Get the top HN stories in your inbox every day.
paxys
n2d4
I don't know about Alipay, but afaict WeChat needs this feature for WeChat Wifi, which lets users connect to internet hotspots from their WeChat accounts https://mp.weixin.qq.com/s?__biz=MzI1NjA0NzQzOQ==&mid=265026...
smith7018
I’m sure that’s valid but I’ve worked for mobile app companies and can guarantee features like this are added just to get the entitlement.
r00fus
Ah now I see - to get all the entitlements they create a super-app that happens to use those things.
Then they can spy on us for our main use case
lxgr
I at least partially blame Apple for this too.
I personally use several different terminal/Unix emulator/SSH client apps on iOS that request the "background location" permission solely because there is no actual "background execution" API.
samstave
The complexities and capabilities in the Chinese(well, most asia) mobile market are remarkable.
I always find it funny when people boast about how great certain things are in the US without ever have traveled to HK, Singapore, Tokyo, Beijing etc...
Most people dont realize just how entangled mobile life is in Asia, way more than in the US.
ethbr1
Centralized superapps seem incredibly dangerous to privacy, given that the limited mobile privacy models are designed around per-app permissions.
1. Create app that does 1 thing
2. Add more features to app
3. Abuse superset of permissions
4. Gov leans on app owner
5. Gov abuses superset of permissionsmardifoufs
Is that inherently greater than not being connected or using super apps? Also, I didn't know Tokyo or japan in general were also into the "big app" concept. Japan in general didn't seem that "connected" relatively speaking back in 2017-18 but maybe stuff has changed in the past couple of years.
refulgentis
I think I'm missing some context: ex. there's O(many) apps that offer hotspot connections in the US as well. And my understanding is there's a privacy concern, which I think would be exacerbated by a super-app like WeChat adding this.
What's the great certain things of all that?
vinay_ys
Even if only genuine hotspot apps got the entitlement, it is not a user-friendly privacy-first design. Such API use should trigger a user-visible permission dialog before apps get background-notified and user should be able to select the one of "allow-once, allow while using, allow-in-background, never" and the app activity should show up in app privacy reports.
iforgotpassword
Because the Chinese market is too important. For wechat you can maybe argue that it's a "super app" and probably also can be used to connect to wifi hotspots, but for alipay I fail to come up with an explanation..
physicles
Alipay is also pretty much an everything app (it also has its own ecosystem of mini-apps built on Alipay's platform). Except for the social aspect, it's nearly interchangeable with WeChat.
iforgotpassword
Ah I see. It's been a while thanks to the pandemic that I've been there, and even then preferred just doing wechat so I dont have to deal with even more stuff. At least for regular payment almost all places accepted both options.
BertoldVdb
You can buy hotspot access with Alipay (scan QR code -> connect), presumably thats why.
paxys
The sensible move would really be to break up these "everything" apps. Sure WeChat may have a wifi service, but if it is being used by 0.01% of the user base then why is everyone else forced to approve the permissions? Creating a separate "WeChat Wifi Connector" takes zero extra effort on their part.
shkkmo
You don't have to break up the app, just require user opt in to enable the feature for the app.
gruez
>API seems to specifically be for apps created by owners of WiFi hotspots to help users connect to those hotspots.
VPN apps also seem to use it: https://github.com/pia-foss/mobile-ios/blob/4618b55161ec5b8b...
lxgr
Apparently the entitlement is not required in a few other conditions, listed here [1] by Apple:
1. application is using CoreLocation API and has user's authorization to access precise location. [This seems harmless – the app already gets the precise location anyway here.]
2. application has used NEHotspotConfiguration API to configure the current Wi-Fi network. [This seems to be the scope of the article!]
3. application has active VPN configurations installed. [This one is quite surprising to me!]
4. application has active NEDNSSettingsManager configuration installed. [No idea what this is exactly, but it seems similar to the VPN one.]
