> NEHotspotHelper allows your app to participate in the process of authenticating with hotspot networks, that is, Wi-Fi networks where the user must interact with the network to gain access to the wider Internet.
> NEHotspotHelper is only useful for hotspot integration. There are both technical and business restrictions that prevent it from being used for other tasks, such as accessory integration or Wi-Fi based location. Before using NEHotspotHelper, you must first be granted a special entitlement (com.apple.developer.networking.HotspotHelper) by Apple.
Which makes sense, but then why exactly are apps like WeChat and Alipay granted this entitlement?
I always find it funny when people boast about how great certain things are in the US without ever have traveled to HK, Singapore, Tokyo, Beijing etc...
Most people dont realize just how entangled mobile life is in Asia, way more than in the US.
VPN apps also seem to use it: https://github.com/pia-foss/mobile-ios/blob/4618b55161ec5b8b...
1. application is using CoreLocation API and has user's authorization to access precise location. [This seems harmless – the app already gets the precise location anyway here.]
2. application has used NEHotspotConfiguration API to configure the current Wi-Fi network. [This seems to be the scope of the article!]
3. application has active VPN configurations installed. [This one is quite surprising to me!]
4. application has active NEDNSSettingsManager configuration installed. [No idea what this is exactly, but it seems similar to the VPN one.]
Many phone manufacturers even automatically grant certain permissions when these apps are installed (the list is sometimes hard-coded into the system), since there are people who do not understand what is "permission", and they blame the phone manufacturer for not being able to use WeChat/Alipay.
I am not sure how it works in practice.
Yes, these are “super-apps” and Wi-Fi hotspot services are probably part of their offerings, but that’s just more reason this should be a user-grantable permission like “local network access”. If I don’t care for the hotspot feature, I don’t want the app to have that capability.
Ex: all the stuff FB has been caught doing over the years
My understanding (no first hand experience) is that WeChat and Alipay are basically required in China. If a phone doesn’t have them, it’s worthless and won’t sell.
So naturally they too can do nonsense that would get the rest of us booted to space.
I think it should ask the user's permission.
Like seriously. I had the argument before;
Architect: we're going to fingerprint users. Me: are you going to disclose that? Architect: Of course not. Me: It's their device. You should ask. Architect: That defeats the point. Me: You either don't understand property rights, or clearly have issues with the concept of consent.
The entire IT space has been decades of building while eliding the fact these experiences are fundamentally being driven on someone else's hardware.
But that's just the world we live in I suppose.
Does Apple do any analysis of entitlement usage and withdraw them when abused? A similar thing I remember is the Facebook VPN "scandal" where I think Apple withdrew the Facebook enterprise signing certificate?
So only the big apps can spy on you? The poster is Chinese so he cares about those 2, but how about facebook and google?
Well as long as it is just Apple that is deciding who can track me without my permission then that's okay I totally trust my corporate overlords for the wise and great Apple is incorruptible and without fault.
Lately I've witnessed a number of apps asking for Local Network permission ("Foo would like to find and connect to devices on your local network") when they have no business doing so in any possible way that I can think of.
This was improved in recent iOS, but I never count on Google updating their SDKs to take advantage of iOS features on any sort of schedule. Even when they do, it will require third party apps to individually update as well.
I understand it’s not ubiquitous.
1) It's poorly implemented. Unlike other permissions, there's no way to explicitly trigger the prompt. It just pops up at Apple's discretion. There's no way to give it a "soft landing" for cases where it's necessary for core app features. And there's no way to check if the permission has been granted or not.
2) More importantly: Apple's own apps don't trigger this warning, which makes the playing field unfair. AirPlay etc. work seamlessly, whereas any competitor's tech doesn't. And as a developer, since you can't tell if this permission has been granted or not, you're left with a poor user experience.
