A new mysterious location permission option has been added in iOS 18.2:
Privacy & Security ➡️ Location Services ➡️ System Services ➡️ "In-App Web Browsing"
It's on by default. Still figuring out what it's for 🤔
[#]Apple #Privacy #iOS
=> More informations about this toot | View the thread
We realized this behavior first on a device running #iOS 18.3. Surprisingly, devices running iOS 18.1.1 and 18.2.1 also showed the new behavior.
iOS still doesn't provide an option to disable downloading the icons, which is the best way to tackle this issue.
[#]Apple
=> More informations about this toot | View the thread
The Passwords app now categorizes the network requests to download the icons as "websites visited in app" and this way the number of requests sent isn't included in the main count in the #privacy report.
This new categorization makes the requests less visible to privacy-conscious as the app won't show spikes of 130+ requests as we demonstrated before in iOS 18 and iOS 18.2. However the app is clearly making those requests directly as shown in the network traffic.
[#]privacy #Apple #iOS
=> View attached media | View attached media | View attached media | View attached media
=> More informations about this toot | View the thread
Printers add a nearly invisible watermark on every page that uniquely identifies the printer, which makes it possible to trace back any page to a specific printer.
I’ve always wondered: Do smartphones do something similar with photos? Can we find out?
https://en.m.wikipedia.org/wiki/Printer_tracking_dots
=> More informations about this toot | View the thread
This settlement serves as a great reminder for iPhone users to carefully consider the privacy risks before enabling Apple Intelligence.
[#]Apple #iPhone #AI #privacy
https://www.reuters.com/legal/apple-pay-95-million-settle-siri-privacy-lawsuit-2025-01-02/
=> More informations about this toot | View the thread
It still doesn't sound right that a password manager app communicates with 130 different websites (for downloading icons). That's more than X on my device 🤯. Thanks to our report, all these connections now use HTTPS, but 130....😩
[#]Apple #iOS
=> More informations about this toot | View the thread
After reaching out to Apple’s Privacy Team in the EU on January 17, 2024, we received a response today regarding keyboard data synced with iCloud. Key points:
👉 The data is end-to-end encrypted
👉 Users cannot delete or reset this data unless they delete their Apple account
[#]iOS #security #iPhone #infosec #Apple #cybersecurity https://mastodon.social/@mysk/111771426942785879
=> More informations about this toot | View the thread
We’ve been a little quiet recently, and not just because it’s the holiday season 🎄❄️
Over the last several months we’ve been working on a brand new privacy-focused app for iOS. We plan on launching this app soon and we can’t wait to share more details with you.
=> More informations about this toot | View the thread
The severity level of this bug is critical, 9.8 out of 10. Upgrade your devices.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2024-54492&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=CISA-ADP
[#]iOS #iPhone #security #infosec #Apple #cybersecurity
https://mastodon.social/@mysk/113636630798700926
=> More informations about this toot | View the thread
Since iOS 18 launched, the new Passwords app has been using unencrypted HTTP to download icons for password entries—a serious #security risk. We reported this bug to #Apple in September, and it’s finally fixed in #iOS 18.2 (CVE-2024-54492).
The bug also impacts iPadOS and #macOS
Why does this matter? Watch 🎬 :
[#]cybersecurity #privacy #infosec
https://youtu.be/1vr2e6YeNuc
=> More informations about this toot | View the thread
iOS 18.2 doesn't let you delete the App Store app if it's the only installed marketplace app on the iPhone. Does this restriction make sense?
=> More informations about this toot | View the thread
The App Store website supports mobile browsers as shown in this screenshot taken from an Android device:
#Apple #privacy #Apple #DMA
=> More informations about this toot | View the thread
If you delete the App Store app hoping that you'd force iOS to open App Store links in the browser, you're mistaken. iOS will refuse to open the links in your browser and prompts you to restore the App Store app first. As of iOS 18.2, iPhone users can't view iOS apps without sharing identifiable analytics with #Apple.
Side notes: Deleting the App Store app is a new feature in iOS 18.2 only available to EU users. The App Store website supports Android mobile browsers
[#]privacy #Apple #DMA
=> More informations about this toot | View the thread
In iOS 18.2, EU users will be able to delete the App Store app. You get a warning message before deleting the app. You can re-install the app from the Settings app. A similar but shorter warning message is also shown when deleting an alternative marketplace app.
[#]iOS #DMA #EU #iPhone #iOS18
=> View attached media | View attached media | View attached media
=> More informations about this toot | View the thread
Data is sent to Apple in near real-time (the difference between the Event Time and the Post Time).
There is no way you can opt out of sending such app Analytics to Apple or request it be anonymous. Visit https://privacy.apple.com and request a copy of your data to learn what identifiable data Apple collects about you. ✌️
#Apple #Privacy #infosec #privacymatters
=> More informations about this toot | View the thread
This is an example of what the App Store app shares with #Apple when you search for an app. Everything you type in the search field is recorded as an event and associated with your Apple ID before it is sent to Apple. When I search for "Google Authenticator," events are recorded as I type character by character. The leap between rows 78 and 79 is when I picked a suggestion. The timestamp of every event is recorded, i.e. Apple can calculate my typing speed 🙃.
[#]Privacy
[#]infosec #privacymatters
=> View attached media | View attached media | View attached media | View attached media
=> More informations about this toot | View the thread
This is the code that lets Signal show the contacts prompt:
https://github.com/signalapp/Signal-iOS/blob/be39fb767964b1cffed2e391e315026aab93d317/SignalServiceKit/Megaphones/ExperienceUpgradeManifest.swift#L573C1-L576C6
#iOS18 #Privacy #infosec #Security #privacymatters #iOS
=> More informations about this toot | View the thread
Sorry Signal and WhatsApp, you're not getting full access to my contacts. Stop begging. Be grateful you have access to a dummy contact.
Both apps now check for the new #iOS18 authorization status "limited" and complain if the user authorizes access to some contacts only.
[#]Privacy #infosec #Security #privacymatters #iOS
=> View attached media | View attached media | View attached media | View attached media
=> More informations about this toot | View the thread
A little coffee accident.
=> More informations about this toot | View the thread
Microsoft Defender marks emails from Microsoft as spam. Good job!
=> More informations about this toot | View the thread
=> This profile with reblog | Go to mysk@mastodon.social account This content has been proxied by September (ba2dc).Proxy Information
text/gemini
