[swiley]

A lot of people forget that Facebook ends up on your iphone via dylibs included in almost every other app.

[spideymans]

I have to imagine that at some point Apple will be targeting these frameworks as part of their privacy push.

[smoldesu]

I wouldn't think so. Apple has notoriously [0] ignored [1] any any security threats [2] that don't pose any immediate interest [3] to the end user.

[0] https://www.gizchina.com/2021/05/26/researcher-found-a-secur... [1] https://appleinsider.com/articles/14/09/25/researcher-accuse... [2] https://www.forbes.com/sites/thomasbrewster/2014/09/04/creat... [3] https://www.wired.com/story/macos-malware-shlayer-gatekeeper...

[xanaxagoras]

Wait, what?

[swiley]

Sorry, I'm not sure what part of that wasn't clear. Facebook ships useful libraries to app developers as binaries and they use that to get code on everyone's phone in order to add to their data collection apparatus.

I'm pretty sure they're not the only ones who do that either. It's a pretty effective method to get around app sandboxes.

[haswell]

As someone who does not build mobile apps, none of that was clear from the earlier comment. I appreciate the additional explanation - I wonder if there's a way to find out which apps include this so I can avoid them...

[swiley]

You should probably avoid any closed source software that isn't community maintained just like on the desktop.

Unfortunately Apple and Google work extremely hard to make this somewhere between difficult and impossible.

[NationalPark]

Which libraries in particular report ad/identity telemetry to Facebook?

[vlovich123]

https://github.com/facebook/facebook-android-sdk/

[kevin_thibedeau]

My stock camera app pings FB on startup because of this. Fortunately it can be blocked on Android.

[dannyw]

How do I block this on Android?

[StavrosK]

You can do things that range from cutting off data access to the app to installing Blokada and cutting off access via DNS.

[kawera]

NetGuard is another option for DNS filtering.

[mcraiha]

AFAIK in vanilla Android you have to use VPN if you want to block access to certain domain for all the apps.

[kevin_thibedeau]

NoRoot Firewall

[na85]

That's fucking infuriating.

[FearlessNebula]

How can 3rd party developers make API calls to a binary?

[swiley]

https://developer.apple.com/library/archive/documentation/Ma...

I haven't touched iOS development in years but I believe you don't even need a dev account to publish these.

[jonny_eh]

But with the recent change to iOS 14.5 (and Android 12), those apps can't report to Facebook that they're being used by the same user (unless the user opts-in). Right?

[amelius]

Is this the app-equivalent of the Facebook pixel?

[malka]

worse, it allows them to run arbitrary code in a lot of apps.

Do not install apps, unless absolutely necessary.

[FearlessNebula]

Couldn’t you say the same thing for web pages with JavaScript?