I'm particularly fed up of (2). If Apple is going to introduce restrictions, they need to apply to their own apps as well. AirPlay and AirDrop need to each ask for Bluetooth and local network access. The Photos app needs to trigger the "Select photos, Allow All, Deny" prompt on launch. The Camera app shouldn't be able to write to the photo library without triggering the same prompt too.
That gives them an incentive to design the user experience around these restrictions well, and maybe be more creative with how to solve for this too rather than confusing dialogs.
Currently they have a disincentive to design this stuff well. Any iOS developer that's had to work with these APIs knows that they are designed absolutely awfully with arbitrary and unexpected limitations.
Edit: AirPlay does not require this permission.
I take this popup to mean that they want to fingerprint and locate my home network or backdoor it somehow. I ALWAYS deny this access unless the app specifically requires it, and that is rare.
WiFi based geolocationing should be a well known privacy threat by now. The popup should really communicate that better and provide tighter controls.
So far there doesn't seem to be any traction by Google to migrate to this.
Iirc Android has always asked for location to enable Bluetooth, I wonder if there are similar apis there?
Like most here, I don’t have Wechat or Alipay installed. But I’m interested in e.g. Instagram, Facebook, Whatsapp, Twitter, Tiktok, Snapchat, Chrome, Firefox, Photoshop, Lightroom, etc.
I shouldn’t have to download and install the app just to see what kind of behaviors it is going to attempt.
The app stores know this information and it would be trivially easy to present it in the details of the app prior to down loading.
Beyond what Apple already does? https://imgur.com/a/ouEqiGG
To wit: iOS requires precise location be enabled just to show weather on the home screen; I can't set a static location and just get the weather report for that place.
The whole thing just reeks of willful surveillance anti-patterns.
The key question is whether Apple will play a curator role in trying to reign in the ecosystem. They have in the past (eg Uber was doing shady shit and there was a game of chicken to get them to stop). Of course Alipay and WeChat may be harder especially how Apple China is such a huge market for Apple and critical to their success now. It’ll be interesting to see how Apple adjusts to this over the next few years.
Open platforms also have this problem and also operate on pinky promises (perhaps even worse) so I’m not sure the point you’re trying to make unless it’s that “well if this problem isn’t solved I’d rather have an open platform”. The problem with that argument is that there are many issues and this is only one failure case which may be addressed in the future whereas open platforms have this one and many more that are unadressed.
I think that best describes it? Not sure but I agree the title as-is doesn't really ring true after reading the article.
That said, this maybe shows an incompatibility between Apple’s privacy strategy and “super-apps” like WeChat and AliPay. When a company shoves all functionality into one app, that app suddenly has all the entitlements, and it’s harder to tell when and how any sensitive data is being used.
The West generally doesn’t develop apps this way. For example, Comcast has a separate “WiFi Hotspots” app. Although LOL, they posted 2 days ago that its functionality is being combined into the main Xfinity app. Maybe the West is catching up.
I nope out and if the functionality of the app is trashed, so goes the app....
Google Maps constantly hounding me to turn on precision location services, asking me if I am navigating for a friend and to allow access to my contacts... Wow, no.
Where do you revoke this entitlement on iOS? Settings → Privacy & Security → Local Network? Or is this something else?
Users are asked for permissions and those permissions can be revoked. This entitlement doesn’t correspond with its own unique permission, either it works without permission from the user or it might be bundled into Local Network or Location Permissions.
https://www.theverge.com/2023/7/26/23808796/elon-musks-x-eve...
Increasingly clear that Apple is in charge of what happens on your devices not the users themselves.
The only thing of note here is that apple don't want you do know about it, which kind of circles back to aligned interests...
deep links, they go deeper than you think.
ibeacons provide very precise indoor location, think of all the behavioral data a store app can collect.
apple is not really your friend.
seriously, apple should let you
- know what is running
- know what network traffic happens
- control these thigns
- run your own programs
I would love an ios firewall program or non-neutered little snitch
They are checking the environment for stuff that might have known locations, which is different. You can do the same with bluetooth/BLE.
