> NEHotspotHelper allows your app to participate in the process of authenticating with hotspot networks, that is, Wi-Fi networks where the user must interact with the network to gain access to the wider Internet.
> NEHotspotHelper is only useful for hotspot integration. There are both technical and business restrictions that prevent it from being used for other tasks, such as accessory integration or Wi-Fi based location. Before using NEHotspotHelper, you must first be granted a special entitlement (com.apple.developer.networking.HotspotHelper) by Apple.
Which makes sense, but then why exactly are apps like WeChat and Alipay granted this entitlement?
You can. iOS apps have to request individual permissions - I'm not sure about the specific level of granularity here, but you can deny location access while still letting the rest of the app run, and the app has to be able to deal with it.
No, you can reject permissions, but not entitlements.
Entitlements are granted (statically, per developer certificate or maybe app ID, not sure) by Apple, permissions are (optionally) granted by users at runtime.
The only way to not have an app making use of an API gated by (only) an entitlement is to never install it.
Of course there could be permissions that are gated behind entitlements, but in this case it seems to be only an entitlement.
And even then, an app can block usage until you allow a permission; ie Snapchat doesn’t need the camera permission to allow you to chat but will block usage of the app until you enable it.
It's not a new idea but I would love to see Apple implement a way to serve eg. a fake, empty contact list for an app that refuses to enable a feature unless you allow contact list permissions.
I personally use several different terminal/Unix emulator/SSH client apps on iOS that request the "background location" permission solely because there is no actual "background execution" API.
That's a design decision. Apple doesn't trust developers in general not to abuse this background API. They expect lots of aid requesting it, unknowledgeable users granting it without thinking much, and iPhones getting a crappy reputation for battery performance as a result.
I dislike this decision (taking a choice away from the user) but from a business point of view it makes sense.
The complexities and capabilities in the Chinese(well, most asia) mobile market are remarkable.
I always find it funny when people boast about how great certain things are in the US without ever have traveled to HK, Singapore, Tokyo, Beijing etc...
Most people dont realize just how entangled mobile life is in Asia, way more than in the US.
Centralized superapps seem incredibly dangerous to privacy, given that the limited mobile privacy models are designed around per-app permissions.
1. Create app that does 1 thing
2. Add more features to app
3. Abuse superset of permissions
4. Gov leans on app owner
5. Gov abuses superset of permissions
No, I more than 100% agree, I am just staing that most people just dont realize just how deeply entangled the mobile is to Asian life. I wasn't praising it, I am horrified, but also in awe by it.
I'm pretty sure most people are very aware that most of east Asia never saw massive PC adoption and so their internet developed in a very mobile-centric way. This hasn't been surprising for a long time?
I mean, back when the west had WAP there were articles saying NTT DoCoMo had much more advanced phone technology, sure.
But in terms of making it into the cultural consciousness - you don't see ubiquitous asia-specific mobile super-apps in cultural exports like 'Squid Game' or 'Spy X Family' (admittedly a lot of cultural exports aren't set in the present day)
I think if you're in China the centralized superapp is the least of your worries, privacy-wise. I agree that this is probably part of why these things will never really take off in the US though (no matter what Elon wants to wish for).
It is not the least of your worries, it is the abusive system working as intended. It is policy of the Chinese state to ingratiate itself into every aspect of its citizens' lives to exert control.
The fact the State is wholly evil in other ways does not lessen the worry; it multiplies it.
Is that inherently greater than not being connected or using super apps? Also, I didn't know Tokyo or japan in general were also into the "big app" concept. Japan in general didn't seem that "connected" relatively speaking back in 2017-18 but maybe stuff has changed in the past couple of years.
I think I'm missing some context: ex. there's O(many) apps that offer hotspot connections in the US as well. And my understanding is there's a privacy concern, which I think would be exacerbated by a super-app like WeChat adding this.
Even if only genuine hotspot apps got the entitlement, it is not a user-friendly privacy-first design. Such API use should trigger a user-visible permission dialog before apps get background-notified and user should be able to select the one of "allow-once, allow while using, allow-in-background, never" and the app activity should show up in app privacy reports.
Not sure I agree - in fact pretty sure I don’t. Having lots of permission dialogs just trains users to mindlessly click yes on everything, because they just want to do the thing, not think about how the sausage is made.
Because the Chinese market is too important. For wechat you can maybe argue that it's a "super app" and probably also can be used to connect to wifi hotspots, but for alipay I fail to come up with an explanation..
Alipay is also pretty much an everything app (it also has its own ecosystem of mini-apps built on Alipay's platform). Except for the social aspect, it's nearly interchangeable with WeChat.
Ah I see. It's been a while thanks to the pandemic that I've been there, and even then preferred just doing wechat so I dont have to deal with even more stuff. At least for regular payment almost all places accepted both options.
The sensible move would really be to break up these "everything" apps. Sure WeChat may have a wifi service, but if it is being used by 0.01% of the user base then why is everyone else forced to approve the permissions? Creating a separate "WeChat Wifi Connector" takes zero extra effort on their part.
Apparently the entitlement is not required in a few other conditions, listed here [1] by Apple:
1. application is using CoreLocation API and has user's authorization to access precise location. [This seems harmless – the app already gets the precise location anyway here.]
2. application has used NEHotspotConfiguration API to configure the current Wi-Fi network. [This seems to be the scope of the article!]
3. application has active VPN configurations installed. [This one is quite surprising to me!]
4. application has active NEDNSSettingsManager configuration installed. [No idea what this is exactly, but it seems similar to the VPN one.]
Its a more basic question to me, why do these apps need a special entitlement? Couldn't they ask users for permissions like any other app, presumably with a good reason to go along with it since location is needed for some features?
Apple wants to gatekeep the feature for "legitimate" uses. If it was just another permission, random flashlight apps (as the joke goes) would ask for the permission and _n_% of people would just blindly accept it. Then, of course, Apple would get blamed for allowing random flashlight apps to track people's location. Of course this could all be done via the regular app review process, but Apple seems to have decided on a few permissions they want to keep super locked down (CarPlay is another, to avoid blame for when someone crashes while using some CarPlay app).
These "super apps" get special treatment everywhere.
Many phone manufacturers even automatically grant certain permissions when these apps are installed (the list is sometimes hard-coded into the system), since there are people who do not understand what is "permission", and they blame the phone manufacturer for not being able to use WeChat/Alipay.
FYI, that API requires entitlements to be used, which are only available if you request them from Apple and justify their use. It's not a general-purpose API any app can use.
That’s not really any consolation, since (according to the article) Apple has granted that entitlement to WeChat and Alipay.
