Hacker News

100% of users have legitimate reasons to block internet access for some apps.

If internet access wasn't granted by default, a lot more apps would function without it.

Many other apps wouldn't exist at all, because their only reason to exist is to spy on users.

The internet access permission should be implemented. Users of macOS are already accustomed to the local network access permission.

Even if it's not the most effective way to raise awareness, it does put pressure on developers to be explicit about the connectivity requirements with users. It would also be a great way to audit an app's local-first / offline-first claim without having to do a network packet capture.

Want telemetry? Send it through Apple and Google. Given Apple's late history and latest trends in Android development, I see them both favoring this approach.

Permission should be in the form of a capability, which need not end up on the built-in OS network capability. If an app insists on your car's steering wheel, you can be like "sure, kid, here's your Help Daddy Drive(TM)".

> Most apps do have a legitimate reason for accessing the internet

I just flat out think this is bullshit

This isn't effective because Little Snitch only sees the domains so apps can just serve the trackers on the same domain as essential services making blocking impossible.

The only way to prevent malicious apps from affecting your privacy is to not install them or not give them network access.

If I remember correctly iPhone apps used to use the devices SSL certificates so you as a user could install your own and man-in-the-middle the traffic to see what was being sent. AFAIK now the apps use certificate pinning.

Yes and it should work properly instead of making unwanted initial outbound connections (macOS firewalls are broken).

This exists already! You can see it by going to Settings > Privacy & Security and turning on the App Privacy Report at the bottom.

It’s not quite that detailed but iOS’s builtin “app privacy report” does give a fair amount of info, including a list of domains accessed.

Shocked to see iPhones sold in China are less defective by design on this one point, from another comment. It has surely reduced Genius Bar visits but it’s also harmed my privacy.

Crazy. So they're explicitly selling crippled devices to most of the world.

What? Why is this Chinese market only? This is exactly what I wanted. There are Apps I simply don't want them to touch internet.

It's nice to be able to toggle it (it's also possible to revoke this permission on GrapheneOS). However, it is imperfect, since apps within the same profile can still communicate through IPC, so if apps cooperate, network access can still be achieved. I would guess that Play Services is one of the larger offenders, since many apps communicate with Play Services and as far as I understand (but I may be mistaken) Play Services does work that involves internet access on behalf of other apps.

You could of course disable network access to Play Services, but at least for me that broke a bunch of apps or made them unreliable.

What AOSP ROMs need besides the network permission toggle is IPC scopes functionality, akin to storage scopes.

GrapheneOS not only has this permission, but it asks you every time you install an app.

Can confirm Graphene also has it

And you can limit which contacts you share with nosy app like WhatsApp, and give access to only specific scope of file folders. Horrifying to think all the years every app got everything it wanted and did not have to ask and couldn't be stopped (I had a rooted phone for firewall capability for a while )

See my comment upthread, it helps a bit, but does not close this hole since apps within the same profile can communicate through IPC, so other apps could provide network access on their behalf. I think the best example is probably Play Services, which provides functionality for a lot of apps and will communicate with Google, etc.

(Yes, you can disable network access to Play Services, but it sometimes breaks things and the general point of IPC as a hole still stands.)

Yeah it asks on app install if you want to grant network permissions. It's just a little checkbox. You can of course manage it afterwards in app settings or permissions manager.

They also added the sensors permission.

You don't need graphene for this, I've been able to do this on plain android for ages.

iOS lets you turn off data access (so outside of wifi) for apps as well, it's just not asked at install, which honestly makes sense given the demographics of iPhone users.

The attitude was never "don't give the user control", though. Until ios.

Fantastic work. I regret I can't use it, because this is exactly what I'm looking for for quite a while, but it seems to be an impossible task (I need it on android).

This. This is why everyone who wants to fingerprint and collect tons of data on end users pushes them hard on installing an app. The amount of valuable data is 10x what’s available in the browser

Cut your selection of apps and find/build privacy respecting alternatives for the remainder. Im trying to do this. Music is now locally hosted, Youtube is sorta kinda coming along. I've been working on reversing some of my more basic iOS apps to extract the data/endpoints they use and write my own apps. Fable really helped with this and Opus just does not cut the mustard. I hope it comes back. :/

The intended “protection” is the ToS, which requires apps to disclose what they are tracking and whether they perform cross-premise tracking.

These days many things don't work on browser. Even reddit is very difficult as we get constant nagging.

