Skip to main content

Security experts just found two giant smartphone privacy issues

The Apple iPhone 15 Pro Max's camera module.
Apple iPhone 15 Pro Max Andy Boxall / Digital Trends

This has been quite a stunning week in regard to the privacy and security of smartphone users. Specifically, two investigations have revealed troubling privacy concerns around smartphone advertising and iOS’ notification system.

The first, a deep investigation by 404 Media, uncovered a company called Patternz is weaponizing the ad delivery system on smartphones to extract information through apps and then send it to bidders.

The report described Patternz as “a secretive spy tool that can track billions of phone profiles through the advertising industry.” Patternz uses a pipeline in popular apps like 9Gag and a bunch of popular caller ID apps to do its nefarious jobs. Patternz reportedly told its clients that it can monitor virtually any app that is capable of running ads.

The company’s CEO says once the tool, which covers over half a million apps, is deployed, the phone turns into a “de facto tracking bracelet.” According to a damning research paper, it profiles over a staggering 5 billion users and hawks the information to clients using the real-time bidding (RTB) market. Whether you have an iPhone or an Android phone, this is something that can affect you.

ISA, the surveillance company behind Patternz, collects this data from RTB players like Google and X, formerly known as Twitter. The dataset it sells can include anything from a highly specific location of a person that’s accurate within meters to a history of their movement pattern and even who they are meeting.

A massive surveillance net

Illustration of people standing on a phone's screen
Generated using Dall-E 2 / Digital Trends

The very existence of such tools also brings into question the efficiency of Apple’s heavily marketed App Tracking Transparency feature, which aims to curtail such ad-enabled tracking.

Cybersecurity experts say such tools enable government surveillance, and the likes of ISA are already advertising their services to national security agencies. That’s no coincidence.

The head of the National Security Agency has acknowledged that the NSA purchases web-browsing data of Americans from data brokers, bypassing the need for warrants.

The bombshell confirmation came after Senator Ron Wyden (D-OR) put a hold on the nomination of the NSA’s incoming director, Timothy Haugh, and demanded answers about the agency’s practices in collecting Americans’ location and internet data.

Wyden, who has been attempting for three years to reveal that the NSA buys Americans’ internet records, received a letter on December 11 from current NSA Director Paul Nakasone confirming these purchases. Reuters first reported the letter’s details.

Notifications can be nefarious

Ivory app notification tab
Christine Romero-Chan / Digital Trends

But ads are just one-half of the problem. Another investigation by Mysk revealed that bad actors are exploiting the push notifications on iPhones to collect crucial data for diagnostics and customized data delivery.

Whenever an app gets a push notification, iOS briefly wakes it up, giving it a short window to personalize the notification before showing it to the user. Not shockingly, various social apps, infamous for their invasive data collection habits, are exploiting this background runtime provided by push notifications.

Developers can cleverly use this loophole to execute code in the background whenever they want, simply by sending push notifications. Numerous apps are using this function to covertly send comprehensive device data while operating in the background, effectively running a system for fingerprinting devices.

#Privacy: Facebook, TikTok, and Other Apps Use Push Notifications to Send Data about Your iPhone

“The frequency at which many apps send device information after being triggered by a notification is mind-blowing,” says the security firm. This investigation has unearthed suspicious behavior even from massively popular platforms such as Facebook, TikTok, and LinkedIn.

What do experts have to say?

Illustration of a woman looking through a phone
Generated using Dall-E 2 / Digital Trends

The only solution to this problem? Disabling notifications.

“More recently, adversaries look to be using notification pop-ups and ads that may induce the victim into installing spyware onto their devices,” Jon Clay, VP of Threat Intelligence at global cybersecurity firm Trend Micro, tells Digital Trends.

So, what can an average person do to avoid such illicit surveillance, which can transmit identifying details such as location and local data? “Many people have been led to believe mobile devices are secure by themselves,” Clay says, noting that installing ad-blockers may offer some form of safety net or dedicated security apps.

What happens on your iPhone does not stay on your iPhone.

“Attacks of this nature are quite insidious and extremely alarming,” says Alan Bavosa, vice president of security products at Appdome. He notes that users are typically in a defenseless position in the face of such attacks since they aren’t aware of what’s happening on their devices in the first place.

“There are small things that users can do not to make matters worse, like downloading apps from standard app stores and not changing (jailbreaking or rooting) their devices,” Bavosa tells us. “But these measures are additive, not curative.”

A person holding the Apple iPhone 15 Plus and Apple iPhone 15 Pro Max.
Apple iPhone 15 Pro Max (left) and Apple iPhone 15 Plus Andy Boxall / Digital Trends

Unfortunately, it seems the onus ultimately falls on the user, and that, too, is a preventive measure. A common suggestion from cybersecurity experts is to manually dig into the settings app and disable notification apps for certain apps and maybe to device sensors as well.

“Some Adware and Spyware may be published by bad actors in the official marketplaces under look of a legitimate app,” says Shawn Loveland, chief operating officer at Resecurity. “It is recommended not to install random apps or apps you don’t really need.”

Even though bad actors have found workarounds, asking apps not to track user activity on your iPhone is a prudent step. “It’s a good idea to periodically check the permissions of apps, particularly those related to location and microphone access, and to disable any that aren’t necessary,” suggests John Chapman, co-founder of security firm MSP Blueshift.

Some reprieve will arrive later this year as Apple prepares to ask developers to explicitly explain why they need to access push notifications and the related diagnostic systems on iPhones. It’s not going to fix all the problems in one go, but it’s at least a decent start.

Nadeem Sarwar
Nadeem is a tech journalist who started reading about cool smartphone tech out of curiosity and soon started writing…
iOS 18 is official. Here’s how it’s going to change your iPhone forever
Screenshots of new features in iOS 18.

It’s been a long time coming, but it’s finally here: iOS 18 has just been announced at Apple’s Worldwide Developers Conference (WWDC) 2024 keynote. And, like the rumors have been saying, this is a very big, juicy update for your iPhone.

There's been a lot of anticipation for iOS 18. Rumors and leaks for the new update have been particularly intense this year, more so than iOS 17 rumors last year. So, was the hype worth it? Here's what's coming to your iPhone with iOS 18.
Home screen changes

Read more
Here’s how iOS 18 will make iMessage better than ever
Close-up photo of the Messages app on an iPhone.

We can't wait for Apple's Worldwide Developers Conference (WWDC 2024) keynote on Monday, June 10. During that event, Apple will undoubtedly introduce iOS 18 for iPhones, including the iPhone 15 Pro. The rumor mill has long suggested that iOS 18 may be a giant iPhone update.

Now, Bloomberg's Mark Gurman has given us a peek at what changes could be coming to iMessage in the upcoming software update.

Read more
AT&T just made it a lot easier to upgrade your phone
AT&T Storefront with logo.

Do you want to upgrade your phone more than once a year? What about three times a year? Are you on AT&T? If you answered yes to those questions, then AT&T’s new “Next Up Anytime” early upgrade program is made for you. With this add-on, you’ll be able to upgrade your phone three times a year for just $10 extra every month. It will be available starting July 16.

Currently, AT&T has its “Next Up” add-on, which has been available for the past several years. This program costs $6 extra per month and lets you upgrade by trading in your existing phone after at least half of it is paid off. But the new Next Up Anytime option gives you some more flexibility.

Read more