Yes, these are “super-apps” and Wi-Fi hotspot services are probably part of their offerings, but that’s just more reason this should be a user-grantable permission like “local network access”. If I don’t care for the hotspot feature, I don’t want the app to have that capability.
Certain apps have always gotten special treatment. If it’s big enough to mess with phone sales they’re allowed nonsense a normal dev would be permanently banned for.
Ex: all the stuff FB has been caught doing over the years
My understanding (no first hand experience) is that WeChat and Alipay are basically required in China. If a phone doesn’t have them, it’s worthless and won’t sell.
So naturally they too can do nonsense that would get the rest of us booted to space.
I've asked similar questions before and am usually told that this is how Apple does things and it's what makes their users happy. It's in fact why they love and choose Apple. They trust Apple to make the right decisions, and this is in fact a big part of the value add of their products. This is much related to the walled garden approach. For example, ask about why sideloading should remain not an option at all, rather than something like Android where you can enable it if you want to but "Grandma" isn't going to accidentally do it. Apple users actively don't want that capability. It doesn't make sense to me, but that's because "I'm not their target market."
I have to agree with this sentiment, I read it here on HN 'power' users more than once. Although most Apple users have no clue about what we discuss here, the part about actively wanting it is simply not true en masse.
Needless to say that's not for me and I will probably keep sporting Androids (in my case I am happy with Samsung's top ultra offerings) since I actually use those added features, ie saving 500 bucks on proper expensive variometer for paragliding and instead hooking it up via OTG cable with basic one with good sensor but without display, for 10% of the price... needless to say relevant app isn't on play store neither. And so on.
But we certainly have choice on the market. I just wish Apple would properly focus on user security and shielding them from the worst of internet, and less on milking advertising, what I see so far didn't convince me it isn't just sophisticated marketing and not much more. You already pay premium on the device, its a proper spit in the face to be so visibly milked more and more, thats pure corporate greed.
What I mean - my wife with iphone pops up browser, I pop up mine with firefox and ublock origin. Internet is utterly useless and horrible place on her phone, while completely fine on mine (plus I get youtube ads blocking as a bonus)
> my wife with iphone pops up browser, I pop up mine with firefox and ublock origin. Internet is utterly useless and horrible place on her phone, while completely fine on mine (plus I get youtube ads blocking as a bonus)
I recently set up NextDNS on my iPhone and browsing the web has become much more usable (previously, I would get webpage crashes!). Something to look into in addition to or instead of Wipr.
That's a self-fulfilling property, with cause and effect going as much in the other direction: people who want that capability don't become Apple users. If you want openness, you don't pick Apple.
It’s not that I trust Apple, it’s that I trust Apple infinitely more than I trust the largest spy network on earth and existing without a smartphone today is difficult.
If you need a smartphone, you can choose between a company that has some missteps, or a demonstrably evil spy network. I know who I am choosing.
Thanks, your position certainly makes sense to me regarding a Pixel phone with the stock software on it, but much less so when considering options like GrapheneOS or any of the Androids made by other non-Google companies (like OnePlus, etc). That's the point at which usually "user experience" or "I'm already in the Apple ecosystem" usually come to fore-front as the reason.
I don't really trust of those big companies, which is where GrapheneOS really shines. Open source, lots of enhanced privacy controls, but also as much of the Google ecosystem as the user wants. If you maximally distrust everyone, you can roll with pure FOSS. If you're somewhere in the middle like most people, you can pick and choose the pieces that are worth it to you (Google's Pixel Camera app is a common one for example). Graphene OS is also trivial to install now thanks to the web installer, so pretty much anybody who can load a web page, plug in a USB cable, and follow the explicit instructions to unlock the bootloader (which is stuff like, "open settings" -> "click about", etc) can do it.
Where do I buy a GrapheneOS phone from a manufacturer that tests the entire package and releases updates?
I’ve done the “just buy unlocked hardware and install this or that” in the past. My phone ended up taking up way more of my time than I’m willing to let it and my life has only gotten busier since.
This mentality is fascinating to me. In a sense, nobody owns an Apple device. It's more like renting: the landlord keeps a bunch of doors locked and has strict rules, but the place comes pre-furnished and includes millennial-grade amenities.
I can see the appeal if you don't particularly care about owning a device, but it blows my mind that people become so dedicated to this way of living.
Not to get too philosophical, but the entire concept of ownership per se is always a social contract that's being renegotiated continuously by society. Almost every country in the world has limits on the things you can own, to give just one example.
I do see the value of having autonomy over the devices I conduct my digital life on (whether owned or rented, for that matter!), but I'm not sure if the concept of physical ownership is the right model here.
How my personal data is being processed in other people's and the government's systems is just as relevant to me, and conversely, I'm fine with some opaque blobs of other people running on my hardware, as long as they're properly sandboxed (i.e. can't phone home freely or access any of my data that's none of their business), and I see the mutual benefit in them.
I think the renting analogy is a decent one and I’m on the other side of this, so let me give you my perspective.
When you own a home, you are 100% liable and responsible. If anything breaks, it’s an unexpected demand on my time and/or an unexpected expense. When you rent, you just call the landlord and say “shit’s broke” and it’s no longer your responsibility. I don’t have the mental bandwidth these days for the unexpected demands the house places on me.
This is _exactly_ the experience I had with Android versus iPhone.
I bought the original Android Dev Phone 1. Still have it somewhere. Moved to a Galaxy Nexus, Nexus 4, couple of OnePlus phones, etc. Used the stock Android, Cyanogenmod, LineageOS, and others. Did all sorts of fun stuff.
Then my life got busier and busier and busier and I found myself sitting up late one night dicking with fixing something on my phone again and just was like nope, this is not how I need or want to be spending my time. My life has only gotten busier since. I don’t have time for suddenly finding out one day that the last update that I installed broke the microphone on my phone and I can no longer use it as a phone.
Using the iPhone is having a landlord. If it breaks, it’s just broken. Not only do I not need to feel responsible for fixing it, I couldn’t if I wanted to. It takes up no space in my head.
So the fact that Apple (1) generally doesn’t release terribly broken software; (2) supports their devices with updates for a long time; and (3) is vaguely respectful of privacy and security makes the iPhone an obvious winner for me.
Even just making sideloading _available_ is going to shift the space my phone sits in my head. It’s no longer going to be “it works or it doesn’t, if it works and you don’t like how it works that sucks nothing to do about it so you may as well forget about it”. It’s going to be a constant “this is vaguely annoying I bet I could find a replacement dialer that _does_ allow you to search your call history…”. I’ll literally pay a premium for someone to take options away from me rather than have yet another place I need to exercise my self control.
I already spend all day with needy computers fixing and improving and such. Having a dumb appliance that lets me not do that is what I _want_.
