Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Apple privacy enforcement of apps using device fingerprinting SDKs
4 views
Skip to first unread message
Mayayana
Apr 2, 2021, 10:40:17 AM4/2/21
to
Apple started rejecting apps today failing the new privacy rules which
Forbes said will affect over 50,000 apps by iOS 14.5 release date.
Some app developers with device fingerprinting (collecting large amounts
of data about the device) thought it was an April Fools joke when they were
told by Apple today "Your app uses algorithmically converted device and
usage data to create a unique identifier in order to track the user" as the
reason for rejection.
A measurement company might, for instance, collect data on software
version, time since last system update, time since last restart, location,
time zone, and even innocuous things like battery status, charging level,
and amount of disk space.
https://www.forbes.com/sites/johnkoetsier/2021/04/01/apple-rejecting-apps-with-fingerprinting-enabled-as-ios-14-privacy-enforcement-starts/
Apple wrote "The device information collected by your app may include some
of the following: NSLocaleAlternateQuotationBeginDelimiterKey, NSTimeZone,
NSLocaleGroupingSeparator, NSLocaleDecimalSeparator..."
Many of these rejected apps used Adjust SDKs for mobile measurement all of
which are affected by the Apple rejection letters as Adjust SDKs are used in
about 18% of the apps on the App Store (11% of those on Google Play).
https://github.com/adjust/ios_sdk/commit/8790a5300d00a11b8f51c7cc66c94165ac656f8c
Forbes said will affect over 50,000 apps by iOS 14.5 release date.
Some app developers with device fingerprinting (collecting large amounts
of data about the device) thought it was an April Fools joke when they were
told by Apple today "Your app uses algorithmically converted device and
usage data to create a unique identifier in order to track the user" as the
reason for rejection.
A measurement company might, for instance, collect data on software
version, time since last system update, time since last restart, location,
time zone, and even innocuous things like battery status, charging level,
and amount of disk space.
https://www.forbes.com/sites/johnkoetsier/2021/04/01/apple-rejecting-apps-with-fingerprinting-enabled-as-ios-14-privacy-enforcement-starts/
Apple wrote "The device information collected by your app may include some
of the following: NSLocaleAlternateQuotationBeginDelimiterKey, NSTimeZone,
NSLocaleGroupingSeparator, NSLocaleDecimalSeparator..."
Many of these rejected apps used Adjust SDKs for mobile measurement all of
which are affected by the Apple rejection letters as Adjust SDKs are used in
about 18% of the apps on the App Store (11% of those on Google Play).
https://github.com/adjust/ios_sdk/commit/8790a5300d00a11b8f51c7cc66c94165ac656f8c
Lewis
Apr 2, 2021, 11:14:28 AM4/2/21
to
In message <s47acd$d14$1...@dont-email.me> Mayayana <maya...@invalid.nospam> wrote:
> A measurement company might, for instance, collect data on software
> version, time since last system update, time since last restart, location,
> time zone, and even innocuous things like battery status, charging level,
> and amount of disk space.
"innocuous: is a bullshit weasel word. All of this data is designed to
> A measurement company might, for instance, collect data on software
> version, time since last system update, time since last restart, location,
> time zone, and even innocuous things like battery status, charging level,
> and amount of disk space.
fingerprint the user, and users are very happy that these sleazeballs
are getting beaten with a clue bat.
> Many of these rejected apps used Adjust SDKs for mobile measurement all of
> which are affected by the Apple rejection letters as Adjust SDKs are used in
> about 18% of the apps on the App Store (11% of those on Google Play).
--
he'd moved like music, like someone dancing to a rhythm inside his
head. And his face for a moment in the moonlight was the skull of
an angel...
JF Mezei
Apr 2, 2021, 4:53:04 PM4/2/21
to
On 2021-04-02 10:40, Mayayana wrote:
> Apple started rejecting apps today failing the new privacy rules which
> Forbes said will affect over 50,000 apps by iOS 14.5 release date.
>
> Some app developers with device fingerprinting (collecting large amounts
> of data about the device) thought it was an April Fools joke when they were
TouchID data is encrypted between the button itself and secure enclave.
> Apple started rejecting apps today failing the new privacy rules which
> Forbes said will affect over 50,000 apps by iOS 14.5 release date.
>
> Some app developers with device fingerprinting (collecting large amounts
> of data about the device) thought it was an April Fools joke when they were
Only the secure enclare has the keys to decrypt the data.
No application, not even kernel mode IOS code has access to the data
because the CPU only processes encrypted data and has no access to the
decryption keys. All the CPU does is receiove in the the Touch ID cable
and pass it to the sencure enclave.
The IOS guide to security provides a very good description of this.
FaceID is different because the data from the sensors can be used by app
(such as the one that produces the poop emoji that animates based on
your facial expression).
nospam
Apr 2, 2021, 5:04:12 PM4/2/21
to
In article <PuL9I.229049$ic4.1...@fx47.iad>, JF Mezei
> FaceID is different because the data from the sensors can be used by app
> (such as the one that produces the poop emoji that animates based on
> your facial expression).
you are confusing a depth map with face id data.
apps can get a depth map.
apps *cannot* get facial recognition data.
<jfmezei...@vaxination.ca> wrote:
> On 2021-04-02 10:40, Mayayana wrote:
> > Apple started rejecting apps today failing the new privacy rules which
> > Forbes said will affect over 50,000 apps by iOS 14.5 release date.
> >
> > Some app developers with device fingerprinting (collecting large amounts
> > of data about the device) thought it was an April Fools joke when they were
>
>
> TouchID data is encrypted between the button itself and secure enclave.
> Only the secure enclare has the keys to decrypt the data.
>
> No application, not even kernel mode IOS code has access to the data
> because the CPU only processes encrypted data and has no access to the
> decryption keys. All the CPU does is receiove in the the Touch ID cable
> and pass it to the sencure enclave.
>
> The IOS guide to security provides a very good description of this.
maybe you should read it.
> On 2021-04-02 10:40, Mayayana wrote:
> > Apple started rejecting apps today failing the new privacy rules which
> > Forbes said will affect over 50,000 apps by iOS 14.5 release date.
> >
> > Some app developers with device fingerprinting (collecting large amounts
> > of data about the device) thought it was an April Fools joke when they were
>
>
> TouchID data is encrypted between the button itself and secure enclave.
> Only the secure enclare has the keys to decrypt the data.
>
> No application, not even kernel mode IOS code has access to the data
> because the CPU only processes encrypted data and has no access to the
> decryption keys. All the CPU does is receiove in the the Touch ID cable
> and pass it to the sencure enclave.
>
> The IOS guide to security provides a very good description of this.
> FaceID is different because the data from the sensors can be used by app
> (such as the one that produces the poop emoji that animates based on
> your facial expression).
apps can get a depth map.
apps *cannot* get facial recognition data.
Rod Speed
Apr 2, 2021, 5:49:15 PM4/2/21
to
"JF Mezei" <jfmezei...@vaxination.ca> wrote in message
news:PuL9I.229049$ic4.1...@fx47.iad...
> On 2021-04-02 10:40, Mayayana wrote:
>> Apple started rejecting apps today failing the new privacy rules which
>> Forbes said will affect over 50,000 apps by iOS 14.5 release date.
>>
>> Some app developers with device fingerprinting (collecting large
>> amounts
>> of data about the device) thought it was an April Fools joke when they
>> were
>
>
> TouchID data is encrypted between the button itself and secure enclave.
> Only the secure enclare has the keys to decrypt the data.
>
> No application, not even kernel mode IOS code has access to the data
> because the CPU only processes encrypted data and has no access to the
> decryption keys. All the CPU does is receiove in the the Touch ID cable
> and pass it to the sencure enclave.
>
> The IOS guide to security provides a very good description of this.
Device fingerprinting isnt about the touch ID fingerprint,
>> Apple started rejecting apps today failing the new privacy rules which
>> Forbes said will affect over 50,000 apps by iOS 14.5 release date.
>>
>> Some app developers with device fingerprinting (collecting large
>> amounts
>> of data about the device) thought it was an April Fools joke when they
>> were
>
>
> TouchID data is encrypted between the button itself and secure enclave.
> Only the secure enclare has the keys to decrypt the data.
>
> No application, not even kernel mode IOS code has access to the data
> because the CPU only processes encrypted data and has no access to the
> decryption keys. All the CPU does is receiove in the the Touch ID cable
> and pass it to the sencure enclave.
>
> The IOS guide to security provides a very good description of this.
its working out the fingerprint of the device, not the owner.
Joerg Lorenz
Apr 2, 2021, 5:52:38 PM4/2/21
to
Am 02.04.21 um 16:40 schrieb Mayayana:
posting and links. The new policy by Apple seems to be a real game
changer as far as privacy of users is concerned.
> A measurement company might, for instance, collect data on software
> version, time since last system update, time since last restart, location,
> time zone, and even innocuous things like battery status, charging level,
> and amount of disk space.
> https://www.forbes.com/sites/johnkoetsier/2021/04/01/apple-rejecting-apps-with-fingerprinting-enabled-as-ios-14-privacy-enforcement-starts/
>
> Apple wrote "The device information collected by your app may include some
> of the following: NSLocaleAlternateQuotationBeginDelimiterKey, NSTimeZone,
> NSLocaleGroupingSeparator, NSLocaleDecimalSeparator..."
>
> Many of these rejected apps used Adjust SDKs for mobile measurement all of
> which are affected by the Apple rejection letters as Adjust SDKs are used in
> about 18% of the apps on the App Store (11% of those on Google Play).
> https://github.com/adjust/ios_sdk/commit/8790a5300d00a11b8f51c7cc66c94165ac656f8c
I guess more to follow.
> Apple started rejecting apps today failing the new privacy rules which
> Forbes said will affect over 50,000 apps by iOS 14.5 release date.
>
> Some app developers with device fingerprinting (collecting large amounts
> of data about the device) thought it was an April Fools joke when they were
> told by Apple today "Your app uses algorithmically converted device and
> usage data to create a unique identifier in order to track the user" as the
> reason for rejection.
Thank you for this very interesting and in my opinion very important
> Forbes said will affect over 50,000 apps by iOS 14.5 release date.
>
> Some app developers with device fingerprinting (collecting large amounts
> of data about the device) thought it was an April Fools joke when they were
> told by Apple today "Your app uses algorithmically converted device and
> usage data to create a unique identifier in order to track the user" as the
> reason for rejection.
posting and links. The new policy by Apple seems to be a real game
changer as far as privacy of users is concerned.
> A measurement company might, for instance, collect data on software
> version, time since last system update, time since last restart, location,
> time zone, and even innocuous things like battery status, charging level,
> and amount of disk space.
> https://www.forbes.com/sites/johnkoetsier/2021/04/01/apple-rejecting-apps-with-fingerprinting-enabled-as-ios-14-privacy-enforcement-starts/
>
> Apple wrote "The device information collected by your app may include some
> of the following: NSLocaleAlternateQuotationBeginDelimiterKey, NSTimeZone,
> NSLocaleGroupingSeparator, NSLocaleDecimalSeparator..."
>
> Many of these rejected apps used Adjust SDKs for mobile measurement all of
> which are affected by the Apple rejection letters as Adjust SDKs are used in
> about 18% of the apps on the App Store (11% of those on Google Play).
> https://github.com/adjust/ios_sdk/commit/8790a5300d00a11b8f51c7cc66c94165ac656f8c
Joerg Lorenz
Apr 2, 2021, 5:54:28 PM4/2/21
to
Am 02.04.21 um 22:53 schrieb JF Mezei:
thing.
> On 2021-04-02 10:40, Mayayana wrote:
>> Apple started rejecting apps today failing the new privacy rules which
>> Forbes said will affect over 50,000 apps by iOS 14.5 release date.
>>
>> Some app developers with device fingerprinting (collecting large amounts
>> of data about the device) thought it was an April Fools joke when they were
>
>
> TouchID data is encrypted between the button itself and secure enclave.
> Only the secure enclare has the keys to decrypt the data.
Here *device fingerprinting* is meant and thats a completely different
>> Apple started rejecting apps today failing the new privacy rules which
>> Forbes said will affect over 50,000 apps by iOS 14.5 release date.
>>
>> Some app developers with device fingerprinting (collecting large amounts
>> of data about the device) thought it was an April Fools joke when they were
>
>
> TouchID data is encrypted between the button itself and secure enclave.
> Only the secure enclare has the keys to decrypt the data.
thing.
Lewis
Apr 2, 2021, 7:26:21 PM4/2/21
to
In message <PuL9I.229049$ic4.1...@fx47.iad> JF Mezei <jfmezei...@vaxination.ca> wrote:
> On 2021-04-02 10:40, Mayayana wrote:
>> Apple started rejecting apps today failing the new privacy rules which
>> Forbes said will affect over 50,000 apps by iOS 14.5 release date.
>>
>> Some app developers with device fingerprinting (collecting large amounts
>> of data about the device) thought it was an April Fools joke when they were
> TouchID data is encrypted between the button itself and secure enclave.
> Only the secure enclare has the keys to decrypt the data.
Good grief, you are stupid.
> On 2021-04-02 10:40, Mayayana wrote:
>> Apple started rejecting apps today failing the new privacy rules which
>> Forbes said will affect over 50,000 apps by iOS 14.5 release date.
>>
>> Some app developers with device fingerprinting (collecting large amounts
>> of data about the device) thought it was an April Fools joke when they were
> TouchID data is encrypted between the button itself and secure enclave.
> Only the secure enclare has the keys to decrypt the data.
This has nothing NOTHING to do with the fingerprint sensor, you numpty
fool.
> FaceID is different because the data from the sensors can be used by app
> (such as the one that produces the poop emoji that animates based on
> your facial expression).
100% exactly wrong, as usual.
--
"Are you pondering what I'm pondering?"
"I think so, Brain, but I don't think Kaye Ballard's in the union."
JF Mezei
Apr 3, 2021, 4:33:05 PM4/3/21
to
On 2021-04-02 17:04, nospam wrote:
> you are confusing a depth map with face id data.
>
> apps can get a depth map.
>
> apps *cannot* get facial recognition data.
With TouchID, apps, even kernel level code cannot process TouchID data
> you are confusing a depth map with face id data.
>
> apps can get a depth map.
>
> apps *cannot* get facial recognition data.
because it is encrypted by the button itself with the decryption kety
known only to secure enclave.
With FaceID, the sensor data is usable by applications via APIs. (to
enable useful features such as animating the poop emoji to follow face
movements.
With TouchID, there is a hardware firewall since the button itself has
the chip to encrypt the data stream that flows from ribbon cable to
motherboard to CPU and to secure enclave.
With FaceID, the protections are more software based because the data
from sensors needs to be available to the CPU to animate the poop emoji.
This starts to matter when you're the NSA trying to unlock a phone and
using tools to inject a face map of the owner of phone you want to open.
JF Mezei
Apr 3, 2021, 4:34:19 PM4/3/21
to
On 2021-04-02 17:54, Joerg Lorenz wrote:
> Here *device fingerprinting* is meant and thats a completely different
> thing.
Sorry about that. I thought I had seen references to FaceID and
> Here *device fingerprinting* is meant and thats a completely different
> thing.
fingerprintint and though it was about those.
nospam
Apr 3, 2021, 5:05:30 PM4/3/21
to
In article <4i4aI.269490$ic4.2...@fx47.iad>, JF Mezei
with facial recognition data that can unlock the device.
apps can get a depth map, which poses *no* security risk.
apps *cannot* get facial recognition data, nor can it be spoofed.
> With TouchID, there is a hardware firewall since the button itself has
> the chip to encrypt the data stream that flows from ribbon cable to
> motherboard to CPU and to secure enclave.
true, and they must be cryptographically paired to guarantee a secure
path.
> With FaceID, the protections are more software based because the data
> from sensors needs to be available to the CPU to animate the poop emoji.
false.
> This starts to matter when you're the NSA trying to unlock a phone and
> using tools to inject a face map of the owner of phone you want to open.
it doesn't matter since it's impossible by design, for both a face or
fingerprint.
<jfmezei...@vaxination.ca> wrote:
> > you are confusing a depth map with face id data.
> >
> > apps can get a depth map.
> >
> > apps *cannot* get facial recognition data.
>
>
> With TouchID, apps, even kernel level code cannot process TouchID data
> because it is encrypted by the button itself with the decryption kety
> known only to secure enclave.
>
> With FaceID, the sensor data is usable by applications via APIs. (to
> enable useful features such as animating the poop emoji to follow face
> movements.
like i said, you're confusing a depth map to track facial expressions
> > you are confusing a depth map with face id data.
> >
> > apps can get a depth map.
> >
> > apps *cannot* get facial recognition data.
>
>
> With TouchID, apps, even kernel level code cannot process TouchID data
> because it is encrypted by the button itself with the decryption kety
> known only to secure enclave.
>
> With FaceID, the sensor data is usable by applications via APIs. (to
> enable useful features such as animating the poop emoji to follow face
> movements.
with facial recognition data that can unlock the device.
apps can get a depth map, which poses *no* security risk.
apps *cannot* get facial recognition data, nor can it be spoofed.
> With TouchID, there is a hardware firewall since the button itself has
> the chip to encrypt the data stream that flows from ribbon cable to
> motherboard to CPU and to secure enclave.
path.
> With FaceID, the protections are more software based because the data
> from sensors needs to be available to the CPU to animate the poop emoji.
> This starts to matter when you're the NSA trying to unlock a phone and
> using tools to inject a face map of the owner of phone you want to open.
fingerprint.
Lewis
Apr 3, 2021, 5:48:13 PM4/3/21
to
In message <4i4aI.269490$ic4.2...@fx47.iad> JF Mezei <jfmezei...@vaxination.ca> wrote:
> With FaceID, the sensor data is usable by applications via APIs. (to
> enable useful features such as animating the poop emoji to follow face
> movements.
You are 100% wrong, again. THIS IS NOT TRUE. AT ALL.
> With FaceID, the sensor data is usable by applications via APIs. (to
> enable useful features such as animating the poop emoji to follow face
> movements.
> With FaceID, the protections are more software based because the data
> from sensors needs to be available to the CPU to animate the poop emoji.
> This starts to matter when you're the NSA trying to unlock a phone and
> using tools to inject a face map of the owner of phone you want to open.
--
Well, I've wrestled with reality for 35 years, Doctor, and I'm happy
to state I finally won out over it.
0 new messages