The user must be in control of whether their location is disclosed to an app.
Not anymore you can't. Sometime before 2020 apple, and also google, started treating BLE scanning as an operation needing location permissions. (I had to deal with this transition while submitting an iOS app that connected to a BLE device which actually had a GPS module in it)
As of now, I still have to turn on location on my android phone to connect to some BLE devices.
How? By searching it in https://wigle.net.
That ended the debate quite swiftly.
I never thought about the idea that an app can track when I leave my (most frequently) used WiFi and derive from that I left home.
If there's a legitimate use for these entitlements, everyone should be able to use them. And the ultimate choice for what an App should and shouldn't be able to do should be in the users' hands. But Apple needs to protect their shareholders from this horrid vision of the future.
1) means that Apple does cover this situation and
2) my opinion that the phrasing "Apple allows applications to track user locations without authorization" is contemptible
are both true.
I am trying to understand how TikTok can suggest "people you may know" when I have not shared my contacts, but have sat next to those people recently.
Bluetooth seems the most likely.
This does not solve the entire problem of course, but at least alleviates some of it.
Our company has an app that does geofencing and we’ve had no end of issues getting it to work consistently. This would have been useful.
Seems worse to give your users a false sense of security.
Should be behind a permissions check, but not the end of the world.
https://www.networkworld.com/article/752872/security-apple-o...
Should be behind a permissions check, but not the end of the world.
lol
It is fundamentally intrinsic to the technology of most digital technology that: 1) their very data-driven nature leads to information gathering, and 2) the colossal and inherently inexhaustible recurring revenues in that data collection will always pull organizations and their leadership towards data collection at scale.
The only conceivable framework for preventing information collection is to attach data privacy to the individual as an human right. Even “opting out” as an intrinsic default won’t be enough, though it is regulators’ and industries’ favorite kick-the-can strategy.
Otherwise it’s just a question of time, as the incentive for profit is overwhelmingly attractive to companies, regulators and markets.
Apple, for all the talk of privacy, cannot maintain the fiction of privacy while simulaneously answering to shareholders with a scale advertising business or really any advertising business of any revenue importance at all. Their promise of privacy for users died spiritually if not practically the moment they decided to dramatically expand their ad business, as it shifted the company from serving users as their customer with devices to making those same users the product to be sold.
So this kind of thing is inherent and will continue to emerge from Apple. The opt-in, limited nature of who is allowed access matters very little. Just follow the incentives to understand corporate behavior.
I appreciated this disclosure. The English was still a bit clunky - but it was a great use of the technology to open up the article to a wider audience. It felt sincere to me.
Eventually, he starts emulating the phone menus, asking the caller "Using your touch-tone keypad, please enter the first three letters of the movie title, now."
When this doesn't work, he blurts out "Why don't you just tell me the movie you want to see???"
Why in the holy hell do app developers who are trying to provide some kind of location-specific data not just ASK YOU WHERE YOU ARE? "I'm in Los Angeles" would suffice 99% of the time. If you go to Idaho, and care enough, change your location in that app -- now you get local bulletins about russet potatoes instead of encampment fires.
This is a rhetorical question, no need to answer it, just screaming into the void.
https://www.howtogeek.com/763227/what-are-precise-and-approx...
iOS already has an option to give a very loose fix to an app.
Not that I think I can trust the phone actually disabled the GPS, but there is no reason my movements need to be tracked and recorded in detail. Make them go through the effort and pull up all the cellphone towers I ping.
Day to day, there is a very good chance I am still in my home city as first configured.
For instance, mapping or Waze needs your current GPS coordinate at all times. This doesn't bother me because I'm being tracked myriad other ways, even if I don't give permission -- cameras in every gas station and store, license-plate-reading cameras on police cars and traffic lights, StarLink in my Subaru, the SSID technique described in OP blog, credit card transactions at the pump, GPS coordinates from a passenger who did grant permissions (and we happen to be Instagram friends, so we're forever connected), an AirTag hidden in my gas tank, on and on and on.