> I’ll literally pay a premium for someone to take options away from me rather than have yet another place I need to exercise my self control.
Thank you, this makes a lot of sense to me! I'm still on the other side of it personally, but I can genuinely understand this position. So many times these sorts of discussions are so pointless as they go back and forth with things like "you don't have to enable that option if you don't want to" and people saying "somehow I'll have to" with these weird hypotheticals that seems ludicrous, but yours is a solid argument.
Yeah just start with the assumption that “this is an appliance” in my world and most of the rest probably makes sense.
From my point of view and use case, right now the market has two options:
1. A smart toaster with WiFi and Bluetooth that runs modified Linux and uses this functionality to both offer you automatic bread ordering and also spy on your daily toasting habits. But if you don’t like being spied on you can also run aftermarket ToastOS which works on most toasters (though it’s maintained by volunteers and sometimes you update and try and make toast but it never pops and lights a fire in your kitchen). Or…
2. A relatively dumb toaster with a lever and thermocouple. It cannot run custom toast programs. It always makes toast to the exact same darkness regardless of if you want it lighter or darker. If it stops working you throw it out and get a new one because the whole case is glued shut and it’s unrepairable.
Also in this not-so-hypothetical-hypothetical I have literally zero hours in a day to spend on things but a whole big pile of dollarbucks. Also I’m a techie with ADHD and if there’s a piece of broken or annoying technology in front of me I _can_ fix, I will fix.
I’ll pay you extra to solve my toasting problem for me with your dumb appliance so I can get back to migrating workloads off of my EKS cluster on to the bare metal k3s cluster that’s heating up my utility room or rebuilding my garage doors or whatever it is I need to be doing today.
I love that your analogy hit me so hard that I came to question my iPhone SE. I think the main issue for me is that I have not found a better alternative elsewhere. There are some interesting locked down and privacy focused variants of Android, but I am not sure I could use them with the banking and personal ID apps that are almost "required" unless I have to jump through additional hoops daily.
But thought provoking analogy - and thanks for that!
It doesn't work for everything, but many banks will have a website you can use just fine from the phone's browser. If you're trying to do full payments with the phone that won't work of course, but if you get a physical credit card/debit card you can (usually) do everything else with the mobile site. This is what I do for my Graphene OS phone
I think you greatly overestimate how big of a deal this lack of user choice is to most people.
Nobody needs to be dedicated to a lack of choice/freedom for Apple's business model to work.
Being begrudgingly ok with it works just as well, just like they don’t price their products at “oh wow, that’s a steal, I’ll take one as a spare”, but rather somewhere close to “oh wow, but I guess I don’t buy this every day, and maybe with an installment plan…”
You’re missing a probably sizable fraction of Apple users that don’t love this, but also don’t hate it enough to switch to something else for that reason alone.
It’s very similar to political parties: I have yet to find one that I 100% align with in all things, yet I still vote.
Oh I do want this functionality from them and I already actually do get it on MacOS, where grandma or my mom can use the App Store while I can still get an installer dmg with „this app was downloaded from internet do you trust it yadda yadda” warning. They’ret capable of doing it, they just don’t because AppStore makes a lot of nasty monopoly $.
FWIW I used WeChat a few years ago and at that point it definitely asked for local network access (which is what this article is about; a mechanism for collecting SSIDs which can then later be correlated to locations).
If there is an entitlement, it is as of yet unclear whether it means a consent dialog/privacy toggle or not. IIRC an entitlement only means you can ask for this sort of access, not get it automatically, but I may be wrong (I’ve never gotten far in iOS dev).
We can argue that this feature is misnamed, regular users will not understand what it is and would not be giving informed consent, and I can get behind that, but “automatic access to my private data on my device” looks like jumping to conclusions.
That’s not what that permission does. As mentioned in TFA, SSID scanning access requires an entitlement (granted by Apple), not a permission (granted by the user).
You are misunderstanding what entitlements are. An entitlement does not imply no consent from the user, in many cases all it gives is the ability to ask for that consent.
> FWIW I used WeChat a few years ago and at that point it definitely asked for local network access (which is what this article is about; a mechanism for collecting SSIDs which can then later be correlated to locations).
Is that what "local network access" means? I thought that was for controlling network connections to LAN ips and/or to send multicast packets (eg. mdns).
> there was a VPN app I used that didn't have the "local network access" permission, but was still inexplicably able to get a list of wifi networks I connected to
It is different from continuously getting a list of all SSIDs within your Wi-Fi range, even those you never connected to. This is what allows shady apps infer location (this, and massive databases of SSID matched to coordinates).
What you described is also a feature of WireGuard iOS, and it needed no permission.
As far as I can tell, Wireguard does it the other way around (i.e. you provide it with a list of SSIDs you want to always enable VPN for, it provides that to the OS, and the OS then only tells the VPN that it needs to get connected).
But according to this [1] post (by an Apple employee?), having an enabled VPN profile seems to indeed be opting the app in to receiving the current SSID without the location permission, at least for some time and since iOS 14.
Hm, I assume any app can ask for whatever it wants, but that's just an assumption. I don't know if app developers need to apply to be able to request permissions, but I don't own an iPhone.
I was remembering when trying out iOS development years back that entitlements were needed for many things and the ones I tried involved a consent screen.
From looking at https://developer.apple.com/documentation/bundleresources/en... I would say there are many more entitlements than consent screens, the phrasing suggests there is no 1:1 mapping between them and is not clear on whether they reliably come with consent screens (I suspect not).
It is very unfortunate that there is little clarity on that in the docs, and that entitlements are not exposed anywhere in the GUI. Sure, they are too technical, but they could at least be shown in some advanced info pane. I am seriously considering if I can dejail an old iPhone and perhaps inspect some big name apps for what they have been entitled to.
It's so hard to prioritize non-profits these days. EFF is huge and super relevant, but so are aid programs to Ukraine or I/P, and reproductive health orgs. There's a lot going on I want to contribute to.
I just did my end of year matching gift donating through the portal at work.
I guess I left out Ukraine, which needs fixing. But did get FSF, EFF, the regional food bank, and a niche human rights org.
Let me tell you, causing my employer donate to the EFF in particular is always one of the high points of my year. Even better when there’s 2:1 matching, which they seem to not offer this year (I dig deep in my own pocket when they do have that because, hey, 2:1!). It’s hilarious and oh so satisfying.
I wonder if there is a service to automate small (or large) donations to multiple organizations on a regular basis similar to an investment service?
Edit: I can only find services marketed towards the nonprofit, not for the donor. A service that aggregated and automated all the nonprofits I want to regularly donate small amounts to would be great. I think it would be important to not require the nonprofits direct involvement in order to allow me to donate as diversely as I want.
