[surveilled]

I downloaded an iOS app targeting adults (Feeld).

The names of the “people” it suggests to me are frequently names of people who I know. Somehow, whatever is generating fake profiles is inferring my identity and showing me names of people I know.

Amazingly, it seems to have access to iOS communication because sometimes I’ll imessage with someone I haven’t communicated with in a long time (by any means), and soon enough their name pops up on the other app.

Do you have any insight on how it might work? I’ve wondered if there’s a very common app that many of my contacts would have installed that is able to peek at iMessage.

[walterbell]

Is your iOS device hardened, e.g. Lockdown Mode, locally supervised by Apple Configurator 2 with restrictive policies, whitelisted WiFi without auto-join, disabled AirDrop, etc? You can also look for forensic artifacts in iOS device backups.

https://docs.mvt.re/en/latest/ios/methodology/

https://www.amnesty.org/en/latest/research/2021/07/forensic-...

https://github.com/citizenlab/malware-indicators

https://github.com/sroberts/awesome-iocs

[akomtu]

One app gets your IP address and sells it to data brokers in real time. Another app buys this data and correlates it with IP addresses it knows. In practice, there are hundreds of data points as smartphones are all about data collection.

[surveilled]

Yes part of it works as you’ve suggested, the ID part.

However, there’s more at play. Somehow there is access to data about whom I contact (again only via iMessage) and the contents of messages (only via iMessage). It’s not an imagined correlation, some of the data shown on the app could only come from recent iMessages.

[ajolly]

How do you know the profiles are fake?

[4ad]

So it's not just me going insane. I have experienced the same behavior with Feeld.