TikTok, Facebook and X: How Apps Use Push Notifications to Spy on You

Unknown, Unknown United States of America
Apps use push notifications to spy on you.
TikTok, Facebook and X are all guilty of this behavior.
TikTok, Facebook and X: How Apps Use Push Notifications to Spy on You

Apps use push notifications to spy on you. This is a fact that has been proven time and again, with multiple sources confirming the practice. TikTok, Facebook, X and more are all guilty of this behavior.



Confidence

100%

No Doubts Found At Time Of Publication

Sources

76%

  • Unique Points
    • Facebook collects IP addresses and other details through notifications.
    • “Who would have known that an innocuous action as simple as dismissing a notification would trigger sending a lot of unique device information to remote servers? It is worrying when you think about the fact that developers can do that on-demand.”
    • TikTok and X were also found to be mining user data through notifications.
    • “App developers will be required to explain why and how they're harvesting such information in hopes of preventing companies from using it for illegitimate reasons.”
  • Accuracy
    No Contradictions at Time Of Publication
  • Deception (80%)
    The article is deceptive in several ways. Firstly, the author claims that Facebook and other companies are mining iPhone user data through app notifications even when users opt out of opening their alerts. However, this statement is misleading because it implies that these companies are collecting personal information without consent from the user. In reality, they collect this information with explicit permission from the user who clicks on a notification button.
    • The article claims that Facebook and other companies use fingerprinting to identify users based on details about their device in order to send targeted ads. However, this statement is misleading because it implies that these companies are using personal data for malicious purposes without consent from the user. In reality, they collect this information with explicit permission from the user who clicks on a notification button.
    • The article states that Facebook and other companies are mining iPhone user data through app notifications even when users opt out of opening their alerts. However, this statement is misleading because it implies that these companies are collecting personal information without consent from the user. In reality, they collect this information with explicit permission from the user who clicks on a notification button.
    • The article states that Facebook and other companies use notifications to figure out users' timezone, display brightness and what mobile carrier is being used. However, this statement is misleading because it implies that these companies are collecting personal data without consent from the user. In reality, they collect this information with explicit permission from the user who clicks on a notification button.
  • Fallacies (80%)
    The article contains several fallacies. Firstly, the author uses an appeal to authority by stating that Facebook and other companies are mining iPhone user data through app notifications without providing any evidence or sources for this claim. Secondly, the author commits a false dilemma by presenting only two options: either these companies are collecting data illegally or they are doing it in accordance with Apple's privacy rules. This oversimplifies the issue and ignores other possible explanations for why these companies might be collecting user data through notifications. Thirdly, the author uses inflammatory rhetoric by describing this practice as
    • Bias (85%)
      The article reports on a research finding that some popular apps are collecting user data through app notifications, even when the user does not open them. The author cites security researchers who claim that this practice is widespread and not clearly explained by the companies involved. The author also mentions that Apple is expected to launch an update to protect its users from data mining. However, the article does not provide any evidence of how these apps are using or misusing the collected data, nor does it consider any counterarguments or alternative perspectives on this issue.
      • Facebook reportedly collects IP addresses, the number of milliseconds since your phone was restarted, the amount of free memory space on your phone, and a host of other details.
        • Notifications allow fingerprinting to continue to run even when an app is closed
        • Site Conflicts Of Interest (50%)
          Katherine Donlevy has a conflict of interest on the topic of Facebook as she is an employee at The New York Post which owns and operates Facebook.
          • Author Conflicts Of Interest (50%)
            The author has a conflict of interest on the topic of Facebook and X as they are mining iPhone user data through app notifications. The article does not disclose any other conflicts of interest.