Benevity is a company that basically administers company matching donations.
Database of approved nonprofits, can set up arbitrary amounts as recurring payments, and automatic matching if you do the donations through their site.
It’s not quite “I got $500 this month to give back, scatter it amongst my chosen charities” but you could definitely use a service like that to set up baseline donations.
I don’t do scheduled donations; prefer to spool it up and make a splash when employer offers 2:1 match. Don’t think I’ve seen that in all of ‘23, though, so settling for 1:1 now.
Thank you for this. I realize this suggestion fits the context of the thread, but I am currently self employed so I would love another suggestion that isn’t necessarily geared toward integrating with employer match programs.
If every big app had to interrupt users to ask for simple things like performing http calls, usability would take a little hit, the nice "UX flow" of apple is a major selling point, so a very small percentage would buy Android phones.
Because Apple fundamentally doesn't believe you own the device so the question makes no sense to them. They already own it why would they need to ask you?
Quite a few apps run tests to find out if they're running on a rooted device, and refuse to continue if they are.
Dunno if these apps do that or not, but I can easily imagine that using them is a Hobson's Choice even in OSS utopia: take the horse offered (app with tracking) or don't have a horse.
To the extent you could ever replace WeChat and Alipay with OSS, that's already a possibility today even with closed OSes and App Stores.
To the extent that you can't (network effects or legal obligations or whatever) you still won't be able to if the code of those apps is made available under any license of your choice.
I honestly don't see it like that anymore. You paid in to buy the object but you're still asking for permission to use their overall ecosystem.
I think it's more like a child buying a teams jersey so that he can play on the team, but he can still get kicked off the team if he doesnt follow the rules. You can't argue "but I paid for the uniform with your logo, you must let me play 1st base!"
Sure the child still owns the uniform, and maybe he can get some use out of it or sell it off for spares (parts) to other people, but him paying doesn't make him own the team.
Android requires the app to ask the user's permission to read WAP identification details. Previously, the app had to ask for location permission, and now there is a special permission just for this. https://developer.android.com/develop/connectivity/wifi/wifi...
This is exactly correct, though you don't want to admit it's the case it seems.
I mean, we just allowed Car Manufactures to pump as much contact data and location data as they can off your phones and sell it to whomever they'd like risk free and legally.
We have laws against physical trespassing, but when it comes to 'data' trespassing on applications that you install or come with your phone we're still in the wild west.
I think you're both right. the misunderstanding here is a difference between is and ought. pixl97 is describing the current state of things, not saying they ought be this way (please correct me if I'm wrong). stavros is describing the way things ought to be.
That article does not mention harvesting data from drivers' phones and selling it without consent.
"we just allowed Car Manufactures (sic) to pump as much contact data and location data as they can off your phones and sell it to whomever they'd like"
Is there any evidence anywhere of what you stated as fact?
No app gets special treatment for any of the user-grantable permissions like location, Bluetooth, local network access, contacts, photos...
What makes this any different? It really seems more like an oversight than a conscious decision, similarly to how (I believe) both iOS and Android have retroactively had to bucket some of the Bluetooth LE permissions into "location", since that's what you can effectively do with them.
What’s your basis for saying that Apple doesn’t provide special treatment to apps? I’ve directly experienced both of their special and their non public (phone calls only, refusal to communicate over email) processes.
I’m not claiming that at all in general, but I do believe it’s true when it comes to user-grantable permissions. Or do you have evidence to the contrary?
Most entitlements though trigger a privacy prompt to allow the user to disable the functionality. Without writing a test app, I don't know that this is the case with this entitlement.
Keep in mind that in a corporate context, not asking the user for permission or explaining what/why you are doing something is the (sociopathic imo, but nevertheless) norm. To the degree you do disclose something like that it is inevitably hidden away or obfuscated by being put somewhere in the UX that no one ever really goes.
Like seriously. I had the argument before;
Architect: we're going to fingerprint users.
Me: are you going to disclose that?
Architect: Of course not.
Me: It's their device. You should ask.
Architect: That defeats the point.
Me: You either don't understand property rights, or clearly have issues with the concept of consent.
The entire IT space has been decades of building while eliding the fact these experiences are fundamentally being driven on someone else's hardware.
How does that apply to thise case though? Asking for permissions on iOS is the norm and many apps include a message indicating what and why they are about to request something non-obvious before sending the request and triggering the popup.
Yes, I get that...I just meant his whole spiel about "not asking for permission being the norm". In the context of iOS permissions not asking is the exception.
More trying to enlighten the not yet enlightened to be on the look out for said behavior if they weren't already looking out for it. Also, with things like iOS entitlements, their entire purpose is to act as a permissions based contract. Where what I'm talking about comes into play is dropping in functionality that can be called if you know about it, but not making any attempts to advertise that you can.
Maybe not relevant in this particular case, but again, was more intended in the sense of a BOLO.
But if Facebook/Instagram/Messenger (or Alipay / WeChat as mentioned in the article) has this entitlement and does fishy stuff, I guess this can actually be a large privacy issue?
Does Apple do any analysis of entitlement usage and withdraw them when abused? A similar thing I remember is the Facebook VPN "scandal" where I think Apple withdrew the Facebook enterprise signing certificate?
Spyware can be hidden in every piece of closed software, hardware, firmware with access to communications, so unless someone makes a 100% open device, from the first bit to the last screw, there's no 100% guarantee to be free from spyware.
> FYI, that API requires entitlements to be used, which are only available if you request them from Apple and justify their use. It's not a general-purpose API any app can use.
Well as long as it is just Apple that is deciding who can track me without my permission then that's okay I totally trust my corporate overlords for the wise and great Apple is incorruptible and without fault.
Lately I've witnessed a number of apps asking for Local Network permission ("Foo would like to find and connect to devices on your local network") when they have no business doing so in any possible way that I can think of.
Chrome Cast. There is no OS-level service for it to introspect the network looking for screens to cast to, so each app has to drop in a SDK - which then has to have permission to search the local network looking for screens.
This was improved in recent iOS, but I never count on Google updating their SDKs to take advantage of iOS features on any sort of schedule. Even when they do, it will require third party apps to individually update as well.
That’s almost worse that it’s kind of a side door to the users rights. That’s generally only available to groups with the resources or know how to get it.
I thought users were prompted to give permission for this already? I get asked if I want to give “local network” access to apps sometimes (- lot these days actually) which I take to mean the ability to see local WiFi hotspots. I almost always deny this (and after reading this just turned it off for Spotify). I think the dialog that asks for permission could be improved, though, as most people don’t realize this can be used to deduce their location.