Maybe it’s derived

```Based on a binomial/Poisson distribution and a baseline of 21 million U.S. device sales per release, a fingerprint relying on "seconds since setup" fails to uniquely identify individuals. In the high-density Early Adopter phase, you will share your exact setup second with an average of 1.01 other people (a total matching pool of ~2 people). Six months into the cycle, you will still share that second with an average of 0.68 other people.```

In the U.S., device setup time (to the second) very conservatively gets you clubbed into a single group of 100 individuals as an "advanced persistent threat" tracker. Even compressing activations to "80/20 during business hours" the math kindof maxes out at a pool of ~5 people, and assuming worst case "20x" of that still means you're still pretty darned identifiable.

If you get ~6-8 more bits of entropy (eg: Device Type + Capacity is easily 2-3 bits, and Time Zone is probably another 2-3 bits) you're cooked!

Yes indeed, the limit is 50 which is of course enough to fully profile "regular people" who only have a handful of apps. Also don't forget, Meta/Google/TikTok/WhateverPalantir are updated weekly which means they can tweak their LSApplicationQueriesSchemes list and cover even more apps if they want to.

Info.plist

Why do you need a count for that? Couldn’t they just generate a UUID every time the clipboard changes?

Allowing an app to access the pasteboard without the user explicitly pasting into the app is weird to me. Maybe the thing I have in the pasteboard is not for this app but left over from use in another app. Since there's no easy way to clear the pasteboard, this will happen often. Maybe it's because I'm not an app dev that this doesn't make sense to me????

Would you elaborate on both points?

Any way to reset it as an end user? (Not enough awareness of the issue for search engines to find much.)

I think something like a per boot delta added to a (per app?) random base would preserve such functionality.

Apps on grapheneos can see a list of other apps in the same profile.

Loupe itself can see if you have tinder/bumble/hinge installed (verify for yourself: install tinder, then install loupe, don't give it any permissions, and it can tell if you have tinder installed or not). So the answer is: buy the data from any app your partner has installed! Or more easily, a data aggregator which will have already combined data from hundreds/thousands of apps.

So your partner only needs to have had 1 single app from the list that sells user data to a data aggregator for this to work. They do not need to have installed some special app.

Here's a random Slate article about apps getting your data and selling it to aggregators/brokers, who sell it to third-parties (you, or I, could be one of those third parties).

> How Shady Companies Guess Your Religion, Sexual Orientation, and Mental Health And sell that data to the highest bidder.

https://slate.com/technology/2023/04/data-broker-inference-p...

It already happens all the time. It even has a name.

https://en.wikipedia.org/wiki/Stalkerware

They don't, utilise the fact that every single iPhone app has access to what other apps are installed! - purchase that info from literally any iPhone app or aggregator that has it for that user. Curious how much this would cost to purhcase - a working credit card goes for $5-10 on the black market so 'apps installed on X's iphone' might be, like, 10c?

Ask any domestic abuser. Most of them seem to be successful at it.

https://www.npr.org/sections/alltechconsidered/2014/09/15/34...

It’s crazy to me that people are being so skeptical of the idea. A lot of people share their logins freely with their spouses. I have never done it nor would I condone it, but it would be trivial for me to install spyware on the devices of many people I know, because they rightfully trust me. Not only do I know some of their device passwords¹, being “the computer guy” I could just outright ask for it or get them to input it anywhere while fixing some issue they have.

¹ And many more I have forgotten, because I make it a point to not record them, even mentally.

Okay it's weird but the first thing that came to mind. Logic: if I can think of a monetisable, nefarious application in 10 seconds, then it stands to reason that very many nefarious applications would be possible with more time/effort.

It would be even better if app devs weren't pieces of shit making apps whose sole purpose is to gather all of this data to sell to other pieces of shits while skinning their app as a game or other app to trick users into thinking it's worth installing.

Fighting devs being able to make money in this manner is not dissimilar to getting made a drug dealers. As long as users want their product, they will sell the product.

if you think "desktop" operating systems aren't even worse on this, you're very mistaken

That’s not the problem though. The problem is that most apps are malware.

Just use the browser, it's fine 99% of the time.

Phones are quite useful.

> and decide to go past the “this was mostly built by AI” part

I got that feeling just seeing the title use "native" as a synonym of "not a website".

Probably a ton since macOS apps are literally distributed as .app bundles.

Google Chrome, VS Code, among others

And people want apps, believe it or not.

“Just don’t use it” only gets you so far and isn’t always an option. Also, as some have mentioned in this thread, many sites now make the mobile experience so painful (or remove key features) so as to force you onto the app.

I am against cars for the most part, but I can’t just get rid of my car. In this case, I can’t get rid of Slack (and other apps) because of work and unfortunately I do not work at a company that will buy me a work phone for work things.

Ultimately this has to start at a more root level. We need to claw back privacy.

Yes. Got my ps and ws mixed up. I was just reading about the Mt. Rushmore project (I was curious whether or not it was a WPA project -it wasn’t, officially).