Apple iPhone iOS apps can read sensor measurements without permission: Facebook can infer valuable and precise information about users with mere Accelerometer data?

Apple Inc. iOS iPhone Facebook WhatsApp Instagram Data Collection Accelerometer
Just delete Facebook, Instagram, and even WhatsApp from iPhone if Privacy is paramount? Pic credit: Stock Catalog/Flickr

Apple Inc. claims it has designed iOS to protect privacy. However, security researchers claim apps installed on an iPhone have unrestricted access to sensors. Businesses such as Facebook can decipher valuable and accurate information about iPhone users from just Accelerometer data.

There’s App Tracking Transparency or ATT to prevent apps installed on an iPhone from tracking users. However, a new report strongly suggests iPhone users who value their privacy should simply uninstall Facebook and other associated apps such as WhatsApp, and Instagram.

Facebook, and the products the social media giant owns, decipher iPhone user movement and location using Accelerometer data?

Apple Inc. has routinely proclaimed that iPhone devices are very secure. The company assures that “Whatever happens on an iPhone, stays on an iPhone”.

Apple even introduced ATT in iOS 14 last year. The company claims a system-level security layer or prompt can prevent apps from tracking users. Recent reports have indicated, that this is not the case.

Security researchers are now claiming that Facebook, in particular, is by far the most advanced when it comes to extracting data about iPhone users. The social media giant and its owned digital properties such as WhatsApp and Instagram too can decipher user location and behavior through sensor data.

Security researchers reportedly claim Facebook uses the accelerometer on your iPhone to track user movements. This can indirectly, but fairly accurately, lead to Facebook discovering user behaviors, activities, and patterns.

Concerningly, by accurately correlating data from other apps and services, Facebook can also link users with people around them even if users themselves have no idea who these people are.

The accelerometer data can help determine if a user is lying down, sitting, or walking while using an app. It is even more concerning to note that users have no way of denying access to such data.

Researchers Talal Haj Bakry and Tommy Mysk claim: “Facebook reads accelerometer data all the time. If you don’t allow Facebook access to your location, the app can still infer your exact location only by grouping you with users matching the same vibration pattern that your phone accelerometer records.”

Facebook competitors and other popular services do not extract sensor data to infer user data:

Security researchers who are probing this concerning user data extraction techniques, claim other popular services and apps do not try and gain access to accelerometer data.

Some of the services Mysk checked included TikTok, WeChat, iMessage, Telegram, and Signal. He discovered none of the five apps use the accelerometer from their subscribers’ phones to gather information.

Incidentally, data collection without user intervention, permission, or even knowledge, happens from multiple other sensors. Mysk claims: “Apps can figure out the user’s heart rate, movements, and even precise location. Worse, all iOS apps can read the measurements of this sensor without permission. In other words, the user wouldn’t know if an app is measuring their heart rate while using the app.”

Incidentally, Facebook has never denied the multiple data collection methods that it uses. However, the company seems to have seemingly innocent intentions. The Accelerometer data, for example, supports “shake-to-report, and to ensure certain kinds of camera functions such as panning around for a 360-degree photo or for the camera,” claims Facebook.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x