_heimdall
Its a more basic question to me, why do these apps need a special entitlement? Couldn't they ask users for permissions like any other app, presumably with a good reason to go along with it since location is needed for some features?
gorbypark
Apple wants to gatekeep the feature for "legitimate" uses. If it was just another permission, random flashlight apps (as the joke goes) would ask for the permission and _n_% of people would just blindly accept it. Then, of course, Apple would get blamed for allowing random flashlight apps to track people's location. Of course this could all be done via the regular app review process, but Apple seems to have decided on a few permissions they want to keep super locked down (CarPlay is another, to avoid blame for when someone crashes while using some CarPlay app).
Tigress8780
These "super apps" get special treatment everywhere.
Many phone manufacturers even automatically grant certain permissions when these apps are installed (the list is sometimes hard-coded into the system), since there are people who do not understand what is "permission", and they blame the phone manufacturer for not being able to use WeChat/Alipay.
diebeforei485
This is functionally a Location Services feature, so the user should grant location permissions to use this.
I am not sure how it works in practice.
coldcode
FYI, that API requires entitlements to be used, which are only available if you request them from Apple and justify their use. It's not a general-purpose API any app can use.
lxgr
That’s not really any consolation, since (according to the article) Apple has granted that entitlement to WeChat and Alipay.
Yes, these are “super-apps” and Wi-Fi hotspot services are probably part of their offerings, but that’s just more reason this should be a user-grantable permission like “local network access”. If I don’t care for the hotspot feature, I don’t want the app to have that capability.
MBCook
Certain apps have always gotten special treatment. If it’s big enough to mess with phone sales they’re allowed nonsense a normal dev would be permanently banned for.
Ex: all the stuff FB has been caught doing over the years
My understanding (no first hand experience) is that WeChat and Alipay are basically required in China. If a phone doesn’t have them, it’s worthless and won’t sell.
So naturally they too can do nonsense that would get the rest of us booted to space.
stavros
Why does apple get to decide which app gets automatic access to my private data, on my device, without needing to ask me?
lxgr
No app gets special treatment for any of the user-grantable permissions like location, Bluetooth, local network access, contacts, photos...
What makes this any different? It really seems more like an oversight than a conscious decision, similarly to how (I believe) both iOS and Android have retroactively had to bucket some of the Bluetooth LE permissions into "location", since that's what you can effectively do with them.
onlyrealcuzzo
Interesting that cutting monetary deals was a problem for Google, but special access APIs are fine.
wodenokoto
That doesn’t excuse anything! This is not “oh poor small time devs”, this is paying customers being lied to by Apple.
bdd8f1df777b
They are required in China, but the hotspot functionality isn’t. At least give me an option to turn it off.
kiririn
See also McDonald’s being allowed to gate app functionality behind background location access
breakfastduck
Chinese state supported spyware spies on you? I'm shocked!
JKCalhoun
Most entitlements though trigger a privacy prompt to allow the user to disable the functionality. Without writing a test app, I don't know that this is the case with this entitlement.
I think it should ask the user's permission.
undefined
salawat
Keep in mind that in a corporate context, not asking the user for permission or explaining what/why you are doing something is the (sociopathic imo, but nevertheless) norm. To the degree you do disclose something like that it is inevitably hidden away or obfuscated by being put somewhere in the UX that no one ever really goes.
Like seriously. I had the argument before;
Architect: we're going to fingerprint users. Me: are you going to disclose that? Architect: Of course not. Me: It's their device. You should ask. Architect: That defeats the point. Me: You either don't understand property rights, or clearly have issues with the concept of consent.
The entire IT space has been decades of building while eliding the fact these experiences are fundamentally being driven on someone else's hardware.
But that's just the world we live in I suppose.
dcdc123
How does that apply to thise case though? Asking for permissions on iOS is the norm and many apps include a message indicating what and why they are about to request something non-obvious before sending the request and triggering the popup.
filleokus
But if Facebook/Instagram/Messenger (or Alipay / WeChat as mentioned in the article) has this entitlement and does fishy stuff, I guess this can actually be a large privacy issue?