As a developer, the annoying thing about the "Local Network" permission is that:
1) It's poorly implemented. Unlike other permissions, there's no way to explicitly trigger the prompt. It just pops up at Apple's discretion. There's no way to give it a "soft landing" for cases where it's necessary for core app features. And there's no way to check if the permission has been granted or not.
2) More importantly: Apple's own apps don't trigger this warning, which makes the playing field unfair. AirPlay etc. work seamlessly, whereas any competitor's tech doesn't. And as a developer, since you can't tell if this permission has been granted or not, you're left with a poor user experience.
I'm particularly fed up of (2). If Apple is going to introduce restrictions, they need to apply to their own apps as well. AirPlay and AirDrop need to each ask for Bluetooth and local network access. The Photos app needs to trigger the "Select photos, Allow All, Deny" prompt on launch. The Camera app shouldn't be able to write to the photo library without triggering the same prompt too.
That gives them an incentive to design the user experience around these restrictions well, and maybe be more creative with how to solve for this too rather than confusing dialogs.
Currently they have a disincentive to design this stuff well. Any iOS developer that's had to work with these APIs knows that they are designed absolutely awfully with arbitrary and unexpected limitations.
Not sure if this is what you mean, but there could be multiple apps installed that write to the device photo library. You may not want the developer of one camera app to be able to access all photos on the device.
But this raises a related point about how frustrating Apple's APIs are here: When an app is granted the "Write to photo library" permission by the user, it can only write. It can't read back what it's written, ever. You might expect that writing to the library might return a token that can be used to read that photo back. Nope.
Android, for all its faults, does a much better job here. The OS keeps track of the app that wrote the photo -- and that app can read that photo indefinitely, unless another app edits that photo (and thus becomes the owner). A much better design.
On iOS, to read back photos from the library, you have to ask for the "All photos" read permission, which few people will grant you. "Why does my camera want to read all the photos on my device?! Deny!".
And just like that, you can't compete with the built-in camera which shows thumbnails of recently taken photos and allows you to swipe through them.
Apple has no incentive to fix this either, because their own apps bypass this permission system.
No argument from me but regarding workarounds for (1), accessing ProcessInfo.processInfo.hostName has been a reliable pop-up trigger for me for a long time. Eskimo also offers some (esoteric) suggestions for how to notice if your network operation has been denied due to lack of permission: https://developer.apple.com/forums/thread/663852
I don't believe it is necessary for airplay, but probably is for Chromecast, Sonos, and many devices to establish ad-hoc connectivity for setup and operation.
I take this popup to mean that they want to fingerprint and locate my home network or backdoor it somehow. I ALWAYS deny this access unless the app specifically requires it, and that is rare.
WiFi based geolocationing should be a well known privacy threat by now. The popup should really communicate that better and provide tighter controls.
In my experience, it is. My podcast app of choice doesn’t have that permission (I don’t even think it asked for it), but it has the ability to bring up the system audio output selector widget and do AirPlay.
If anything, I usually see this for apps that want to do playback via Chromecast/Miracast. The well-behaved apps wait until the user interacts with Chromecast output, the iffier ones ask on first launch.
AVRouting in iOS 16 allows for a Media Device Discovery Extensions, which allows for a proper ChromeCast or similar app to provide media streaming in the same interface as AirPlay.
So far there doesn't seem to be any traction by Google to migrate to this.
Thanks. The docs confirm that an entitlement is required to call this API — still does not make clear to me whether the presence of the entitlement brings up a prompt allowing the user to deny the use of the API.
Which popular apps use that? Is it possible to check this?
Like most here, I don’t have Wechat or Alipay installed. But I’m interested in e.g. Instagram, Facebook, Whatsapp, Twitter, Tiktok, Snapchat, Chrome, Firefox, Photoshop, Lightroom, etc.
This only covers what data apps store/collect. An app can have a clean 'Privacy' disclaimer ("The developer does not collect any data from this app") but still require access to Photos, Camera, Location, etc.
This is possible and relatively easy for Apple to do: for most (if not all) permissions, a declaration that you intend to ask for permission is required in the app's Info.plist manifest file.
When permission is requested and you've forgotten to declare that your app asks for it, the permission will be immediately denied without prompting the user.
Can we talk about the fact iOS/macOS turns on the Wifi and Bluetooth radios after each system update? Almost as if the devices were made deliberately to maximize spying, contrary to the marketing lullabies.
Hanlon's razor: Apple is just lazy and defaults all these things to on, rather than keeping tract of the settings since they are used or needed by 99% of people. Apple loves its Bluetooth keyboards and mice, after all.
I don't think so. Apple likes to collect data as much as anyone else, they're just better at hiding it with euphanisms.
To wit: iOS requires precise location be enabled just to show weather on the home screen; I can't set a static location and just get the weather report for that place.
The whole thing just reeks of willful surveillance anti-patterns.
This is one of the majors problems with completely locked-down platforms. Assurances that the owner of the platform respects your privacy and prevents others from violating it are really just a pinky promise.
I think the perspective can be incorrect. No one expects Apple to get it perfect. Computing platforms are legitimately hard to secure, especially when you’re talking about privacy which is a lot more amorphously defined culturally vs typical CS security which is defined as subverting technical access controls.
The key question is whether Apple will play a curator role in trying to reign in the ecosystem. They have in the past (eg Uber was doing shady shit and there was a game of chicken to get them to stop). Of course Alipay and WeChat may be harder especially how Apple China is such a huge market for Apple and critical to their success now. It’ll be interesting to see how Apple adjusts to this over the next few years.
Open platforms also have this problem and also operate on pinky promises (perhaps even worse) so I’m not sure the point you’re trying to make unless it’s that “well if this problem isn’t solved I’d rather have an open platform”. The problem with that argument is that there are many issues and this is only one failure case which may be addressed in the future whereas open platforms have this one and many more that are unadressed.
Can you clarify with examples/technical description how an open platform will be able to review & fix privacy/security issues like this more easily/faster? As far as I know this wouldn't be news on Android because such permissions are granted as a matter of course without review. Keep in mind that most people use the Google or Samsung stores which aren't open platforms for verifying permissions aren't misused.
For what it's worth spyware/malware consistently seems to target Android more than iOS [1]. To be fair Android has more units, but that's just one axis - iOS users should be more valuable to exploit because they're usually in a different socioeconomic bracket. Another data point is that Android developers get paid anywhere from $2k to $20k to add malware to their Google Play store app [2] - I can't find any articles similar for iOS so would be interesting to compare the marketplaces if anyone knows it for iOS.
We've heard complaints that this title is overstated, and I'd be happy to replace it with a better (i.e. more accurate and neutral) one, if anyone has a suggestion?