It might seem like overreach for a paranoid person to need to grant location services to Papa Johns to order pizza, but that app may have legitimate reasons: expedited discovery of the nearest brick-and-mortar, realtime delivery tracking, order-abuse prevention or prediction (why are you placing orders repeatedly to locations all over the country, even if they're prepaid?), unwanted, craven marketing, backend revenue streams selling your data to Satan, etc.
Other types of apps, like Nextdoor or Tinder, don't actually need your exact location. They need to know generally where you are, but having precise coordinates isn't in the best interest of the user (see recent Feeld disaster where exact locations were prominently displayed on profiles [0]). On top of that, Nextdoor revolves around the neighborhood you live in; if you're traveling, it shouldn't update the feed based on your current location, nor let you join neighborhoods you're visiting in a transient manner just because of a GPS coordinate.
Then, consider that native-OS permissions popups are obtuse at best; many people simply want to have some tactile understanding of their choices.
My 70 year old father could understand if an app asks "Hey, generally where are you located? I'll send you coupons" and he can reply "XYZ, State" once, and that's the end of that. A boilerplate permissions modal that doesn't explain the difference between precise and approximate location, while simultaneously not visually showing what "approximate" even means (is it a loose radius centered on your precise location? how loose exactly? or is it a tile on a fixed grid? is it the entire city? etc) to him is no different than just constantly polling GPS+SSID in the background. "THEY know where I'm at!"
What I'm really getting at is most app permissions have terrible UX/UI, and operate opaquely.
It is not at all clear what you're sharing and with whom, and they tend to have three options: 0%, 1% and 100% (no access, access to one photo at a time when you choose, or access to every photo on your device; no location, give your location once and never be able to view what you submitted or update it, or precise location at all times, etc).
What if I only want to receive a specific segment of a brand's communications? (ex. let me know about upcoming events, but I'm not interested in new merch). Any bozo can implement that for an app that's willing to actively categorize their communications, but most have no interest in taking on the responsibility.
It's just a shame that users and user experience are rarely considered when designing most apps and websites. Corners are cut by design, liability is aggressively and intentionally limited from the top down, and decisions are made for structural and financial reasons at the expense of the humans wasting their time or money using any given app, when it could be so much better (with less effort!)
Doing so was instrumental to persuading Apple a few years ago to add an option “allow only once” when apps asked for permission to access the user’s current location.
Seems like a valid concern, though the author's writing style can be off putting since has a tone with an agenda.
However, AFAIK apps need to declare the use of this API and have a good reason for it(you fill up a form explaining why you need it and Apple has to agree to grant you the privilege). So, most likely your flashlight app is not tracking you.
I'm sorry you don't like it but that's the truth, the author left out crucial details to make it juicier.
Here's the request form that you fill up for it: https://developer.apple.com/contact/request/hotspot-helper/
Why would a flashlight app even need your location?
completely agree, I read 2 sentences and closed it.
This is the whole story. Thank you for writing it, and sorry that you're getting downvoted for it.
> I'm sorry you don't like it but that's the truth, the author left out crucial details to make it juicier
I wish there was a way to know when people had downvoted with "this is true but I don't like that it's true".
There's a theory that Silk Road's Ross Ulbricht leaked his location via a Captcha on a website, despite actively covering his tracks.
I think Bitcoin's Satoshi is/was an Australian bloke living in Japan because of his wording + timestamp on posts.
I was able to send a friend a little hello message via a Facebook ad by hyper targeting them (before fb disallowed that), which also confirmed their location.
There is always a vector for abuse, and I think Apple has taken large steps to reduce that. I find this story a bit of a non-event.
Considering the scale of these apps, I'm guessing they have internal wifi<->location databases with fairly great accuracy.
Wi-Fi positioning is usually accurate within a few meters; my IP is frequently on the other side of the globe (when using a VPN or just roaming globally).