https://www.theverge.com/2019/8/23/20830120/apple-contractor... [August 29th]

3.) In 2016 Apple shifted their iCloud servers to China to abide Chinese limitations and give access to content on governmental request. It seems, again, what happens on iPhone does not stay on iPhones: https://www.latimes.com/business/technology/la-fi-apple-chin...

But of course, this whole topic on HN shows that the money on marketing is well spent. Lesson for Google and Facebook: up the marketing spending to keep repeating how privacy concious they are. ;)

Does an App have to request Bluetooth permission for playing audio over Bluetooth headphones?

I don’t think so. Access to audio over Bluetooth goes through a separate system that is mostly opaque to the app.

No, that's handled by the system

These changes sounds great but sadly my iPad Air gen1 won't get iOS 13/iPadOS 13; I really wish they would come up with such improvements earlier.

This article sold me in switching to iPhone. It's like everything about Facebook dating seems like a eugenic program to favour people with a naive and submissive tendency toward power and authorities.

As a technology change, online dating has become a "radical monopoly (Illich)," in the sense that whether you use it or not, you are subject to it, the way a cyclist is subject to the car, and any algorithmic bias or site policy is in effect a eugenics program. Of course nobody criticizes something when they are winning, and an ostensible losers view of dating is the very popular definition of disgusting, but for a ubiquitous global company whose business model reduces to selling ads on addictive pocket slot machines to become a dominant player in the genetic selection game should give people at least some pause.

I just switched two months ago. Been an Android users since 3.x days.

I switched mostly for privacy reasons as as well. The original idea of why I liked Android: open source / Linux based, I developed apps for it, are not as important as giving too much control and my data to Google at this point.

Been pretty happy with it as a new user. At first it was hard getting used to not having a back button where I expected it but after a few days got used to it.

I like that there is an Apple store I can go to.

The interface is slick and nice, however, I'd have have to say in recent years Android mostly caught up in that regard.

But most of all, I like that Apple's primary business is not selling my info so I am happy to pay a premium to have a bit more privacy.

> having a back button where I expected it but after a few days got used to it.

Dont forget that iOS has an almost universal left swipe gesture that doesn't require acknowledging the top left-back chevron

It also has an optional swipe down gesture at the very bottom of the screen to cut the screen size in half, useful for hitting the back button if you have to

> It also has an optional swipe down gesture at the very bottom of the screen to cut the screen size in half, useful for hitting the back button if you have to

Double-tap the home button for Reachability on iPhone 8 and older.

I didn't know that. Thank you! It makes it even easier.

> The interface is slick and nice, however, I'd have have to say in recent years Android mostly caught up in that regard.

How would you say are the apps in this regard? Are ios apps more standardized than android's?

Yes and there seems to be more developer time invested in iOS apps than Android apps for smoothness—developers know they make more money from their iOS users even taking into account how many more Android devices there are.

You might miss not being able to set third-party apps as default for certain actions, but I think this is a valid trade-off for maintaining standards and share extensions are almost as good.

There’s an app called Opener that lets you open third party apps in the relevant pages quickly. Not as fluid as Android but still quick. Personally I’ve been very happy with iOS since the switch a year ago. I’d like to point out that the biggest charm of the gestures is that it’s essentially system wide, including third party apps. Swipe to go back and tap to scroll up are just too convenient and natural for me to go back.

Definitely. I used Android for almost 5 years and I use iOS for 2 now.

iOS apps on average are definitely faster, smoother and well-made in terms of visual beauty.

I think they are from a few apps I have. But I also don't use that many apps to start with, others might have a better opinion there.

"It's like everything about Facebook dating seems like a eugenic program to favour people with a naive and submissive tendency toward power and authorities."

That makes a great quote!

Or future Andrew Niccol movie!

I have been an Android developer since Android 1.6 - I switched my personal phone to iPhone and no regrets, especially not after all the Google decisions (and banning of developer acounts), their data collection and changing everything in every release. They can't seem to focus on anything and there is no one single long term plan and roadmap, every Android team is doing something else.