It’s worth noting that use of NEHotspotHelper requires a special entitlement (com.apple.developer.networking.HotspotHelper) that you have to apply for, and presumably Apple won’t grant unless your app has a legitimate need for it.
That said, this maybe shows an incompatibility between Apple’s privacy strategy and “super-apps” like WeChat and AliPay. When a company shoves all functionality into one app, that app suddenly has all the entitlements, and it’s harder to tell when and how any sensitive data is being used.
The West generally doesn’t develop apps this way. For example, Comcast has a separate “WiFi Hotspots” app. Although LOL, they posted 2 days ago that its functionality is being combined into the main Xfinity app. Maybe the West is catching up.
I love when I launch an app and then get a bevy of requests to access my Camera, my Microphone, my Contacts, etc...
I nope out and if the functionality of the app is trashed, so goes the app....
Google Maps constantly hounding me to turn on precision location services, asking me if I am navigating for a friend and to allow access to my contacts... Wow, no.
IIRC, Non-precise location is cell tower level location or the like, possibly a 12 square mile area. It is also very cheap if the device is already connected to a tower.
Precise location may be from Apple's SSID database or from a GPS system.
Non-precise location may help with getting more appropriate search results but won't help you with turn-by-turn navigation.
Reading the documentation I can't figure it out. It sounds like there are a lot of things that feed into "Precise Location" that go beyond GPS. It could be true though that only cell-tower reckoning is used without "Precise Location". I generally only pull up Google maps on longer road trips that aren't really turn-by-turn, so maybe I have the only use case for a map with weak location services.
You can’t revoke entitlements, entitlements is the term used for developers who indicate that they intend to use a feature.
Users are asked for permissions and those permissions can be revoked.
This entitlement doesn’t correspond with its own unique permission, either it works without permission from the user or it might be bundled into Local Network or Location Permissions.
I had the first iPhone up to the 3GS. It didn't feel that way then. Now there are continuous software updates that keep changing arbitrary and invisible policies.
> I had the first iPhone up to the 3GS. It didn't feel that way then.
The history of smartphones is control being tightened further and further over time. With the phones you had, apps could track your location lots of different ways, and over time those data leaks are being bricked shut. Everything is moving in the direction from "Apps can do whatever they feel like" to "Apple controls what apps can do" to "The user controls what apps can do".
This specific leak seems like it's stuck in the "Apple controls what apps can do" stage, so hopefully this post will help get it moving again.
You’re just more aware of it now. The privacy controls are MUCH tighter now than they were in that era.
If you’re a software developer, you must understand that the user cannot actually understand what any code is doing. Even if you’re using open source, it’s an illusion to think you know what it’s doing. Heck, even the developer doesn’t know what it’s doing a lot of the time (how long does it take to figure out what’s happening with a tricky bug?).
So yes, Apple’s policies do mediate what a developer can do on behalf of the user. That’s how it works.
It might surprise you but a lot of people want that and buy apple specifically because of that. I would even go so far as to say it is a major competitive advantage.
Not anymore you can't. Sometime before 2020 apple, and also google, started treating BLE scanning as an operation needing location permissions. (I had to deal with this transition while submitting an iOS app that connected to a BLE device which actually had a GPS module in it)
As of now, I still have to turn on location on my android phone to connect to some BLE devices.
SSID / BSSID is often enough to pinpoint the location. Recently someone debated this with me, so I asked him what his wifi AP name was, then proceeded to provide their home address.
This three class developer system on iOS is ridiculous.
There's the normal developer who can do little more on iOS that you couldn't also do with a web app.
There's the "blessed" developer with special entitlements that lets them violate the privacy of their users in new and fun ways and also provide features nobody else can so the normal developers can't compete with their app.
And then there's Apple and for their apps, the restrictions everyone else has to deal with are little more than suggestions. Wouldn't want third party apps to compete with Apple's on their own platform.
If there's a legitimate use for these entitlements, everyone should be able to use them. And the ultimate choice for what an App should and shouldn't be able to do should be in the users' hands.
But Apple needs to protect their shareholders from this horrid vision of the future.
That's a different permission. My understanding is it is not necessary to read WiFi details, which just needs an entitlement from Apple and no user prompt.
Could you please not post unsubstantive comments and/or flamebait? It's not what this site is for, and you can make your substantive points without it.
"Get a list of visible SSIDs" is exactly how phones derive your location. There's little distinction between seeing SSIDs and seeing GPS coordinates for 99.9% of the population.
Can you please make your substantive points without swipes? (like "Back in the real world", "you are exaggerating", "no you're fantasizing" - https://news.ycombinator.com/item?id=38710396, and so on). This kind of thing is against HN's rules and also spoils the substantive points you're trying to make. If you'd make your substantive points thoughtfully instead, we'd appreciate it.
If you really want ‘intellectual curiosity’ and ‘discussion’ you will have to change your and your colleagues stance on using the voting system as disagree buttons and enforce it, and stop the part where people are blocked if they disagree with the mob, because everyone is pressing the disagree button (and some people the ‘super disagree’ flag button).
Of course the way you run the site is up to you but if you do not change it you will get to enjoy a boring agreefest with only hivemind opinions, endless fistbumping around rehashed ideas.
And fine if you have opinions on how I word my thoughts, but there’s also the other side of others calling disagreeing trolling and implying that you think something doesn’t work as well as they think it does means you’re too stupid to understand it. Action leads to reaction and fairness demands that calling me out means you also have to call out the other side. The other side that downdisagreed my original post, which you can’t argue is inflammatory, so far that it gets hidden and I get blocked from responding. While it is a valid point, and it ultimately gets agreed to 1 again. I don’t care about the points but you can’t have a discussion if you can’t respond to people.
Not an exaggeration—Apple’s primary “location services” API, used on iOS/macOS, is just a lookup table for wireless APs’ MAC addresses. [1]
WiFi scanning is much less power intensive than GPS, much more reliable indoors, and often (in dense areas) more accurate even outdoors. iirc the iPhone only connects to “real” GPS in specific situations, such as when visible wifi signals are insufficient (e.g. highway driving).
In 2012 or so I was able to do turn by turn navigation pretty reliably on an ipod touch that did not have any gps capabilities. I think you'll find coarse location is a little more specific than you give it credit for.
Visibility of multiple networks can be used to refine the position.
GPS takes time to acquire and isn't always available indoors. SSID method is quicker, and it's most likely the method your phone uses to get the position first.
As you say, it’s a method to get a coarse location and then refined using GPS which by the way does not really take time to acquire once you have downloaded the almanac and have the coarse location.
So this ‘allows applications to track location’ actually allows applications to track coarse location which then does not allow them to refine using GPS.
I built a small ap on an ESP (where SSID scanning is bread and butter). It would track my location to within a few yards. The down side is it needs multiple SSIDs to do that, so not so useful outside an urban environment.
