How a New iOS App Reveals the Hidden Way Your Phone Gives You Away
- Linux Kernel Removes strncpy After Six Years and 362 Patches
- Linux Kernel Drops 40-Year-Old AppleTalk Protocol — AI-Generated Patch Flood Was the Last Straw
- Apple’s Native Linux Container Tool Has Arrived — But Can It Really Replace Docker?
- 60% of MD5 Password Hashes Can Be Cracked in Under an Hour with a Single GPU
- Dirty Frag: Root Access on Every Major Linux Distribution — No Patch, No Warning
How a New iOS App Reveals the Hidden Way Your Phone Gives You Away
You search for a pair of shoes on one app, and the next day a completely different app is recommending the same thing. A new free tool from a well-known privacy research team shows exactly how that happens — and it usually has nothing to do with your microphone.
Most people’s first instinct, when an ad for something they only searched for in one app suddenly shows up in another, is to suspect their phone’s microphone is secretly listening, or that two companies are quietly swapping personal data behind the scenes. In reality, the far more common explanation is simpler and, in its own way, more unsettling: advertisers don’t need to know who you are. They just need to recognize your device.
The technique is called device fingerprinting
Every smartphone exposes a long list of small, seemingly harmless technical details to the apps installed on it — battery level, screen brightness, storage space, time zone, language settings, sensor data, and more. No single detail identifies you. But combined, they form a pattern distinctive enough to tell your phone apart from millions of others, even without your name, email address, or precise location ever being collected.
Once an app or its embedded advertising software has calculated that pattern, it can recognize the same device again later — including inside a completely different app — without needing any account or login to tie the two together.
A new app shows you exactly what is exposed
A free, open-source iOS app called Loupe, built by the privacy research team Mysk, was released this month specifically to make this surface visible. Rather than simulating tracking techniques, Loupe reads real values exposed through the same public iOS APIs that any App Store application can access, then displays that information directly to the user.
Loupe organizes everything it can see into three tiers, based on how much access each piece of data requires:
| Tier | What it covers |
|---|---|
| Passive | Visible to any app with no permission prompt at all — locale, time zone, screen details, and battery information among them |
| Needs Permission | Data that triggers a standard iOS permission prompt, such as contacts, photos, location, and calendars |
| Advanced | Side-channel techniques, including probing which other apps are installed and identifiers that can persist across an app reinstall |
According to its App Store listing, Loupe can also work out which popular apps are installed on a device without requesting any permission, determine the exact moment a device was originally set up, and in some cases surface the name attached to a paired accessory — which can inadvertently reveal the owner’s own name.
Photo location data is a bigger risk than most people realize
One of the more striking demonstrations involves photo library access. Photos taken on a smartphone often carry embedded location coordinates accurate to roughly ten meters. An app with full photo library access can analyze the frequency and timing of those locations to infer where a person lives, works, and travels — even if that app was never granted location permission directly.
This is part of why privacy researchers commonly recommend using Apple’s limited photo picker — the system prompt that lets a person select only specific photos for an app to use — rather than granting full photo library access. Choosing the limited option generally prevents location metadata from being passed to the app at all.
How information travels between unrelated apps
The mechanism connecting app A to app B is usually advertising software, not a secret data-sharing deal between companies. Many apps don’t build their own ad systems; instead, they embed third-party advertising SDKs (software development kits) to serve the ads people see in feeds and splash screens. Those same SDKs are positioned to read device signals and report them back to the ad platform, which is what lets unrelated apps end up showing the same recommendation.
Apple has tried to limit this. Apps from the same developer can share a device identifier called the IDFV, but cross-developer tracking historically relied on a separate identifier, the IDFA. Since 2021, Apple’s App Tracking Transparency framework has required apps to ask permission before accessing the IDFA, and declining that prompt resets the identifier. That change pushed many advertisers toward fingerprinting techniques instead, since fingerprinting does not depend on an identifier the user can switch off.
Mysk’s own past research illustrates the point: in an earlier investigation, the team found that several major apps were sending device signals such as system startup time off the device, even while their published privacy disclosures claimed that information would not be shared — a value with little legitimate use beyond helping piece together a device fingerprint.
The problem is not unique to iPhones
Fingerprinting is well documented on Android as well. A large-scale academic study analyzing roughly 228,000 SDKs across about 178,000 Android apps, conducted by researchers including those at Google and published in 2025, found fingerprinting-like behavior to be widespread across the mobile app ecosystem, identifying hundreds of distinct signals that apps and their embedded SDKs can use to build a device fingerprint.
What you can actually do about it
- Use the limited photo picker. When an app asks for photo access, choose to select specific photos rather than granting access to your entire library.
- Decline “convenience” upgrade prompts. If an app later asks you to switch from limited to full access for convenience, it’s generally safer to keep the more restrictive setting.
- Review permissions regularly. Check Settings on your phone periodically and revoke access that an app no longer needs.
- Be selective with local network and Bluetooth access. These permissions can reveal other devices and accessories around you, not just the one feature you granted them for.
- Remember fingerprinting isn’t the only method. Advertisers also rely on lookalike audiences, account linkage, and collaborative filtering, so reducing exposure to fingerprinting won’t eliminate targeted recommendations entirely — but it meaningfully narrows what apps can learn passively.
Tools like Loupe don’t block tracking on their own. What they offer is visibility — a concrete look at how much an app can infer from details most people never think to question, and a clearer basis for deciding which permissions are actually worth granting.