Sorry but by your logic everything is a eugenics programme. My train being late causing me to not meet my future partner in another timeline fits your definition of technology and policy and algorithms, but that's sure as hell not a eugenics programme. Pretty much anything that causes me to meet or not to meet somebody is also not a eugenics programme.

And using Facebook does not mean you're submissive to a higher authority. Most people use it because there's no choice if you want your circle of friends to survive long term.

No need to apologize. Given this tech is precisely intended as a tool for people to meet each other, and the service value add is the filtering of options based on data they have collected by surveillance, that would distinguish it from say, a train.

If that's the line you're drawing, then I can understand where you're coming from more, but anything opt-in still doesn't seem to qualify as eugenics.

There was dating services in meatspace long before OKC, Tinder and now FB. Much of the same data given to them was similar to what Facebook has. Do those services class as eugenics?

A more concrete analogy would be if you donated to an egg or sperm bank, and found out later that the hospital had destroyed samples after checking the donors linkedin profiles for employment gaps.

If you would really like to turn my innocent quip into an something more inflamatory, I'd say a lack of informed consent by users about the use of their data, obtained by surveillance, used to impose opportunity costs on their reproductive prospects, structured around the commercial and political agenda of a company who makes addictive products - would be a pretty awful thing to countenance indeed.

I'm sure the lawyers and bioethicists have got it all sorted out.

Matching people based on their survieled unintentional preferences instead of their stated intentional ones seems helpful, except I'd propose that the combination of opacity and power difference ethically deprives the subjects of their intent.

They may have volunteered for the opportunity, but they have not volunteered to be chosen for. The selection bias inherent in secret data is the expression of the intent of the administrator, not the intent of the subjects.

Taking this beyond a quip wades much deeper into thorny ethical issues than is really useful on HN, but I hope this has emphasized the value of letting sleeping dogs lie.

I do appreciate you taking the time to expand upon your point.

> a eugenic program to favour people with a naive and submissive tendency toward power and authorities

Sounds like domestication.


These questions seem rather loaded.

You're essentially arguing that Apple is secretly breaking EU and California law and then asking us to proven that your supposition isn't true.

If you know of evidence that they are, by all means please share, but with the status quo there's no specific need to address issues that have no known basis in fact.

Huh, all that and I didn’t see an explicit call out to how Apple has changed the location sharing in the background prompts to include a creepy map, prompting you to wake up a bit instead of automatically hitting Allow location sharing: https://techcrunch.com/2019/07/18/ios-13-security-privacy

Wow. What's the opposite of an anti-pattern? Because in terms of visualizing the privacy implications that deserves real praise and likely took quite a bit of work.

They should be proud of that, and it makes it seem like their privacy push is more than just a momentary marking-led move.

Oh it's definitely at least partially a marketing issue. They're very keen to promote to users that iOS provides strong controls over privacy, it's a clear differentiator and selling point.

I just don't think that's enough to explain it. Apple was all-in on user privacy right for the beginning, back when their market cap was a small fraction of what it is now, when Wall Street was salivating over the huge profits to be made out of mining social graphs, and when Google was offering big money for access to user data. Instead Apple decided to put up the finger to Google, until then a close partner, and spent billions of dollars building Apple Maps.

There is absolutely no way Apple could possibly have expected a marginal marketing advantage, which was very minimal at first for many years, to compensate for the very lucrative immediate opportunities they gave up. The financial incentive argument just doesn't come close to adding up.

Since installing the iOS 13 beta I've noticed a bunch of apps asking for bluetooth access. I haven't kept track of every one but I do remember YouTube and Netflix asking for it on their first launch. Thankfully, I haven't witnessed any app failing to work by denying the request though.

The Bird (scooter) iPhone app asked me for Bluetooth. It said something about "nearby scooters" which I think is a flat out lie because you unlock them via QR code? Probably also tracking...

Well let’s be realistic, it said nearby scooters. Not “unlock scooters.”

There is the completely valid use case of a scooter that isn’t able to send it’s location to the app yet is close by to you. So it can be found with Bluetooth.

That isn’t to say that the app is isn’t tracking where you go, it doesn’t need the Bluetooth connection to its scooters because you need to turn GPS on to find the scooters.

