Apps are using "silent notifications" to track you after you uninstall them


#1

Originally published at: https://boingboing.net/2018/10/23/t-mobile-spotify-yelp.html


#2

I’ve deleted every app I can on my iPhone, even facetime.

Take that you slimy buggers!

sent from my iPhone


#3

This is one of those articles I really wish had actual technical information. I’m still not clear exactly how this is being used.


#4

Headline:

Article:

Sooooo…they don’t actually track you after you’ve uninstalled them… :-/


#5

Headline seems misleading. Isn’t this more a case of:

Apps are using “silent notifications” to track when you uninstall them?

That is, when the app no longer responds to their pings, they know you’ve uninstalled and proceed to spam you to reinstall.


#6

That’s my take away but maybe Cory is explaining it poorly? I mean Why would you need secret notifications from other apps? I mean if your app has any sort of serverside component wouldn’t you be able to do just that? assume that after x amount of time that the app is uninstalled? Frankly I don’t understand why apple or google wouldn’t have a hook to let you know that such and such user uninstalled x application so that you could you know perform some sort of clean up in your back end, maybe ensure some other user doesn’t hijack their account etc.


#7

I think this means you’ve got some other applications installed that link against one of these analytic services’ library. The service (which can then run in whatever apps have linked against the library) will periodically ask its server for a list of apps which it will then try to “ping” on the phone using whatever available IPC the platform supports, and reports back which apps are installed or not installed, in theory to allow an interested app developer to know how many installations they’ve got (this kind of app analytics, however, is available to Apple [and I presume Android/Chrome] app devs, so it seems kind of pointless).

Hopefully the data is anonymized.


#8

My impression is that the wonderful people in team ad tech are taking advantage of the fact that platform-provided notifications(I assume pushkit on iOS and data-type firebase messages on Android) get privileged handling: in order to keep app developers from trying to keep their program listening all the time(with the accompanying murder of RAM and battery) the vendors provide a mechanism for the platform-native notification mechanism to start the target app and pass it the incoming information to process.

A useful feature; but (along with some amount of store-and-forward for better robustness in the face of intermittent connections) makes targeting apps quite precisely(since the messaging mechanism needs to know who to wake up and pass them to) and with relatively accurate timing possible.

Not the world’s most harrowing attack; but not pleasant behavior; and considerably greater accuracy and reliability tna you would get by literally pinging the target or by relying on client side phone he capabilities.

Also, while visible notifications are generally something that can be toggled in settings; I’m not sure that push notifications get broken out into their own permission request; or ascribed to the app consuming them in data use summaries, which is handy for keeping what you are up to quiet


#9

I’m an old guy, so my take on these things is a little odd. Last year I was reading an article about how people had become addicted to their phones, and I came across a confusing reference to how notifications were causing people to look at their phones every few minutes. It took me a few seconds to remember that every time an app had sent a notification to my phone in the past, I’d reflexively disabled notifications for it. My phone gets my attention for two reasons only: someone is calling or someone has sent me a text. If any other app notifies me, I have 50/50 odds of disabling notifications for it or just uninstalling it.

I’m annoyed that companies are trying to monitor me by sending silent notifications to apps on my phone, but I’m fairly comfortable with the implied message they receive when the app doesn’t answer them. “I’m not interested” is what I’d tell them anyway.


#10

How old are you? I’m curious I’m old but if someone calls me on the phone? they better be over 65 years old, letting me know someone died, or someone who shares a bed with me. Talking on cell phones is the worst. hell talking on phones sucks period. I’ll do it to schedule an appointment with a business but other than that, just email/text me. A phone call just feels like someone’s selfish imposition on me.


#11

I make text arrangements to talk to people I haven’t chatted with in a while who are separated by distance. If someone I know just calls me out of the blue, I immediately assume it’s an emergency, or they’re at the grocery store, I haven’t responded to texts, and this is my last chance to let them know to buy me some Mike & Ikes.


#12

Out of all of the information that an app developer might obtain about me, whether or not I have uninstalled their app is probably the thing I worry about the least.

It’s useful in helping the developer make a better product and literally nothing else. Even my time zone is more valuable to third parties.


#13

We call this a Doctorow


#14

…so maybe there are advertisers who need a busybox like Cyanogen Mod was to make not worrying about how luche their bookings are the moral imperative; but the source as Bloomberg isn’t backing it up. Can the article have been stewing more than a day?


#15

they track if you still have the app installed, which means they track you while you have the app installed just to check if it’s still there. So they track irrespective of whether the app is there just to see what you have installed in your phone. They check for more than one app so you’ll probably be tracked even after you uninstall one of the apps being tracked.

This more than satisfies the headline.

I mean if you want to be pedantic about it, then no, they are checking on you after you’ve uninstalled them, maybe a few seconds or maybe a few minutes, but not during uninstall.


#16

This is the only plausible reason I can come up with, as well. The app can’t exactly ping you by IP address, because IP changes as often as you connect or disconnect to WiFi, or establish a new DHCP lease with the mobile network. There has to be some kind of local identity or agent reaching out to them letting their servers know where to find you.

Or maybe the article is incorrect in the technical details, and they determine you’ve uninstalled their app simply because their local agent stops phoning home and is no longer sending ‘keep-alive’ messages.


#17

This topic was automatically closed after 5 days. New replies are no longer allowed.