Skip to main content

Security experts just found two giant smartphone privacy issues

The Apple iPhone 15 Pro Max's camera module.
Apple iPhone 15 Pro Max Andy Boxall / Digital Trends

This has been quite a stunning week in regard to the privacy and security of smartphone users. Specifically, two investigations have revealed troubling privacy concerns around smartphone advertising and iOS’ notification system.

The first, a deep investigation by 404 Media, uncovered a company called Patternz is weaponizing the ad delivery system on smartphones to extract information through apps and then send it to bidders.

Recommended Videos

The report described Patternz as “a secretive spy tool that can track billions of phone profiles through the advertising industry.” Patternz uses a pipeline in popular apps like 9Gag and a bunch of popular caller ID apps to do its nefarious jobs. Patternz reportedly told its clients that it can monitor virtually any app that is capable of running ads.

The company’s CEO says once the tool, which covers over half a million apps, is deployed, the phone turns into a “de facto tracking bracelet.” According to a damning research paper, it profiles over a staggering 5 billion users and hawks the information to clients using the real-time bidding (RTB) market. Whether you have an iPhone or an Android phone, this is something that can affect you.

ISA, the surveillance company behind Patternz, collects this data from RTB players like Google and X, formerly known as Twitter. The dataset it sells can include anything from a highly specific location of a person that’s accurate within meters to a history of their movement pattern and even who they are meeting.

A massive surveillance net

Illustration of people standing on a phone's screen
Generated using Dall-E 2 / Digital Trends

The very existence of such tools also brings into question the efficiency of Apple’s heavily marketed App Tracking Transparency feature, which aims to curtail such ad-enabled tracking.

Cybersecurity experts say such tools enable government surveillance, and the likes of ISA are already advertising their services to national security agencies. That’s no coincidence.

The head of the National Security Agency has acknowledged that the NSA purchases web-browsing data of Americans from data brokers, bypassing the need for warrants.

The bombshell confirmation came after Senator Ron Wyden (D-OR) put a hold on the nomination of the NSA’s incoming director, Timothy Haugh, and demanded answers about the agency’s practices in collecting Americans’ location and internet data.

Wyden, who has been attempting for three years to reveal that the NSA buys Americans’ internet records, received a letter on December 11 from current NSA Director Paul Nakasone confirming these purchases. Reuters first reported the letter’s details.

Notifications can be nefarious

Ivory app notification tab
Christine Romero-Chan / Digital Trends

But ads are just one-half of the problem. Another investigation by Mysk revealed that bad actors are exploiting the push notifications on iPhones to collect crucial data for diagnostics and customized data delivery.

Whenever an app gets a push notification, iOS briefly wakes it up, giving it a short window to personalize the notification before showing it to the user. Not shockingly, various social apps, infamous for their invasive data collection habits, are exploiting this background runtime provided by push notifications.

Developers can cleverly use this loophole to execute code in the background whenever they want, simply by sending push notifications. Numerous apps are using this function to covertly send comprehensive device data while operating in the background, effectively running a system for fingerprinting devices.

#Privacy: Facebook, TikTok, and Other Apps Use Push Notifications to Send Data about Your iPhone

“The frequency at which many apps send device information after being triggered by a notification is mind-blowing,” says the security firm. This investigation has unearthed suspicious behavior even from massively popular platforms such as Facebook, TikTok, and LinkedIn.

What do experts have to say?

Illustration of a woman looking through a phone
Generated using Dall-E 2 / Digital Trends

The only solution to this problem? Disabling notifications.

“More recently, adversaries look to be using notification pop-ups and ads that may induce the victim into installing spyware onto their devices,” Jon Clay, VP of Threat Intelligence at global cybersecurity firm Trend Micro, tells Digital Trends.

So, what can an average person do to avoid such illicit surveillance, which can transmit identifying details such as location and local data? “Many people have been led to believe mobile devices are secure by themselves,” Clay says, noting that installing ad-blockers may offer some form of safety net or dedicated security apps.

What happens on your iPhone does not stay on your iPhone.

“Attacks of this nature are quite insidious and extremely alarming,” says Alan Bavosa, vice president of security products at Appdome. He notes that users are typically in a defenseless position in the face of such attacks since they aren’t aware of what’s happening on their devices in the first place.

“There are small things that users can do not to make matters worse, like downloading apps from standard app stores and not changing (jailbreaking or rooting) their devices,” Bavosa tells us. “But these measures are additive, not curative.”

A person holding the Apple iPhone 15 Plus and Apple iPhone 15 Pro Max.
Apple iPhone 15 Pro Max (left) and Apple iPhone 15 Plus Andy Boxall / Digital Trends

Unfortunately, it seems the onus ultimately falls on the user, and that, too, is a preventive measure. A common suggestion from cybersecurity experts is to manually dig into the settings app and disable notification apps for certain apps and maybe to device sensors as well.

“Some Adware and Spyware may be published by bad actors in the official marketplaces under look of a legitimate app,” says Shawn Loveland, chief operating officer at Resecurity. “It is recommended not to install random apps or apps you don’t really need.”

Even though bad actors have found workarounds, asking apps not to track user activity on your iPhone is a prudent step. “It’s a good idea to periodically check the permissions of apps, particularly those related to location and microphone access, and to disable any that aren’t necessary,” suggests John Chapman, co-founder of security firm MSP Blueshift.

Some reprieve will arrive later this year as Apple prepares to ask developers to explicitly explain why they need to access push notifications and the related diagnostic systems on iPhones. It’s not going to fix all the problems in one go, but it’s at least a decent start.

Nadeem Sarwar
Nadeem is a tech journalist who started reading about cool smartphone tech out of curiosity and soon started writing…
I hate the new Photos app in iOS 18
Photos app on iOS 18.

When Apple launched the iPhone 16 line, it also released iOS 18 to the masses after months of betas. Though the biggest feature of iOS 18 is Apple Intelligence, which didn’t actually launch until the iOS 18.1 release, there are plenty of other things that iOS 18 brings to the table. That includes RCS messaging, more home screen customization, a revamped Control Center, and more.

One app that got a significant redesign in iOS 18 is the Photos app. After around a decade of mostly the same design and what I would call muscle memory, the new Photos app is, well, quite jarring — and I'm not a fan.
The new Photos app is messy
The old Photos app Christine Romero-Chan / Digital Trends

Read more
A hidden iOS 18.1 upgrade made it harder to extract data from iPhones
A person holding the Apple iPhone 16 Plus.

Apple Intelligence was the most notable upgrade that arrived on iPhones with the iOS 18 series of updates. But it seems Apple reinforced the security protocols in the background that could prevent bad actors from gaining unauthorized access to iPhones that haven’t been unlocked in a while by their legitimate owner.

Earlier this month, 404Media reported that law enforcement officials are troubled by iPhones that are mysteriously rebooting. Citing a report courtesy of officials in Michigan, the outlet notes that the reboots are hampering the ability to access what’s stored on the phones through brute-force unlock methods.

Read more
Apple quietly nixed this Apple Intelligence feature from iOS 18.2
Image Playground on iPad.

One of the most highly anticipated features of Apple Intelligence, Image Playground, has finally launched in the iOS 18.2 developer and public betas. This artificial intelligence tool, announced in June, enables users to create cartoon-like images from text descriptions. Unfortunately, at least in the beta version, one of Image Playground's announced features is missing.

As first noted on X (formerly Twitter) by @nicolas09f9 (via MacRumors), Image Playground was once expected to feature three design styles: Animation, Illustration, and Sketch. For whatever reason, the latter isn't a choice in the beta.

Read more