Trump Team Has Full Meltdown Over CNN Story on ICE-Tracking App
Technology
153
Beiträge
85
Kommentatoren
1
Aufrufe
-
You don't need a user account or password to receive a push notification.
You just need to have the app installed. The app can be configured by the developer to receive push notifications.
And the developer needs a device ID for that. Which is their objection: https://www.iceblock.app/android
-
You don't, there's privacy respecting ways of delivering notifications in android.
Also, a 24/7 connection to a server isn't nearly as bad as you might think.
The connection isn't active the whole time, it only uses any significant amount of battery if there's actually data being sent or received. You likely already have quite a few of them anyway, how do you think systems normally listen for push notifications?
Besides all that, I read in other comments that the privacy issue was the device id firebase needs. Obviously apple also needs some kind of device id, otherwise how do they know where the notifications are going?
Did some searching, yup apple also needs a unique identifier:
When it’s time to send a notification, you generate a request that contains the notification data and a unique identifier for the user’s device.
From https://developer.apple.com/documentation/usernotifications/setting-up-a-remote-notification-server
Apple notification identifiers are unique to an app install and regularly change though, so it’s hardly a device identifier.
-
It's 1000% possible to use android apps without involving Google in any way.
Edited for further clarification. It’s not about Google, it’s about what Android needs to receive notifications: https://www.iceblock.app/android
-
And the developer needs a device ID for that. Which is their objection: https://www.iceblock.app/android
How do you suppose APNS knows which device to deliver the notification to?
Something that... links it to the device? Like, a unique ID that Apple can identify?
It sounds like he thinks HE has to store this information, which is simply incorrect. It will obviously be stored by Google in Firebase, and by Apple wherever that gets stored, but HE does not have to store it.
I write apps for a living. I have users subscribe and unsubscribe to channels, and at no point is there a user account with password involved in either iOS or Android. If you want the memory of which channels they have subscribed to to persist across uninstall/reinstalls or different devices, then yes, but for an app like this you don't need to persist those settings.
At any point the government could subpoena who's received pushes (or at least, who's registered to) from both Google and Apple.
-
They could argue that attempting to track ICE is illegal, and all those using the app are to be arrested and tried for their crimes.
They're using the cops' favorite and extremely generic catch-all crime: "obstruction of justice".
-
apple is the majority of the market, no? so if e.g. a company wanted to get a product out for a client asap, apple would be the market to aim for.
In the US it's a very small majority.
-
Android has the greatest mobile OS market share by a massive margin.
But Apple users are far more likely to spend money on apps, making Apple the most lucrative target for mobile developers to target first.
Not in the US, which is really the only place this app is applicable at the moment.
-
There's no way to be anonymous on the play store
Aurora store.
I was quoting them but you're right-or Fdroid ofc
-
Android has the greatest mobile OS market share by a massive margin.
But Apple users are far more likely to spend money on apps, making Apple the most lucrative target for mobile developers to target first.
Android has the greatest mobile OS market share by a massive margin.
It’s my understanding this is true globally, but not for the US, where Apple has ~60% share.
(This app should absolutely be cross-platform though)
-
Apple have a reasonable track record of pushing back against governments
Only when it comes to individual consumer cases like terrorists or other crimes. When it comes to large scale political movements then they are very quick to lend authoritarian governments a hand, see for example their cooperation with the CCP to suppress the Hong Kong protests. But they have also always cooperated with police to some degree and this has only gotten worse.
Forbes for the lack of a better source: https://www.forbes.com/sites/thomasbrewster/2024/10/09/apple-sells-privacy-to-consumers-but-its-quietly-helping-police-use-iphones-for-surveillance/
There’s a widespread perception that Apple has a combative relationship with law enforcement after the company refused to help the FBI hack into the iPhone of the shooter in the 2015 San Bernardino terrorist attacks. But since then, it has ramped up collaboration with police through the conference and other meetings with agencies at both Cupertino HQ and its Elk Grove campus, as well as a variety of previously unreported projects helping cops use iPhones, Macs, Apple Vision Pro and CarPlay, the emails show. Most of these projects have not been announced publicly.
Apple declined to comment.
People just love believing in Apple for some weird reasons.