The app forsure is tracking where you go. There are some areas that are “slow zones” where the scooter won’t go past a certain mph and is throttled. This is done in real time.

I've built a scooter app. Bluetooth can help with a few things including closing rides when the user has bad cell coverage.

Ahh actually this makes a lot of sense. The thing is, I don't "pair" the scooter I ride - maybe it's Bluetooth LE?

Actually, I have an android phone around here somewhere loaded up with a BLE inspector app, gonna see if they actually broadcast bluetooth :-p

COUP scooters (popular in Germany and Spain) use Bluetooth for unlocking it before starting the drive. Not sure what is the reason for that vs. unlocking it through internet connection though.

Faster? More resilient? If they went through the cellular network, there would be more latency, and if the scooter is in a place with poor network coverage, it might not work at all.

(I'm assuming that most phones have better reception than the cheap cellular modems inside scooters)

Youtube and netflix likely do this to discover TVs that you can cast your video to

As far as I'm aware, AirPlay is handled at the OS level so the individual apps don't need permission for peer to peer AirPlay. And of course standard AirPlay is all mDNS for discovery.

For ChromecastI believe it's either SSDP or mDNS, and I don't think they have a P2P casting option IIRC.

The Cast SDK uses Bluetooth so "guests" can cast to your Chromecast.

Then Apple needs to implement an API handler for casting video to TV, instead of letting the app handle it.

It already does? AirPlay / AirDrop .

The one that baffled me the most was the Citi Mobile banking app asking for Bluetooth. Like… what? What possible use is Bluetooth information to a banking app?

>Like… what? What possible use is Bluetooth information to a banking app?

"anti fraud"

Continued: its a rhetorical question of course, there’s only one use and its user tracking.

They’re all listed in Settings > Privacy > Bluetooth, unless uninstalled.

Tell your non-it friends to uninstall the facebook app and use the web browser interface instead if they want to stay on facebook.

Preferably they also block all 3rd party cookies, use an ad-blocker and occasionally delete all cookies and reset their Ad-Id.


Use facebook over tor.

Also check out Richard Stallman's recommendation on using facebook for organizations:


RMS’s recommendations are actually surprisingly reasonable and a more nuanced take than I was expecting. I think it’s a pretty realistic thing for many organizations to do.

For sure. He is pretty reasonable guy. Just over a decade ago I have CS friends who make fun of him for his appearances. Now at least I think what he talked regarding Free/ Or at the very least Open Source software is prophetic for that time.

Since mobile browsers now support native notifications and Facebook's website supports browser notifications, you can get most of the benefits of having a Facebook app without actually having to have one (inc. reduced battery drain, reduced privacy invasion, and so on).

My current setup is Facebook.com notifications via Chrome [Android] browser and Messenger Lite. It is still spying on me but the impact is substantially diminished.

I replaced Messenger Lite with Disa which is a (when's the last time you heard this) multi-protocol instant messenger platform. Works pretty well for those of my friend who can't get off messenger.

I've told my parents multiple times that the Facebook Android app is likely what's causing it to get warm, crash and run slow, and to uninstall it. I get a blank stare every time. You can lead a horse to water...!

Is there an alternative to the Messenger app? I've been unable to convince some friends to move off of this.

You can chat and browse on https://mbasic.facebook.com . It's html-only.

My old Andriod phone won't let me load that page. It force opens the Play Store and wants me to install messenger. So I can load Facebook through Chrome, but I can't chat to anyone.

Have you tried a different browser?

I've had some success getting friends and family to install Signal.

Some third party apps allow messages iirc. Of course then you need to trust the dev

m.basic.facebook.com used to allow you to use Messenger (although not a rich experience). However, Facebook and been closing access to messaging outside of the app for awhile now.

While this is great, it is really about 12.5 versions too late, isn’t it? Something like a Facebook graph is already huge, and they surely don’t care quite so much if, all these years later, restraints finally come into play for new information?

A far more damaging thing to these social networks would be mega-scale winnowing and chaffing: where OSes and devices basically start to lie through their teeth when apps come calling. I am more than willing to “let” Facebook think that I went to 500 places I’ve never been, and I am willing to let them think I am connected to hundreds of people that I don’t actually know. Let us, please, ruin their entire graph: take what truth they have obtained through questionable means, and pack it with garbage.