It’s the same thing. Listing visible SSIDs and comparing them to very comprehensive databases is the whole way precise geolocation works in many devices, like MacBooks. I think even phone navigation has GPS much less precise than you see on screen, and the extra precision is gained with this technique. Making this technique really work is a large part of the reason Google drove or walked every street in the world with their recording gig.
That doesn’t mean seeing an SSID means you are at exactly that location.
If you are in a city you see 50 SSIDs at any given moment. Are you at those 50 locations at the same time? No. Is there a way to triangulate where you are exactly? No, its unreliable and not an exact science.
case study in the power of word choice, this “headline” reads “Apple allows SOME iOS apps to track"... but the actual article to which this page links does not include the word "some", making (imo) Yingyu's article seem to indicate a much more nefarious situation.
Wait until people learn about Google sidewalk if they think this is bad.
It is fundamentally intrinsic to the technology of most digital technology that: 1) their very data-driven nature leads to information gathering, and 2) the colossal and inherently inexhaustible recurring revenues in that data collection will always pull organizations and their leadership towards data collection at scale.
The only conceivable framework for preventing information collection is to attach data privacy to the individual as an human right. Even “opting out” as an intrinsic default won’t be enough, though it is regulators’ and industries’ favorite kick-the-can strategy.
Otherwise it’s just a question of time, as the incentive for profit is overwhelmingly attractive to companies, regulators and markets.
Apple, for all the talk of privacy, cannot maintain the fiction of privacy while simulaneously answering to shareholders with a scale advertising business or really any advertising business of any revenue importance at all. Their promise of privacy for users died spiritually if not practically the moment they decided to dramatically expand their ad business, as it shifted the company from serving users as their customer with devices to making those same users the product to be sold.
So this kind of thing is inherent and will continue to emerge from Apple. The opt-in, limited nature of who is allowed access matters very little. Just follow the incentives to understand corporate behavior.
>Credit: This article was written with the assistance of ChatGPT for the purpose of refining my English writing.
I appreciated this disclosure. The English was still a bit clunky - but it was a great use of the technology to open up the article to a wider audience. It felt sincere to me.
Whenever location data collection comes up, I always think about that Seinfeld episode where Kramer is receiving misdialed MovieFone calls -- at first he just talks to the person and reads the movie times out of the newspaper. Very helpful.
Eventually, he starts emulating the phone menus, asking the caller "Using your touch-tone keypad, please enter the first three letters of the movie title, now."
When this doesn't work, he blurts out "Why don't you just tell me the movie you want to see???"
Why in the holy hell do app developers who are trying to provide some kind of location-specific data not just ASK YOU WHERE YOU ARE? "I'm in Los Angeles" would suffice 99% of the time. If you go to Idaho, and care enough, change your location in that app -- now you get local bulletins about russet potatoes instead of encampment fires.
This is a rhetorical question, no need to answer it, just screaming into the void.
I know you said not to answer, but for everyone else, apps can already do this using the OS's native permission controls, as of iOS 13 with the "Allow Once" option and as of Android 11 with the "Only this time" option.
Since Android 12, there is the option to choose between providing "precise" and "approximate" location data to an app. I have found it quite nice, even if it sometimes breaks a random app if a developer hasn't planned to use it.
It'd make for a useful additional option, as long as the app doesn't know it's happening. There are already ways to spoof GPS location, as many pokemon go players know.
iOS already has an option to give a very loose fix to an app.
Not that I think I can trust the phone actually disabled the GPS, but there is no reason my movements need to be tracked and recorded in detail. Make them go through the effort and pull up all the cellphone towers I ping.
Day to day, there is a very good chance I am still in my home city as first configured.
That's your choice! But suggesting everyone operate on a substantially less convenient basis due to your specific desires for privacy seems... selfish.
But suggesting everyone operate on a substantially less privacy due to your specific desires for convenience seems... selfish. Not to mention, immoral - don't we all have a fundamental right to privacy?
A happy medium would be if as part of the location-granting prompt, you could tell the OS "just give a city-level fix— this app doesn't need to know exactly where I am".
Not every app -- but I feel like different apps demand different techniques, and tend to descend the gradient from most-intrusive to least in terms of permissions. That said, I'm not a privacy freak; I have no personal qualms about approving location services for a lot of apps. Go nuts, I don't care.
For instance, mapping or Waze needs your current GPS coordinate at all times. This doesn't bother me because I'm being tracked myriad other ways, even if I don't give permission -- cameras in every gas station and store, license-plate-reading cameras on police cars and traffic lights, StarLink in my Subaru, the SSID technique described in OP blog, credit card transactions at the pump, GPS coordinates from a passenger who did grant permissions (and we happen to be Instagram friends, so we're forever connected), an AirTag hidden in my gas tank, on and on and on.
It might seem like overreach for a paranoid person to need to grant location services to Papa Johns to order pizza, but that app may have legitimate reasons: expedited discovery of the nearest brick-and-mortar, realtime delivery tracking, order-abuse prevention or prediction (why are you placing orders repeatedly to locations all over the country, even if they're prepaid?), unwanted, craven marketing, backend revenue streams selling your data to Satan, etc.
Other types of apps, like Nextdoor or Tinder, don't actually need your exact location. They need to know generally where you are, but having precise coordinates isn't in the best interest of the user (see recent Feeld disaster where exact locations were prominently displayed on profiles [0]). On top of that, Nextdoor revolves around the neighborhood you live in; if you're traveling, it shouldn't update the feed based on your current location, nor let you join neighborhoods you're visiting in a transient manner just because of a GPS coordinate.
Then, consider that native-OS permissions popups are obtuse at best; many people simply want to have some tactile understanding of their choices.
My 70 year old father could understand if an app asks "Hey, generally where are you located? I'll send you coupons" and he can reply "XYZ, State" once, and that's the end of that. A boilerplate permissions modal that doesn't explain the difference between precise and approximate location, while simultaneously not visually showing what "approximate" even means (is it a loose radius centered on your precise location? how loose exactly? or is it a tile on a fixed grid? is it the entire city? etc) to him is no different than just constantly polling GPS+SSID in the background. "THEY know where I'm at!"
What I'm really getting at is most app permissions have terrible UX/UI, and operate opaquely.
It is not at all clear what you're sharing and with whom, and they tend to have three options: 0%, 1% and 100% (no access, access to one photo at a time when you choose, or access to every photo on your device; no location, give your location once and never be able to view what you submitted or update it, or precise location at all times, etc).
What if I only want to receive a specific segment of a brand's communications? (ex. let me know about upcoming events, but I'm not interested in new merch). Any bozo can implement that for an app that's willing to actively categorize their communications, but most have no interest in taking on the responsibility.