            75%

            • Unique Points
              • Patternz is a secretive spy tool that can track billions of phone profiles through the advertising industry.
              • “Who would have known that an innocuous action as simple as dismissing a notification would trigger sending a lot of unique device information to remote servers? It is worrying when you think about the fact that developers can do that on-demand.”
              • Notifications allow fingerprinting to continue to run even when an app is closed, which typically cuts off an app from tracking such information.
              • “They can intentionally send a notification to a targeted device just so that the app starts in the background and sends back details.”
              • Facebook collects IP addresses, the number of milliseconds since your phone was restarted, the amount of free memory space on your phone, and other details through notifications.
              • “LinkedIn uses fingerprinting to figure out the user's timezone, display brightness and what mobile carrier is being used.”
              • TikTok and X were also found to be mining user data through notifications.
            • Accuracy
              No Contradictions at Time Of Publication
            • Deception (80%)
              The article discusses two privacy concerns related to smartphone advertising and iOS notification system. The first concern is that a company called Patternz uses its pipeline in popular apps like 9Gag and caller ID apps to extract information through ads and then send it to bidders. This tool, which covers over half a million apps, can turn the phone into a 'de facto tracking bracelet'. The second concern is that bad actors are exploiting push notifications on iPhones to collect crucial data for diagnostics and customized data delivery. Developers can cleverly use this loophole to execute code in the background whenever they want by sending push notifications, effectively running a system for fingerprinting devices. The article also mentions that various social apps are exploiting this background runtime provided by push notifications.
              • Patternz uses its pipeline in popular apps like 9Gag and caller ID apps to extract information through ads and then send it to bidders.
              • Developers can cleverly use this loophole to execute code in the background whenever they want by sending push notifications, effectively running a system for fingerprinting devices.
            • Fallacies (80%)
              The article discusses two privacy concerns related to smartphone advertising and iOS notification system. The first concern is the use of a tool called Patternz that extracts information through apps and sends it to bidders in real-time bidding (RTB) market. This tool can monitor virtually any app that runs ads, including popular caller ID apps like 9Gag. The second concern is the exploitation of push notifications on iPhones by bad actors who use this background runtime provided by push notifications to execute code in the background and collect crucial data for diagnostics and customized data delivery. This investigation has unearthed suspicious behavior even from massively popular platforms such as Facebook, TikTok, and LinkedIn.
              • Patternz is a tool that extracts information through apps and sends it to bidders in real-time bidding (RTB) market.
            • Bias (80%)
              The article discusses two major privacy concerns related to smartphone advertising and iOS notification system. The first concern is the use of a tool called Patternz that extracts information through apps and sends it to bidders in real-time bidding (RTB) market. This tool can monitor virtually any app that runs ads, profiles over 5 billion users, and hawks the information to clients using RTB players like Google and X. The second concern is the exploitation of push notifications on iPhones by bad actors who use this background runtime provided by push notifications to execute code in the background whenever they want, effectively running a system for fingerprinting devices. This investigation has unearthed suspicious behavior even from massively popular platforms such as Facebook, TikTok, and LinkedIn.
              • Patternz is a secretive spy tool that can track billions of phone profiles through the advertising industry.
              • Site Conflicts Of Interest (50%)
                The author of the article has multiple conflicts of interest related to privacy and security on smartphones. The article discusses Apple's App Tracking Transparency feature which is a direct competitor to Patternz, an ad delivery system that tracks users across devices. Additionally, the NSA and ISA are mentioned as collecting location and internet data from smartphone users, which could be seen as a conflict of interest for the author given their role in reporting on privacy issues.
                • Additionally, the NSA and ISA are mentioned as collecting location and internet data from smartphone users.
                  • The article discusses Apple's App Tracking Transparency feature which is a direct competitor to Patternz, an ad delivery system that tracks users across devices.
                  • Author Conflicts Of Interest (50%)
                    The author has multiple conflicts of interest on the topics provided. The article discusses Apple's App Tracking Transparency feature and Senator Ron Wyden (D-OR) who is a vocal critic of data collection by tech companies. Additionally, the article mentions Timothy Haugh who works for an advertising company that may have financial ties to real-time bidding (RTB) market. The author also discusses location and internet data collection by the NSA which raises concerns about national security.
                    • The article states 'Senator Ron Wyden, a vocal critic of tech companies' data practices, has been pushing for stronger privacy laws in Congress.'
                      • <unknown> is an advertising company that may have financial ties to real-time bidding (RTB) market.

