Tech

Facebook, X and other companies are mining iPhone user data through app notifications, research finds

By
Social Links for Katherine Donlevy
Published Jan. 26, 2024, 12:26 a.m. ET

IPhone users are handing over their personal data with a click of a button, new research finds.

Popular apps like Facebook, LinkedIn, TikTok, and X are harvesting user information through notifications, even when the user opts not to open their alerts.

Even more concerning, it’s not entirely clear why the tech companies are collecting the data, much of which is unrelated to improving the user experience, according to tests by security researchers at Mysk Inc., an app development company.

“We were surprised to learn that this practice is widely used,” Tommy Mysk told Gizmodo, which reported the disturbing trend Thursday.

“Who would have known that an innocuous action as simple as dismissing a notification would trigger sending a lot of unique device information to remote servers? It is worrying when you think about the fact that developers can do that on-demand.”

According to the research, the grifty technique is not in violation of Apple’s privacy rules because it utilizes a method called “fingerprinting,” which identifies a user based on details about their device in order to send targeted ads.

Popular apps like Facebook, LinkedIn, TikTok, and X are harvesting user information through notifications, even when the user opts not to open their alerts.
Popular apps like Facebook, LinkedIn, TikTok, and X are harvesting user information through notifications, even when the user opts not to open their alerts. AFP via Getty Images

Notifications allow fingerprinting to continue to run even when an app is closed, which typically cuts off an app from tracking such information.

“They can intentionally send a notification to a targeted device just so that the app starts in the background and sends back details,” Mysk said.

Notifications from Facebook collect IP addresses, the number of milliseconds since your phone was restarted, the amount of free memory space on your phone, and a host of other details, according to the report.

LinkedIn reportedly uses the same technique to figure out the user’s timezone, display brightness and what mobile carrier is being used.

Even more concerning, it's not entirely clear why the tech companies are collecting the data, much of which is unrelated to improving the user experience, according to tests by security researchers at Mysk Inc., an app development company.
According to the research, the grifty technique is not in violation of Apple’s privacy rules because it utilizes a method called “fingerprinting,” which identifies a user based on details about their device in order to send targeted ads. Getty Images

Both companies categorically denied Mysk Inc’s findings, stating they only use notification data to better the user experience.

“Data that is collected is only used to confirm that a notification was successfully sent and, on a transient basis, to queue the app experience in case the member chooses to launch the app in response to the notification never shared externally,” a LinkedIn spokesperson told Gizmodo.

Meta spokesperson Emil Vasquez issues a similar statement: “We may periodically use this information, even when the app isn’t running, to help us deliver timely, reliable notifications, using Apple’s APIs. This is consistent with our policies.”

TikTok and X were also found to be mining user data through notifications. The companies did not respond to requests for comment by either Gizmodo or The Post.

LinkedIn reportedly uses the same technique to figure out the user's timezone, display brightness and what mobile carrier is being used.
LinkedIn reportedly uses the same technique to figure out the user’s timezone, display brightness and what mobile carrier is being used. SOPA Images/LightRocket via Getty Images

Apple is expected to launch a new update soon that would better protect its users from data mining from mega companies.

App developers will be required to explain why and how they’re harvesting such information in hopes of preventing companies from using it for illegitimate reasons.