I’m curious how they obtain that info. I have a FB account just because sometimes I need it for work. I don’t use my real name, I have no friends, and I run it in a sandbox with a VPN and ad blockers. I’d like to know how much of my info they still can access.
It specifies it’s from the app, so they have access through the native functionality for that. When you go to install it, it lists the data it accesses, and by downloading and using it, that’s how they are given permission.
Some of those categories of information (location, health, contacts for example) require the user to accept on an iOS prompt. The app won’t be given access otherwise. Apple are usually pretty strict about apps only asking for those permissions if there’s a valid reason. I’m curious to know what they would be though.
They don’t. I mean not in a “oh trust Meta way”, obviously don’t, but…
These privacy cards are self reported by the developers and have nothing to do with enforced API or data access.
Obviously not reporting something like identity while asking for the user’s real name on the first screen is likely to be noticed by AppStore review, but it’s just as possible for a developer to check every box to cover their ass (what Meta likely does since let’s be honest they do vacuum up everything you type into the app at a minimum) as it is for a developer to check no boxes and still be collecting various bits of info. Which is of course why things like HealthKit actually have on device permission screens and need access confirmed by the user directly.
And of course a user giving or not giving direct permission is very likely used in any fingerprinting that they’re doing
Also don’t you get a pop up on iOS when apps actually try to do one of these things? Like I have weather apps that clearly say that track my location, but it still gives a pop up asking to use your location when you actually start using it.
I’m curious how they obtain that info. I have a FB account just because sometimes I need it for work. I don’t use my real name, I have no friends, and I run it in a sandbox with a VPN and ad blockers. I’d like to know how much of my info they still can access.
Make a GDPR request for all your data?
It specifies it’s from the app, so they have access through the native functionality for that. When you go to install it, it lists the data it accesses, and by downloading and using it, that’s how they are given permission.
Protip: Don’t use the app
Some of those categories of information (location, health, contacts for example) require the user to accept on an iOS prompt. The app won’t be given access otherwise. Apple are usually pretty strict about apps only asking for those permissions if there’s a valid reason. I’m curious to know what they would be though.
I still won’t be using the app.
They don’t. I mean not in a “oh trust Meta way”, obviously don’t, but…
These privacy cards are self reported by the developers and have nothing to do with enforced API or data access. Obviously not reporting something like identity while asking for the user’s real name on the first screen is likely to be noticed by AppStore review, but it’s just as possible for a developer to check every box to cover their ass (what Meta likely does since let’s be honest they do vacuum up everything you type into the app at a minimum) as it is for a developer to check no boxes and still be collecting various bits of info. Which is of course why things like HealthKit actually have on device permission screens and need access confirmed by the user directly.
And of course a user giving or not giving direct permission is very likely used in any fingerprinting that they’re doing
Also don’t you get a pop up on iOS when apps actually try to do one of these things? Like I have weather apps that clearly say that track my location, but it still gives a pop up asking to use your location when you actually start using it.