Mysk🇨🇦🇩🇪Apr 21
Announcement: we are working on a new #privacy app for iOS that raises awareness about which device signals and data a native app can see once installed on the iPhone even without requesting any permission. The app is going to be free and open-source.
#Apple #iOS #infosec
Show threadMysk🇨🇦🇩🇪Apr 21
For example, there's an API that returns a global counter which increments every time you copy something to the clipboard in any app. In this early prototype, the count is 1349. All installed apps can silently read this value and potentially abuse it for fingerprinting.
Show threadMysk🇨🇦🇩🇪Apr 22

Yes, every app installed on your iPhone can see your local IP address if you're connected to a Wi-Fi. No permission is required for this and a VPN cannot prevent it.

Knowing the local IP address could for example allow an app to infer if you’re at home or visiting a friend if the two networks use different subnet values (e.g. 192.168.x.x and 10.0.x.x)

#privacy #infosec

Show threadMysk🇨🇦🇩🇪Apr 22
🤯 Every app installed on the iPhone can read the iPhone's storage volume creation timestamp (down to the second). No permission required. This value remains the same until the volume is erased. Yikes!!
The UUID seems to be the same for all devices.
Show threadKody  
@mysk Huh, maybe I missed something, but why are you censoring the creation timestamp? And not doing the same to the UUID if needed?
Apr 23 at 7:05amWeb