Of course, Facebook would also be smart enough to put a timestamp on what they already know so you can’t just give them new garbage. Let these devices give every app and website “old” fake details, as well. For example, let them pretend that three years ago I was at a certain location, or that I was in proximity to a certain person in the year 1999. I’m not so interested in protecting current details, as I am with protecting my entire history of details.

Agreed. While I'm all for ending their undisputed free reign on collecting personal information, I also think their well should be poisoned to the point it becomes useless to them.

This is why I will continue to buy 1k iPhones and 3k laptops. Apple is really making the surveillance inc companies afraid.

edit: spelling.

Funny, when trying to read this article, I got a privacy pop-up about creepy data grabs from “the Oath family”.

Temporarily disabling JS helps.

I usually don't want / remember to do that though, in these cases I skip "Oath family" articles. And I really dislike this popup, it links to 100+ privacy policies and some of them return 404 errors already.

I'd say they're the worst around.

Why do applications have access to Bluetooth or WiFi ID's in the first place? Seems too low-level for an app to have access to. Aren't these details better left handled by the operating system?

Currently, the only way to access WiFi SSID is indeed from a low level API: CNCopySupportedInterfaces(), a C API for System Configuration.

This is useful if an app needs to know whether the phone is currently using a local network or a cellular modem to connect to the Internet, or to connect to local devices. Unfortunately Apple does not provide a basic API that provides this information without the SSID. (Although in early iOS 13 betas, there was a WiFi framework that might have provided such information. It was removed from later betas, however).

For Bluetooth, apps do not have access to BSSID nor peripheral MAC addresses from advertisements and connections. CoreBluetooth provisions a separate identifier (that is rotated) to prevent apps from gleaning much tracking info outside of the user's consent.

It’s helpful so Spotify can start playing music when I connect my headphones, or so apps like Bose Connect can update my headphones. Most features with privacy implications are also features that can add a ton of value if used correctly. The problem is partially the lack of system messaging and partially lack of morals...

Spotify shouldn’t need BT access to play audio —- there’s a “blessed” API for apps that need BT audio output that won’t require separate authorization.

Your headphone update app more reasonably will need that permission, as its doing more than audio output.

You misunderstand, it’s not for playing back audio as such, it’s for detecting when the headphones connect as well as (maybe?) enabling easy set up of speakers with Spotify Connect.

Similarly Dropcam had a setup mode via Bluetooth, Google Home as well.

Spotify doesn't care whether your headphones are BT or not.

iOS should be doing audio device discovery and notifying the apps that request it when a new device is found. Whether you plug some headphones or use bluetooth or airplay or ... shouldn't matter here.

Apple does do device discovery, but it then lets the app show the device names, in fact it’s a requirement to play audio over Bluetooth and a key usability feature of wireless headphones. If your music app doesn’t tell you which device is connected, you’d potentially be surprised every time you hit the Play button. So I’m 99% sure that Apple outright rejects apps that don’t say if you’re connected to Bluetooth, just as they reject apps that don’t say if you’re online. Bluetooth is also disabled for security purposes (if checked in settings) when the phone is locked, including previously paired devices, so it looks to me like they draw the line between security and privacy pretty well, short of forcing all apps to use the same UI conventions.

That’s 100% on Spotify and how they’re implementing playback. I have Sonos speakers and Bluetooth headphones paired with my iPhone, and Overcast is able to display the selected output without any Bluetooth permission requests.

Spotify Connect is likely why they need a permission request... but the question for me is why they need it on app startup and not a one-time request when starting the Connect pairing process. Good security procedures would have the app requesting as few permissions as possible, for the shortest amount of time.

Again, all I can point to are the instances where I was playing music via Spotify on my Alexa devices and thanks to Spotify connect when I connect my headphones, Spotify starts playing automatically on my headphones. The downside is that occasionally Overcast stops playing because Spotify wants so much to take over and start playing. But it’s hard to say if that’s an iOS beta thing. Similarly, the app still ships for iOS 12 right now, it’s possible the iOS 13 version of the app will have a clearer explanation for the use of Bluetooth.