It's just a shame that users and user experience are rarely considered when designing most apps and websites. Corners are cut by design, liability is aggressively and intentionally limited from the top down, and decisions are made for structural and financial reasons at the expense of the humans wasting their time or money using any given app, when it could be so much better (with less effort!)
If you care about this, the best thing you can do to get Apple’s attention is to fill out the form at this site: https://www.apple.com/contact/feedback/ and select “product feedback.”
Doing so was instrumental to persuading Apple a few years ago to add an option “allow only once” when apps asked for permission to access the user’s current location.
TL;DR: Apps can access the nearby Wi-Fi hotspot SSID and MAC addresses through an API that is intended to help with connecting to hotspots. Then they can use this info to look-up in databases that collect SSIDs based on their locations.
Seems like a valid concern, though the author's writing style can be off putting since has a tone with an agenda.
However, AFAIK apps need to declare the use of this API and have a good reason for it(you fill up a form explaining why you need it and Apple has to agree to grant you the privilege). So, most likely your flashlight app is not tracking you.
I'm sorry you don't like it but that's the truth, the author left out crucial details to make it juicier.
i wouldn't be worried about my flashlight app tracking me, i'd be worried about the large players who probably GET the use of this API, google facebook etc etc.
As I said, it's a valid concern. However the author forget the mention that you need to apply and get approved to use this API. I find it dishonest and alarmist.
> However the author forget the mention that you need to apply and get approved to use this API.
And? How is this any better? e.g. if I'm a dissident/etc. in China I would be much concerned about government affiliated large corporations being able to track my location than some random private developer (not that this specific API really matters that much if you're using those apps anyway).
> I find it dishonest and alarmist.
I find it a magnitude or two less dishonest than Apple (a company supposedly focused on user private) not informing their users that this is happening and directly requesting their consent.
Your government can track you all the time you have your phone with you, they have authority over the infrastructure. They can also make device manufacturer to track you for them, later you will be a single digit increase in their transparency stats.
If you don't want the government track you, you will have to do much better than using mainstream consumer devices. Apple is not your spycraft supplier.
You would also have to not use a phone in general, since your carrier always knows where you are, by the nature of how cellular networks work. Your phone has a unique hardware identifier that is linked to your identity, and every tower knows which phones pinged it recently. Two towers are two points in a triangle, and you're the third.
Carriers constantly perform triangulation and keep records of phones' coordinates, which of course can be subpoenaed, and may be available more freely to government agencies, depending on how much abusive surveillance your local government does. Carriers have also sold this information to data brokers in the past.
I would absolutely be concerned about a flashlight app doing all the nefarious things. A flashlight app? Today? Still? Really? It's one of those apps that's absolutely useless since the OS provides this feature natively now. It is absolutely the type of app I would assume has no reason other than harvesting data.
You're conflating "utility to user" with "utility to developer". A flashlight app has no utility to the user, it doesn't really matter to me that it's useful to its developer (for collecting my personal data).
Except that there are data collection SDK companies where you can get paid as a developer in exchange for installing an SDK that will send customer data to the company. It's one way to monetize an app a little bit more.
Sure, entitlements need approval from Apple. But clearly, apps are able to get it for undisclosed reasons and use it for tracking. Obviously, this goes against Apple’s guidelines and should be dealt with swiftly, especially now that it is public knowledge.
> TL:DR; Apps can access the nearby Wi-Fi hotspot SSID and MAC addresses through an API that is intended to help with connecting to hotspots. Then they can use this info to look-up in databases that collect SSIDs based on their locations.
This is the whole story. Thank you for writing it, and sorry that you're getting downvoted for it.
> I'm sorry you don't like it but that's the truth, the author left out crucial details to make it juicier
I wish there was a way to know when people had downvoted with "this is true but I don't like that it's true".
That's the only thing about getting downvoted here that irritates me -- I rarely know why people are downvoting. Sometimes I can infer why, but most often it's just a complete mystery.
Knowing why the downvotes are happening could be a useful signal to help me improve commenting in the future. Not knowing why just makes the downvotes informationless noise.
I did not downvote you, but I did react a bit negatively to the comment about the language (we know it is chatgpt, at least in part) of the article. I was curious about the prompting, so I used a regular translator to get a feel of the original article, and I feel the original language seem OK (if my translators are half decent). I also reacted negatively to the last sentence in your comment, because to me, it felt like a truth-declaration based on an assumption (the author deliberately did not include...) - however, after translating the original and not being able to find anything about it there, either, I agree your assumption might very well be the truth, but this would still be intention-guessing, and that put me off a tiny bit. (if you read Chinese, all this would be an unfair assumption from my part, and I apologise :)
I would never downwote for such things, personally. I found your TL:DR to be good (including more information as well as replaying the mains of the article is great value, thank you!) to care about small stuff mentioned above. But you seemed to want to understand why some have downvoted, and as I got a bit of negative reaction from the parts mentioned, I thought I could explain my feelings for them, in the hopes this might actually be useful for you.
Whether the user is aware and opt _in_ is the issue, right? But all of the network signals that are triggered by web applications, phone apps, OS, isn't it almost always possible to get SOME information about a user's geo location?
There's a theory that Silk Road's Ross Ulbricht leaked his location via a Captcha on a website, despite actively covering his tracks.
I think Bitcoin's Satoshi is/was an Australian bloke living in Japan because of his wording + timestamp on posts.
I was able to send a friend a little hello message via a Facebook ad by hyper targeting them (before fb disallowed that), which also confirmed their location.
How is it any different than an app that makes an request to their services API, thereby getting IP address which in itself can be used to get location information?
There is always a vector for abuse, and I think Apple has taken large steps to reduce that. I find this story a bit of a non-event.
IP gives you a rough location (like which city at best), SSID/BSSID can give you street/building level accuracy if it's in a database like https://wigle.net
Considering the scale of these apps, I'm guessing they have internal wifi<->location databases with fairly great accuracy.
Wi-Fi positioning is usually accurate within a few meters; my IP is frequently on the other side of the globe (when using a VPN or just roaming globally).
> NEHotspotHelper allows your app to participate in the process of authenticating with hotspot networks, that is, Wi-Fi networks where the user must interact with the network to gain access to the wider Internet.
> NEHotspotHelper is only useful for hotspot integration. There are both technical and business restrictions that prevent it from being used for other tasks, such as accessory integration or Wi-Fi based location. Before using NEHotspotHelper, you must first be granted a special entitlement (com.apple.developer.networking.HotspotHelper) by Apple.
Which makes sense, but then why exactly are apps like WeChat and Alipay granted this entitlement?