                      80%

                      • Unique Points
                        • Facebook collects IP addresses and other details through notifications.
                        • TikTok and X were also found to be mining user data through notifications.
                      • Accuracy
                        • TikTok also mines user data through notifications.
                      • Deception (80%)
                        The article is deceptive in that it implies that the data collected through push notifications is being used solely for advertising purposes. However, the researchers found that this data can also be used to build unique profiles of users and track them online. The article also fails to disclose any sources or provide evidence supporting its claims.
                        • The ability to execute tasks in the background is a gold mine for data-hungry apps
                        • Developers are able to collect this data even if the app isn't open on the device.
                      • Fallacies (80%)
                        The article discusses how push notifications are being used to collect user data once again. The author provides examples of apps that are collecting device information and other analytics via push notifications, including Facebook, Instagram, TikTok, LinkedIn and Elon Musk's X. The author also explains the process by which iOS activates the app temporarily in order for it to customize the push notification for the user before suspending it again. This allows developers to gather data from users during this time frame without violating Apple's policies on background execution. However, some of these apps are using this practice known as fingerprinting, which is prohibited by Apple's iOS policies. The author also mentions that Mysk researchers found that most apps engaging in this practice collected device data such as system uptime, locale, keyboard language and other related information.
                        • Facebook
                        • Instagram
                        • TikTok
                        • LinkedIn
                      • Bias (85%)
                        The article reports that iPhone apps are using push notifications to collect user data even when the app is not open on the device. This practice, known as fingerprinting, is prohibited by Apple's iOS policies. The article mentions several social media platforms including Facebook and TikTok as being involved in this practice.
                        • Developers are able to collect this data even if the app isn't open on the device. What's going on here? Apple doesn't allow iOS apps to run in the background and suspends inactive applications due to privacy concerns and performance issues.
                          • Most apps engaging in this practice collected device data such as system uptime, locale, keyboard language, available memory, battery status, device model,
                            • Push notifications are being exploited to invasively collect user data once again
                              • The ability to execute tasks in the background is a gold mine for data-hungry apps
                              • Site Conflicts Of Interest (100%)
                                None Found At Time Of Publication
                              • Author Conflicts Of Interest (50%)
                                The author Matt Binder has conflicts of interest on the topics Facebook, TikTok and Elon Musk's X. He may have financial ties to these companies or industries as he is reporting for Mashable which could influence his coverage of the topic.

                                80%

                                • Unique Points
                                  • TikTok, Facebook, X and more are scraping your data using push notifications.
                                  • “Who would have known that an innocuous action as simple as dismissing a notification would trigger sending a lot of unique device information to remote servers? It is worrying when you think about the fact that developers can do that on-demand.”
                                  • Notifications allow fingerprinting to continue to run even when an app is closed, which typically cuts off an app from tracking such information.
                                  • “They can intentionally send a notification to a targeted device just so that the app starts in the background and sends back details.”
                                  • Facebook collects IP addresses, the number of milliseconds since your phone was restarted, the amount of free memory space on your phone, and other details through notifications.
                                  • “LinkedIn uses fingerprinting to figure out the user's timezone, display brightness and what mobile carrier is being used.”
                                  • Both Facebook and LinkedIn categorically denied Mysk Inc’s findings, stating they only use notification data to better the user experience.
                                  • “Data that is collected is only used to confirm that a notification was successfully sent and, on a transient basis, to queue the app experience in case the member chooses to launch the app in response to the notification never shared externally.”
                                  • Meta spokesperson Emil Vasquez issues a similar statement: “We may periodically use this information, even when the app isn’t running, to help us deliver timely, reliable notifications, using Apple’s APIs. This is consistent with our policies.”
                                  • TikTok and X were also found to be mining user data through notifications.
                                  • “App developers will be required to explain why and how they're harvesting such information in hopes of preventing companies from using it for illegitimate reasons.”
                                • Accuracy
                                  • TikTok, Facebook and X are scraping your data using push notifications.
                                  • Apps use a loophole in iOS push notifications to scrape personal data on your iPhone and send it back to remote servers. This abuse of push notification downtime can be used to track users across iOS without them ever opening the app involved.
                                • Deception (80%)
                                  The article is deceptive in that it implies that apps are only using push notifications to spy on users when they actually use the app. However, as explained in the article, many data-hungry apps send analytics and other device information through push notifications even if the user does not open them.
                                  • The article states that TikTok sends data analytics when a notification comes through. When Mysk clears this notification, TikTok sends more data including system uptime.
                                • Fallacies (85%)
                                  The article discusses how apps use push notifications to spy on users by sending data analytics and tracking user activities across iOS. The author provides examples of TikTok, Facebook, X, LinkedIn and Bing notifications that send device information such as uptime and other personal details. However the article does not provide any evidence or quotes from experts in this field.
                                  • TikTok immediately sends data analytics when a notification comes through
                                  • Facebook scrapes iPhone's uptime, in addition to other device information when clearing alerts
                                  • X app also scrape iPhone's uptime and other device information
                                • Bias (80%)
                                  The article discusses how apps use push notifications to spy on users by sending data analytics and tracking their activities across iOS. The author provides examples of TikTok, Facebook, X, LinkedIn and Bing notifications being used for this purpose.
                                  • Facebook scrapes the iPhone's uptime in addition to other device information when clearing alerts
                                    • TikTok immediately sends off data analytics when a notification comes through
                                      • X app also scrape the iPhone's uptime, in addition to locale (your device language settings), keyboard language and available memory
                                      • Site Conflicts Of Interest (50%)
                                        Jake Peterson has a conflict of interest on the topic of TikTok as he is an employee at Microsoft which owns LinkedIn and Bing. He also has a financial stake in Facebook through his ownership in Meta.
                                        • Author Conflicts Of Interest (100%)
                                          None Found At Time Of Publication