That's what I asked when iOS 13 asked me if I would like to give permisson to the official CNN app use Bluetooth. Yep, apparently CNN was doing something with my Bluetooth but I had no idea until iOS 13.

But other than that Bluetooth access had legit use cases, like the app I use to control my Bluetooth bulb. There are plenty of devices and accessories that use Bluetooth to communicate with the iPhone, therefore Apple provides means to access Bluetooth.

iOS dev here. Applications do not have access to this kind of info. The CoreBluetooth API generates UUIDs for the Bluetooth devices in an attempt to anonymise them. Many manufacturers workaround this by including the MAC Address on the manufacturer data structure when it's imperative that an application knows exactly which bluetooth device it's talking to.

IIRC, some applications use Bluetooth to access beacons, and these beacons in turn can be used for precise location (for example, indoors).

If by ID you mean BSSID, they don't have access to that.

PSA for People here who are privacy conscious - don't forget to completely turn off Background App Refresh in iOS. For all the talk about privacy, this is my biggest gripe at the moment with iOS that this setting is hidden so well in the Settings app. So many apps send needless information when you don't even use them!

I have a pet paranoia that when apps have both Background App Refresh feature as well as Photos access - well when the phone's connected to WiFi and charging (both of which can be detected by the app) - what's to stop apps from happily uploading everything? I'd be really happy to hear from someone that this isn't actually possible tbh.

Do you know if disabling it affects messaging apps like WhatsApp?

Never in any messaging apps that I had. Notifications and the ability to wake your device and do work on the background are separate services and they don't affect each other.

You will not miss any notifications if you disable Background App Refresh.

I haven't seen any problems. I get my notifications just fine. I think APNS (and the related OS services) operate separately from Background App Refresh? Maybe WhatsApp can use it for some sort of good purpose, but it's not core to my experience so no need to take the risk :D

When you tell an app you explicitly don’t want to share your location with it and they do something like this, how can you say that is anything other than a gross breach of trust? Someone deserves jail time.

This also says so much about the culture at Facebook. They clearly don’t have any respect for their users, principles, or limits. I’d personally think twice about hiring someone from Facebook.

I was under the impression that any time an app allows you to play media and send it to audio devices (including Bluetooth and AirPlay), iOS 13 gives a scary prompt like this. I've been using the public beta and for this reason I have granted the permission to YouTube (while hoping I am right and they are not abusing the permission).

Does anyone know for a fact what Facebook is doing with Bluetooth permissions? Am I right in my understanding of how innocent usage for media playback can trigger this prompt?

How can facebook be in the business of Dating without a bias? If their outcome variable is time on the site, then real lifelong connections actually put that in jeopardy.

Couldn’t that argument apply to all dating sites? Tinder was doing good enough that they got bought.

One thing I found find suspect in iOS 13 is Apple automatically enables collection of data of your usage of 3rd party apps. Any idea what this is for?

Can't address authoritatively, but speculatively, there is reason to believe they would use device telemetry to check their platform exposure to malware.

It's a blanket excuse to say "security," but the only viable malware detection works by inventorying telemetry off-device, as on-device can be detected instrumented around by any advanced attacker.

Doesn't it ask you during the setup process whether you'd like to share analytics and usage data?

There is a per app sharing option. So perhaps they added granularity to what usage data sharing to exclude sensitive applications.

> “We’ll continue to make it easier for you to control how and when you share your location.”

Technically, that's true. The choice between “yes, always” and “yes, always” is as easy as it gets, while of course also being totally misleading in arrogating that users actually do have a choice.

If the _app_ gives you the choice

> between “yes, always” and “yes, always”

because they deliberately left out a viable option of “yes, only when in use in the foreground” then I’d say the app developers are hostile and you should consider uninstalling the app.

But this isn’t really on Apple. It’s the developers, managers, stakeholders who deserve your ire.

The quote at the start of my comment was the article quoting Facebook, not Apple. I neglected to make that unmistakable for commenters who haven't actually read the article.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact