How Fingerprinting And Push Notification Exploit Bypass Apple's App Tracking Transparency

iPhone Apple unlock

In terms of developing software, some developers are smart. However, some other developers are even smarter.

Apple places a strong emphasis on security and privacy within its ecosystem. With end-to-end encryption, robust privacy settings, and frequent software updates, Apple devices provide a secure environment for users' data and personal information.

While the company designs security to the core, and that every Apple device combines hardware, software, and services designed to work together for maximum security and a transparent user experience, there can be holes yet to be exploited.

At least in term of tracking, advertisers have found new methods to spy on iPhone users.

The methods are so simple, but deliberately bypass Apple's security measures, including the App Tracking Transparency, which prevents advertisers from gleaning private information.

The first method is by device fingerprinting through ads bombardment.

Read: To Be Tracked Or Not? Starting IOS 14.5, Apple Gives Users The Choice

Apple has what it calls App Tracking Transparency, which was so effective at preventing advertisers harvesting data that it literally disrupted the industry.

This device fingerprinting method is more or less, advertisers' answer to Apple's App Tracking Transparency.

According to the researchers, as reported by 404 Media, ads from hundreds of thousands of apps have become "part of a global surveillance capability."

The surveillance was done using a tool named Patternz, which has a goal to "help national security agencies detect audience patterns and user behavior using digital advertising data mining and analytics."

The method works by exploiting a regular ad tool called real-time bidding.

Rather than directly tracking when an iPhone user clicks on an ad, the method involves companies collating large amounts of data and then spotting the patterns advertisers want to know.

By bidding against other advertisers to put ads in front of of certain demographic, for example, advertisers can be told how many of such demographic are there.

Not only that, because Patternz can also analyze bids using far more detailed searches, and as a result, advertisers can also get more sensitive information, like what iPhone their targeted audience use, what version of iOS they use, GPS locations with claims that accuracy can be down to a meter, and more.

Besides pinpointing targets to their home and work addresses, Patternz can also retrieve a list of other users who are near to the targeted ones.

The only limitation is that, this level of detail requires the use of an advertising network that is willing to support it.

The second method, is by snooping through iOS' push notification system.

According to the researcher Mysk, iPhone's push notifications are being exploited to invasively collect user data once again.

It's found that apps that utilize push notifications can also receive device information and other analytics to remote servers. Just like a zero-click exploit, developers of the apps are able to collect this data even if their apps aren't opened.

The method works by utilizing push notification, which activates whenever a notification arrives.

Apple doesn't allow iOS apps to run in the background and will automatically suspend inactive apps due to privacy concerns and performance issues. But when a notification is pushed, iOS will activates the app temporarily in order for it to customize the push notification for the user.

While iOS once again suspends the app after this action is performed, users' device data is gathered by these apps and sent to relevant parties during this time frame.

Apps that are found gathering user data using this method include some of the biggest social media platforms like Facebook, Instagram, TikTok, LinkedIn, and Elon Musk's X.

"The ability to execute tasks in the background is a gold mine for data-hungry apps," Mysk said in a statement.

"Unsurprisingly, many social apps notorious for their aggressive data harvesting practices are taking advantage of the background execution time enabled by push notifications. In fact, developers can harness this workaround to run code in the background on demand. All they have to do is send push notifications to their users. As a result, iOS would wake their app in the background on every device, then the app runs whatever code the developer has built into the app."

Data that can be gathered, include "system uptime, locale, keyboard language, available memory, battery status, device model, display brightness" and other related information.

At first, the data can be useless.

But when they're gathered continuously, the fingerprinting method which seek patterns on the data, can make everything relevant when building unique profiles in order to track users online and serve them relevant advertisements.

Read: Facebook, Snapchat Can Still Track Users After Apple's App Tracking Transparency, Reports Said