Does Apple do any analysis of entitlement usage and withdraw them when abused? A similar thing I remember is the Facebook VPN "scandal" where I think Apple withdrew the Facebook enterprise signing certificate?
paxys
Is that better or worse? "Don't worry you or I cannot exploit this, only large corporations and data aggregators can."
nottorp
> Adding another layer to the discussion is the fact that major apps like WeChat and Alipay have already implemented this capability.
So only the big apps can spy on you? The poster is Chinese so he cares about those 2, but how about facebook and google?
squarefoot
Spyware can be hidden in every piece of closed software, hardware, firmware with access to communications, so unless someone makes a 100% open device, from the first bit to the last screw, there's no 100% guarantee to be free from spyware.
gustavus
> FYI, that API requires entitlements to be used, which are only available if you request them from Apple and justify their use. It's not a general-purpose API any app can use.
Well as long as it is just Apple that is deciding who can track me without my permission then that's okay I totally trust my corporate overlords for the wise and great Apple is incorruptible and without fault.
lloeki
> that API requires entitlements to be used
Lately I've witnessed a number of apps asking for Local Network permission ("Foo would like to find and connect to devices on your local network") when they have no business doing so in any possible way that I can think of.
sroussey
Many do this if they play video, mostly to enable chrome cast.
dwaite
Chrome Cast. There is no OS-level service for it to introspect the network looking for screens to cast to, so each app has to drop in a SDK - which then has to have permission to search the local network looking for screens.
This was improved in recent iOS, but I never count on Google updating their SDKs to take advantage of iOS features on any sort of schedule. Even when they do, it will require third party apps to individually update as well.
thomastjeffery
Did Apple audit their code, then? Why in the world should anyone trust Apple to be responsible?
eduction
I thought users were prompted to give permission for this already? I get asked if I want to give “local network” access to apps sometimes (- lot these days actually) which I take to mean the ability to see local WiFi hotspots. I almost always deny this (and after reading this just turned it off for Spotify). I think the dialog that asks for permission could be improved, though, as most people don’t realize this can be used to deduce their location.
iamcalledrob
As a developer, the annoying thing about the "Local Network" permission is that:
1) It's poorly implemented. Unlike other permissions, there's no way to explicitly trigger the prompt. It just pops up at Apple's discretion. There's no way to give it a "soft landing" for cases where it's necessary for core app features. And there's no way to check if the permission has been granted or not.
2) More importantly: Apple's own apps don't trigger this warning, which makes the playing field unfair. AirPlay etc. work seamlessly, whereas any competitor's tech doesn't. And as a developer, since you can't tell if this permission has been granted or not, you're left with a poor user experience.
I'm particularly fed up of (2). If Apple is going to introduce restrictions, they need to apply to their own apps as well. AirPlay and AirDrop need to each ask for Bluetooth and local network access. The Photos app needs to trigger the "Select photos, Allow All, Deny" prompt on launch. The Camera app shouldn't be able to write to the photo library without triggering the same prompt too.
That gives them an incentive to design the user experience around these restrictions well, and maybe be more creative with how to solve for this too rather than confusing dialogs.
Currently they have a disincentive to design this stuff well. Any iOS developer that's had to work with these APIs knows that they are designed absolutely awfully with arbitrary and unexpected limitations.
woah
The developer of the Camera app already has access to all the photos in your Photos app. What benefit would a prompt have for the user?
iamcalledrob
Not sure if this is what you mean, but there could be multiple apps installed that write to the device photo library. You may not want the developer of one camera app to be able to access all photos on the device.
But this raises a related point about how frustrating Apple's APIs are here: When an app is granted the "Write to photo library" permission by the user, it can only write. It can't read back what it's written, ever. You might expect that writing to the library might return a token that can be used to read that photo back. Nope.
Android, for all its faults, does a much better job here. The OS keeps track of the app that wrote the photo -- and that app can read that photo indefinitely, unless another app edits that photo (and thus becomes the owner). A much better design.
On iOS, to read back photos from the library, you have to ask for the "All photos" read permission, which few people will grant you. "Why does my camera want to read all the photos on my device?! Deny!".
And just like that, you can't compete with the built-in camera which shows thumbnails of recently taken photos and allows you to swipe through them.
Apple has no incentive to fix this either, because their own apps bypass this permission system.
thombles
No argument from me but regarding workarounds for (1), accessing ProcessInfo.processInfo.hostName has been a reliable pop-up trigger for me for a long time. Eskimo also offers some (esoteric) suggestions for how to notice if your network operation has been denied due to lack of permission: https://developer.apple.com/forums/thread/663852
rkunde
That’s for sending and receiving local network traffic, eg. talking to devices on the same subnet, and discovery of Chromecast and similar targets.
Edit: AirPlay does not require this permission.
Hippocrates
I don't believe it is necessary for airplay, but probably is for Chromecast, Sonos, and many devices to establish ad-hoc connectivity for setup and operation.
I take this popup to mean that they want to fingerprint and locate my home network or backdoor it somehow. I ALWAYS deny this access unless the app specifically requires it, and that is rare.
WiFi based geolocationing should be a well known privacy threat by now. The popup should really communicate that better and provide tighter controls.
undefined
graftak
You’d think that AirPlay would be abstracted away by an OS API that does the local network discovery itself.
ascagnel_
In my experience, it is. My podcast app of choice doesn’t have that permission (I don’t even think it asked for it), but it has the ability to bring up the system audio output selector widget and do AirPlay.
If anything, I usually see this for apps that want to do playback via Chromecast/Miracast. The well-behaved apps wait until the user interacts with Chromecast output, the iffier ones ask on first launch.
dwaite
AVRouting in iOS 16 allows for a Media Device Discovery Extensions, which allows for a proper ChromeCast or similar app to provide media streaming in the same interface as AirPlay.
So far there doesn't seem to be any traction by Google to migrate to this.
undefined
teekert
I take it to mean that it will scan my lan (plus tailnet?) for services. Like a Hue bridge or a Sonos speaker or a Chromecast etc.
peddling-brink
Docs: https://developer.apple.com/documentation/technotes/tn3111-i... I’d guess a review would stop the smaller spam apps, but not the big players, as noted by the author and other commenters.
JKCalhoun
Thanks. The docs confirm that an entitlement is required to call this API — still does not make clear to me whether the presence of the entitlement brings up a prompt allowing the user to deny the use of the API.
peddling-brink
If it does, it would be for network, not location. Per the rules, this isn’t a location api, except it actually is.
Iirc Android has always asked for location to enable Bluetooth, I wonder if there are similar apis there?
JKCalhoun
Yeah, Apple may want to rethink Network != Location.
thih9
Which popular apps use that? Is it possible to check this?
Like most here, I don’t have Wechat or Alipay installed. But I’m interested in e.g. Instagram, Facebook, Whatsapp, Twitter, Tiktok, Snapchat, Chrome, Firefox, Photoshop, Lightroom, etc.
rsync
I know I sound like a broken record but I really do think app stores owe us the ability to see, in advance, what permissions an app will request.
I shouldn’t have to download and install the app just to see what kind of behaviors it is going to attempt.
The app stores know this information and it would be trivially easy to present it in the details of the app prior to down loading.
CharlesW
> I know I sound like a broken record but I really do think app stores owe us the ability to see, in advance, what permissions an app will request.
Beyond what Apple already does? https://imgur.com/a/ouEqiGG
dhritzkiv
This only covers what data apps store/collect. An app can have a clean 'Privacy' disclaimer ("The developer does not collect any data from this app") but still require access to Photos, Camera, Location, etc.
sneeze-slayer
In the Play store it is possible to see what permissions are required and data is collected.
rsync
I wonder if it is possible, as an Apple developer, to query "permissions requested" via some other channel ?
I don't know anything about the ways Apple developers interface with the app store to submit or update or index their apps ... is it through xcode ?
I wonder if there is some function in that toolchain that actually does what I am proposing ...
breakfastduck
Yeah, this should absolutely be standard.
forward1
Can we talk about the fact iOS/macOS turns on the Wifi and Bluetooth radios after each system update? Almost as if the devices were made deliberately to maximize spying, contrary to the marketing lullabies.
ShakataGaNai
Hanlon's razor: Apple is just lazy and defaults all these things to on, rather than keeping tract of the settings since they are used or needed by 99% of people. Apple loves its Bluetooth keyboards and mice, after all.
forward1
I don't think so. Apple likes to collect data as much as anyone else, they're just better at hiding it with euphanisms.
To wit: iOS requires precise location be enabled just to show weather on the home screen; I can't set a static location and just get the weather report for that place.
The whole thing just reeks of willful surveillance anti-patterns.
emmo
Yeah I find this incredibly annoying.
captn3m0
Now I'm curious - which other apps have this entitlement? Is there a way for me to find out which apps on my phone have this entitlement?
ralmidani
This is one of the majors problems with completely locked-down platforms. Assurances that the owner of the platform respects your privacy and prevents others from violating it are really just a pinky promise.
vlovich123
I think the perspective can be incorrect. No one expects Apple to get it perfect. Computing platforms are legitimately hard to secure, especially when you’re talking about privacy which is a lot more amorphously defined culturally vs typical CS security which is defined as subverting technical access controls.
The key question is whether Apple will play a curator role in trying to reign in the ecosystem. They have in the past (eg Uber was doing shady shit and there was a game of chicken to get them to stop). Of course Alipay and WeChat may be harder especially how Apple China is such a huge market for Apple and critical to their success now. It’ll be interesting to see how Apple adjusts to this over the next few years.
Open platforms also have this problem and also operate on pinky promises (perhaps even worse) so I’m not sure the point you’re trying to make unless it’s that “well if this problem isn’t solved I’d rather have an open platform”. The problem with that argument is that there are many issues and this is only one failure case which may be addressed in the future whereas open platforms have this one and many more that are unadressed.
thund
Open platforms can be reviewed and fixed more easily and faster
vlovich123
Can you clarify with examples/technical description how an open platform will be able to review & fix privacy/security issues like this more easily/faster? As far as I know this wouldn't be news on Android because such permissions are granted as a matter of course without review. Keep in mind that most people use the Google or Samsung stores which aren't open platforms for verifying permissions aren't misused.
For what it's worth spyware/malware consistently seems to target Android more than iOS [1]. To be fair Android has more units, but that's just one axis - iOS users should be more valuable to exploit because they're usually in a different socioeconomic bracket. Another data point is that Android developers get paid anywhere from $2k to $20k to add malware to their Google Play store app [2] - I can't find any articles similar for iOS so would be interesting to compare the marketplaces if anyone knows it for iOS.
[1] https://nordvpn.com/blog/ios-vs-android-security/
[2] https://www.bleepingcomputer.com/news/security/cybercriminal...
dang
We've heard complaints that this title is overstated, and I'd be happy to replace it with a better (i.e. more accurate and neutral) one, if anyone has a suggestion?
joshstrange
"iOS apps can track a user via SSID scan with a special entitlement"
I think that best describes it? Not sure but I agree the title as-is doesn't really ring true after reading the article.
crotchfire
I think the title is fine.
mrpippy
It’s worth noting that use of NEHotspotHelper requires a special entitlement (com.apple.developer.networking.HotspotHelper) that you have to apply for, and presumably Apple won’t grant unless your app has a legitimate need for it.
That said, this maybe shows an incompatibility between Apple’s privacy strategy and “super-apps” like WeChat and AliPay. When a company shoves all functionality into one app, that app suddenly has all the entitlements, and it’s harder to tell when and how any sensitive data is being used.
The West generally doesn’t develop apps this way. For example, Comcast has a separate “WiFi Hotspots” app. Although LOL, they posted 2 days ago that its functionality is being combined into the main Xfinity app. Maybe the West is catching up.
layer8
Is there a way for an end user to see which apps have this entitlement?
kridsdale1
Facebook is a SuperApp. It had a WiFi-hotspot-finder in it for years.
