by Talal Haj Bakry and Tommy Mysk If you enjoyed this work, you can support us by checking out our apps: tl;dr Starting May 1, 2024, Apple requires developers to declare reasons if their apps use APIs that can potentially be misused to collect unique device signals. These unique signals enable abusers to derive a device identifier …
Continue reading “Does Apple’s Required Reason API Thwart Device Fingerprinting?”
By Talal Haj Bakry and Tommy Mysk If you enjoyed this work, you can support us by checking out our apps: tl;dr Apple has introduced a new URI scheme in iOS 17.4 to allow EU users to download and install alternative marketplace apps from websites. Once an authorized browser invokes the special URI scheme marketplace-kit, it hands …
Continue reading “Safari Flaw Can Expose iPhone Users in the EU to Tracking”
By Talal Haj Bakry and Tommy Mysk If you enjoyed this work, you can support us by checking out our apps: tl;dr With Tesla’s current design, if an attacker has the email and password of a victim’s Tesla account, they can drive away with the victim’s Tesla, even if two-factor authentication is enabled. Tesla Product Security team …
Continue reading “Can a Tesla Stop Phishing and Social Engineering Attacks?”
By Tommy Mysk UPDATE (September 2, 2022): Added new remarks about Android 13 and comparison between Brave, Chrome, DuckDuckGo, Edge, and Firefox (Android) UPDATE (September 1, 2022): Facebook fixed the iOS app. Now it stops monitoring the accelerometer. For the feature of “shake the phone to report a problem,” it is subscribing to an iOS …
Continue reading “iPhone Apps Can Tell Many Things About You Through the Accelerometer”
tl;dr Block Contacts is a new feature in Tinder that lets users avoid certain people on the app, even if they hadn’t matched. Using this feature, a user can share with Tinder the contact information of whoever they would like to block. Tinder will then use this information to prevent blocked contacts from seeing each …
Continue reading “Exploring Tinder’s new Block Contacts Feature”
By Talal Haj Bakry and Tommy Mysk If you enjoyed this work, you can support us by checking out our apps: Ctrl – The best presentation companion for your Apple Watch Canvas – Draw Together, Wirelessly! tl;dr Facebook has recently stopped generating link previews in Messenger and Instagram for users in Europe to comply with Europe’s ePrivacy …
Continue reading “Facebook and Instagram No Longer Generate Link Previews… Only In Europe”
By Talal Haj Bakry and Tommy Mysk UPDATE (February 5, 2021): Facebook disabled link previews in Europe as the feature doesn’t comply with the regulations in Europe. Facebook Messenger and Instagram will no longer display link previews in chats for users in Europe. If you enjoyed this work, you can support us by checking out our apps: …
Continue reading “Link Previews: How a Simple Feature Can Have Privacy and Security Risks”
By Talal Haj Bakry and Tommy Mysk UPDATE (MAY 5, 2020): TikTok rolled updates for iOS and Android in May that fixed this vulnerability. If you enjoyed this work, you can support us by checking out our apps: Ctrl – The best presentation companion for your Apple Watch Canvas – Draw Together, Wirelessly! Videos Video manipulation of …
Continue reading “TikTok Vulnerability Enables Hackers to Show Users Fake Videos”
By Talal Haj Bakry and Tommy Mysk UPDATE (AUGUST 16, 2020): More apps crossed out * UPDATE (JUNE 30, 2020): The list of apps in the original report from March 2020 is NOT an exhaustive list. We examined a sample of popular apps, and listed the ones that exhibited the behavior of excessive clipboard access. Many apps have …
Continue reading “Popular iPhone and iPad Apps Snooping on the Pasteboard”
By Talal Haj Bakry and Tommy Mysk UPDATE (JUNE 22, 2020): Apple addressed this vulnerability in iOS 14 and iPadOS 14 by showing a notification every time an app reads the clipboard. Disclaimer: We submitted this article and source code to Apple on January 2, 2020. After analyzing the submission, Apple informed us that they don’t …
Continue reading “Precise Location Information Leaking Through System Pasteboard”