I am the biggest Apple hater and they are absolutely not immune from criticism, but they are generally a more private company. The CCP has their hands deep in every corporation on the planet so none of them are immune from that influence. Apple pushed back when the government demanded they dismantle encryption (Google doesn't even offer this) for CSAM. They were also the first to disclose the government push notification collection information.
-
Secret police would probably have an interest in lists of people downloading an app tracking their movements no? Particularly if it was downloaded to a mobile tracking device they carry with themselves at most times.
no I honestly don't know how this would help them
-
How do you suppose APNS knows which device to deliver the notification to?
Something that... links it to the device? Like, a unique ID that Apple can identify?
It sounds like he thinks HE has to store this information, which is simply incorrect. It will obviously be stored by Google in Firebase, and by Apple wherever that gets stored, but HE does not have to store it.
I write apps for a living. I have users subscribe and unsubscribe to channels, and at no point is there a user account with password involved in either iOS or Android. If you want the memory of which channels they have subscribed to to persist across uninstall/reinstalls or different devices, then yes, but for an app like this you don't need to persist those settings.
At any point the government could subpoena who's received pushes (or at least, who's registered to) from both Google and Apple.
I’m not the developer, but I do also write app backends for a living so I know there is some nuance that you’re skipping over in your response. But if you have a way to do this completely anonymous on android I’d suggest offering help to the developer who made this.
Something that... links it to the device? Like, a unique ID that Apple can identify?
APNS tokens are linked to the app install and renew on a certain timeline. Already making them not exactly the same as a device identifier.
-
Shouldn’t be an app. It should be a site accessible using vpn and private browsing with an appropriate browser. Nobody should have to worry about the Stasi finding the app on their phone regardless of the situation.
Websites don't support push notifications in a way that normies understand. They're also generally unreliable. And these are time-sensitive matters.
-
I’m not the developer, but I do also write app backends for a living so I know there is some nuance that you’re skipping over in your response. But if you have a way to do this completely anonymous on android I’d suggest offering help to the developer who made this.
Something that... links it to the device? Like, a unique ID that Apple can identify?
APNS tokens are linked to the app install and renew on a certain timeline. Already making them not exactly the same as a device identifier.
No, you're right, GOOGLE will take the device identifier, but him talking about how he would need to store it, and especially for channels where he talks about user names and passwords really makes me think that he thinks he personally has to do it, with his own backend storing it. (edit: The point is, that he doesn't HAVE to do it this way. You can, and it gives you more control, but you can let Google do it all. It's never anonymous with anyone though.)
Apple knows which devices have the app installed. They would be able to link that back to the device if it was demanded, even if it is a bit more obscured.
-
I would imagine this is very similar to marking a cop on Waze and completely legal which is why they are throwing a hissy fit.
He who saves his Country does not violate any Law
- Donald Trump
- Napoleon
- Donald Trump
-
I’m not the developer, but I do also write app backends for a living so I know there is some nuance that you’re skipping over in your response. But if you have a way to do this completely anonymous on android I’d suggest offering help to the developer who made this.
Something that... links it to the device? Like, a unique ID that Apple can identify?
APNS tokens are linked to the app install and renew on a certain timeline. Already making them not exactly the same as a device identifier.
Just figured I'd add Apples own documentation as well
Registering your app with APNs | Apple Developer Documentation
Communicate with Apple Push Notification service (APNs) and receive a unique device token that identifies your app.
Apple Developer Documentation (developer.apple.com)
Apple Push Notification service (APNs) must know the address of a user’s device before it can send notifications to that device. This address takes the form of a device token unique to both the device and your app. At launch time, your app communicates with APNs and receives its device token, which you then forward to your provider server. Your server includes that token with any notifications it sends.
-
It sounds like a honeypot to me. But I would be happy to be proven wrong.
Edit: and it’s gone?
It's not gone, it's just currently not available in your country or region.
-
This post did not contain any content.
Twenty years ago tracking armed thugs in ski masks would have been called a public service.
-
*federated
I think I was tired -
If you mean something on fediverse: while that would be hard to take down or block, it’s far from anonymous
Yeah wasn't thinking anonymity, but keeping something running and making it hard to take down.