JKCalhoun
I love when I launch an app and then get a bevy of requests to access my Camera, my Microphone, my Contacts, etc...
I nope out and if the functionality of the app is trashed, so goes the app....
Google Maps constantly hounding me to turn on precision location services, asking me if I am navigating for a friend and to allow access to my contacts... Wow, no.
nequo
> com.apple.developer.networking.HotspotHelper
Where do you revoke this entitlement on iOS? Settings → Privacy & Security → Local Network? Or is this something else?
yunohn
AFAIK entitlements are not necessarily exposed as toggles.
turquoisevar
You can’t revoke entitlements, entitlements is the term used for developers who indicate that they intend to use a feature.
Users are asked for permissions and those permissions can be revoked. This entitlement doesn’t correspond with its own unique permission, either it works without permission from the user or it might be bundled into Local Network or Location Permissions.
tick_tock_tick
This is one of the special ones so you're not allowed to; Apple picks for you per app.
lencastre
General > Reset > Reset Location and Privacy Settings
ycombinatrix
You didn't grant any location access in the first place, so why would this work?
rullelito
So Apple decides which companies should have your location data? Niiiice
bhpm
Musk wants Twitter to be a super app.
https://www.theverge.com/2023/7/26/23808796/elon-musks-x-eve...
rainworld
[flagged]
karmakaze
> presumably Apple won’t grant unless your app has a legitimate need for it.
Increasingly clear that Apple is in charge of what happens on your devices not the users themselves.
intelVISA
Wasn't it ever thus?
karmakaze
I had the first iPhone up to the 3GS. It didn't feel that way then. Now there are continuous software updates that keep changing arbitrary and invisible policies.
hayst4ck
It might surprise you but a lot of people want that and buy apple specifically because of that. I would even go so far as to say it is a major competitive advantage.
undefined
undefined
m463
turn off location services, your phone still contacts ls.apple.com
deep links, they go deeper than you think.
ibeacons provide very precise indoor location, think of all the behavioral data a store app can collect.
apple is not really your friend.
seriously, apple should let you
- know what is running
- know what network traffic happens
- control these thigns
- run your own programs
I would love an ios firewall program or non-neutered little snitch
mannyv
They're not tracking locations because they're not using GPS.
They are checking the environment for stuff that might have known locations, which is different. You can do the same with bluetooth/BLE.
panarky
This is a distinction without a difference.
The user must be in control of whether their location is disclosed to an app.
extraduder_ire
> You can do the same with bluetooth/BLE.
Not anymore you can't. Sometime before 2020 apple, and also google, started treating BLE scanning as an operation needing location permissions. (I had to deal with this transition while submitting an iOS app that connected to a BLE device which actually had a GPS module in it)
As of now, I still have to turn on location on my android phone to connect to some BLE devices.
x1sec
SSID / BSSID is often enough to pinpoint the location. Recently someone debated this with me, so I asked him what his wifi AP name was, then proceeded to provide their home address.
How? By searching it in https://wigle.net.
That ended the debate quite swiftly.
bdavbdav
Same difference as far as a user is concerned. And BT/BLE explicitly asks for permission.
Get the top HN stories in your inbox every day.
Reading through the linked docs, this API seems to specifically be for apps created by owners of WiFi hotspots to help users connect to those hotspots (https://developer.apple.com/documentation/networkextension/h...).
> NEHotspotHelper allows your app to participate in the process of authenticating with hotspot networks, that is, Wi-Fi networks where the user must interact with the network to gain access to the wider Internet.
> NEHotspotHelper is only useful for hotspot integration. There are both technical and business restrictions that prevent it from being used for other tasks, such as accessory integration or Wi-Fi based location. Before using NEHotspotHelper, you must first be granted a special entitlement (com.apple.developer.networking.HotspotHelper) by Apple.
Which makes sense, but then why exactly are apps like WeChat and Alipay granted this entitlement?