Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Flightradar24 on iOS knew my location without having access to it
1 point by f055 on June 10, 2020 | hide | past | favorite | 7 comments
Here’s what happened: I was driving nearby an airport with my iPhone connected to CarPlay. I received a push notification from Flightradar24 welcoming me to that airport. But Flightradar24 wasn’t opened, wasn’t in the background, wasn’t active, doesn’t have background app privileges (I’ve unset it manually months ago) and had location privileges set to “only while using”. Flightradar24 doesn’t have Bluetooth access but has Camera access. But again, it wasn’t opened nor in recently active apps. WTH?



It's entirely possible that a different app (that sells your location data) notified FlightRadar.


Turns out it's Apple itself that "sells" my data. Most likely because of I have Siri enabled with location access to "frequent places" or "important locations"... I'm quite disappointed. I thought this data wasn't shared with third parties, but as usual I didn't read the TOS/Privacy word by word...

- https://twitter.com/flightradar24/status/1109817945864179714... - https://twitter.com/flightradar24/status/1208949494315986944


Wow, did not expect that from Apple. Disappointing indeed!


Digging deeper it seems these notifications are a one-way street, so Flightradar24 app may not even know it was pushed. It seems like a local on-device notification. https://developer.apple.com/documentation/usernotifications/...


I’m on latest iOS version. Could they be using the contact tracing api in some malicious way?


Wifi hotspot SSID?


I thought about it, but how would this work exactly? I passed the airport on a highway, so I didn't connect to any wifi. Maybe my phone probed some access point, but still this would require the said point to send my phones identity to FR24 servers. Or maybe it was my cell provider? I pinged a cell base station nearby the airport, and this fact was registered and sent to a 3rd party, and FR24 has a subscription with that 3rd party monitoring users? But that'd be surveillance on another level. Thus my first guess is something happened on my phone, FR24 somehow came up with a solution to go around various privacy restrictions of iOS.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: