Pikagi
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช Profile Banner
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช Profile
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช

@mysk_co

13,026
Followers
464
Following
1,293
Media
4,680
Statuses

We're two #iOS developers and occasional #security researchers on two continents. #CyberSecurity ๐ŸŽฌ ๐Ÿ“ ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช

Canada - Germany
https://t.co/gUFbHR4cyd
Joined November 2010
Don't wanna be here? Send us removal request.
Pinned Tweet
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
7 months
๐Ÿšจ NEW: Private Wi-Fi addresses had been useless ever since they were introduced in iOS 14. When an iPhone joins a network, it sends multicast requests to discover AirPlay devices in the network. In these requests, iOS sends the device's real Wi-Fi MAC address. ๐ŸŽฌ Watch theโ€ฆ
Tweet media one
Tweet media two
Tweet media three
13
61
258
Last Seen Profiles
JT Sowell

@JtSowell

Kameron chavers

@kameron_chavers

Omaze UK

@OmazeUK

์ฒด๋ฆฌ

@zzong_0219

ใƒฌใ‚คใƒปใ‚จใƒŸใƒผใƒซใƒปใ‚ทใ‚งใƒซใƒ†ใ‚ฃ@ๆ–ฐไบบVTuber

@VTuber0x0

Klein

@THFC_klein

DESA

@DESASoccer

Eva Holy ๐Ÿฅท

@EvaFollowHelp

ani

@minsungadickted

CAIS Files ๐Ÿ’™

@CAIS_Files

Elissa Joella

@joella_eli86789

RealityPorn BangBros ๐Ÿ“ Brazzers HotBabes +FAN+

@PornCamcunts

M. Burton Cornish Jr

@CornishGroup

Douglas Lee

@DougEthanJac

O๐”พ๐•–๐• ๐•ฃ๐•˜๐•– ๐Ÿ‡ฐ๐Ÿ‡ช๐Ÿ‡ฎ๐Ÿ‡ฑ

@Georgeoduwuor

Justin Hackett

@JustinHackett16

Sonja Savic

@savic0167

Chainโ›“

@ChainShaftInc

ใƒ’ใ‚ตใ•ใ‚“@่ถฃๅ‘ณๅžข

@hisa_cloud

Egga.

@nctjaeyh

erha โ€Ž

@yujiminlucu

โœจ๏ธArthurzinhoโœจ๏ธ

@arthur_luna95

โšœ๏ธJERRIโšœ๏ธ

@jfpbear

Karan Ayngaran

@karan_ayngaran

Dhrupnath Singh

@DhrupnathSingh

88iriam

@88iriam20465

๐ŸฐBLZ๐Ÿฐ

@Blueeziy

tumeek

@tumeek_

Hashed Network

@HashedNetwork

Cshabakanligi

@ailevecalisma

shvnks๐Ÿ‡ฌ๐Ÿ‡ง

@CestShanks

Philippe Mangin

@PmanginMeuse

Luparus ฮฉ

@Jagdfrevler

Waris Best Channel-Law, Travels, Resorts, Nature

@warisbestchannl

D-trix

@d_TRIX

hana เญจเญง ๐Ÿซง

@wontongase

@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet. We used @ProtonVPN and #Wireshark . Details in the video: #CyberSecurity #Privacy
525
7K
21K
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices. TL;DR: Don't turn it on. The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.โ€ฆ
Tweet media one
Tweet media two
Tweet media three
Tweet media four
111
1K
3K
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
10 months
iOS 16.5.1 still bypasses the VPN. New tests show that Apple Push Notification traffic completely ignores the VPN connection. Apple Maps sends many requests outside the VPN, including unencrypted DNS requests. This also happens in the Lockdown Mode. ๐ŸŽฌ
Tweet media one
37
391
1K
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
๐Ÿšจ New Findings: ๐Ÿงต 1/6 Appleโ€™s analytics data include an ID called โ€œdsIdโ€. We were able to verify that โ€œdsIdโ€ is the โ€œDirectory Services Identifierโ€, an ID that uniquely identifies an iCloud account. Meaning, Appleโ€™s analytics can personally identify you ๐Ÿ‘‡
Tweet media one
Tweet media two
Tweet media three
Tweet media four
58
536
1K
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
29 days
Speaking of outdated, @MicrosoftEdge is the only browser on macOS that still requires administrative privileges to install. ๐Ÿซ 
Tweet media one
@MicrosoftEdge
Microsoft Edge
@MicrosoftEdge
1 month
You. Yes, you. It's time to leave that outdated browser ๐Ÿซต
2K
198
3K
19
54
943
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
I know what you're asking yourself and the answer is YES. #Android communicates with #Google services outside an active VPN connection, even with the options "Always-on" and "Block Connections without VPN." I used a #Pixel phone running #Android13 , its IP is 192.168.2.14 ๐Ÿ‘‡
Tweet media one
Tweet media two
32
231
915
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
8 months
๐ŸšจPSA: iOS 17 turns these sensitive location options back on. If you have disabled significant locations as well as adding your location information to your iPhone analytics before upgrading to iOS 17, iOS 17 will turn the options on as shown in the screenshot. While significantโ€ฆ
Tweet media one
75
363
864
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
๐Ÿงต 1/5 The recent changes that Apple has made to App Store ads should raise many #privacy concerns. It seems that the #AppStore app on iOS 14.6 sends every tap you make in the app to Apple.๐Ÿ‘‡This data is sent in one request: (data usage & personalized ads are off) #CyberSecurity
39
324
746
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
You can easily monitor the network traffic of any device using this simple method. You don't need a custom router for that. You just need a Mac and #Wireshark , and enjoy โœŒ๏ธ
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
At Mysk we use this simple method to monitor the network activity of a device: โ–บConnect your Mac to the internet via LAN โ–บShare the internet from LAN to Wi-Fi โ–บConnect the device to this Wi-Fi โ–บStart #Wireshark on your Mac and pick brdige100 โ–บStart capturing.. #SecurityTips
Tweet media one
Tweet media two
Tweet media three
9
46
259
13
79
653
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
It's official. iOS will not support Progressive Web Apps in the EU. It would be great if Apple provides the basis of this claim: "We expect this change to affect a small number of users"
Tweet media one
66
120
589
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 months
Apple decided to remove PWAs, then walked back the decision. Apple terminated Epic Games developer account, now they walked back the decision. What's going on with Apple? "Trust is built in drops and lost in buckets" How many buckets has Apple lost so far?
@EpicNewsroom
Epic Games Newsroom
@EpicNewsroom
2 months
Update - Apple has told us and committed to the European Commission that they will reinstate our developer account. We are moving forward as planned to launch the Epic Games Store and bring Fortnite back to iOS in Europe. More belowโฌ‡๏ธ
111
270
2K
20
55
400
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
๐Ÿงต 1/6 Apple's Data & Privacy statement starts with the calming phrase "Apple believes privacy is a fundamental human right" then goes on to describe how the platform aggressively collects your data. You must accept the statement or stop using your iPhone. #CyberSecurity
Tweet media one
Tweet media two
Tweet media three
Tweet media four
13
123
335
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
11 days
BREAKING: The EU Commission designates iPadOS as a gatekeeper under the Digital Market App. Apple will have to allow alternative marketplaces on the iPad too.
Tweet card media
Press corner

Highlights, press releases and speeches

ec.europa.eu
6
63
331
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
๐Ÿงต The App Store on #macOS 13.2 sends detailed usage data and analytics to Apple. All interactions are associated with the user's iCloud ID, or dsid. This happens even when you turn off sharing usage data and analytics. (1/6) ๐Ÿ‘‡ #Privacy #InfoSec
Tweet media one
Tweet media two
7
91
310
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
Apple blocked Spotify's update for including a button that emailed a link for purchasing audiobooks. Amazon is doing exactly the same. If you tap on the "I Want This Book" button in the #iOS app, you get a link to purchase the book outside the app. Apple Review Team approved it.
Tweet media one
Tweet media two
Tweet media three
Tweet media four
13
45
278
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
4 months
๐Ÿšจ๐ŸŽฌ Privacy Concerns about Apple Push Notifications TL;DR: data-hungry apps use push notifications as a trigger to send app analytics and device information to their remote servers, even if the apps aren't running at all on your iPhone. Such apps include TikTok, Facebook, FBโ€ฆ
13
95
276
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 years
Dear #Android users, Chrome shares your motion sensor with all the websites you visit by default. This video shows how you can disable it. Please do it now. You can learn more about this here: #CyberSecurity #Privacy
19
203
252
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
At Mysk we use this simple method to monitor the network activity of a device: โ–บConnect your Mac to the internet via LAN โ–บShare the internet from LAN to Wi-Fi โ–บConnect the device to this Wi-Fi โ–บStart #Wireshark on your Mac and pick brdige100 โ–บStart capturing.. #SecurityTips
Tweet media one
Tweet media two
Tweet media three
9
46
259
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
11 days
Still don't understand why Safari does this? It happens on iOS too. Any explanation?
30
5
262
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
As @PrivacyMatters speculated, Authy sends too much analytics for an authenticator app. It associates analytics with the user's ID, which is tied to phone number and email. The analytics include the issuer name of each scanned QR code. Try to use a different #2FA app. #Privacy
Tweet media one
Tweet media two
Tweet media three
26
59
253
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
8 months
Philips Hue will soon force users to create a Hue account and sign in to continue to use the app and control the smart lights. The best security model to protect smart devices is to keep them disconnected from the internet, or at least keep this option available. #Privacy
Tweet media one
23
42
232
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
This screenshot shows the app analytics data sent by two different iOS apps: @duolingo and @Tinder . What's the likelihood that both apps are installed on the same device? ๐Ÿ’ฏ? ๐Ÿคฏ Both apps use @unity Ads. The data in the screenshot is collected by the Unity Ads framework includedโ€ฆ
Tweet media one
13
75
210
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
14 days
Nice! @brave for iOS just got updated to support the new "marketplace-kit" scheme. Brave only calls the scheme when trackers blocking is disabled. As we reported earlier, Apple implemented the new scheme in a way that allows tracking across websites based on the unique client_id.โ€ฆ
Tweet media one
Tweet media two
Tweet media three
6
30
198
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
4 months
Just detected a call made by my iPhone seemingly sending my iOS keyboard data to an iCloud server. The domain name icloud-content[.]com is owned by Apple but not the one normally used for syncing iCloud data. The 316 KB of keyboard data is marked as "UserWords" The data isโ€ฆ
Tweet media one
Tweet media two
21
41
196
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
You need to be careful when you search for an authenticator app. This app sends the scanned QR codes to the developer's #Google analytics service. You won't miss it. It's running an ad campaign on the #AppStore #Privacy #CyberSecurity #2FA
Tweet media one
Tweet media two
Tweet media three
Tweet media four
15
65
189
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
11 months
BREAKING: The App Store has taken down the scam #2FA app that steals secrets We warned about this app four months ago. This wouldn't have happened without your support to spread the word. Thank you! ๐Ÿ™๐Ÿ™โœŒ๏ธ
Tweet media one
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
11 months
๐ŸŽฌ So this scam #2FA app is using custom product pages of Apple Search Ads to trick users. It has different campaigns per search keywords. When searching for "Microsoft Authenticator", it shows screenshots highlighting "Microsoft". and when searching for "Google Authenticator",โ€ฆ
2
22
73
12
31
189
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
๐ŸŽฌ The App Store will continue to be the only place to install apps on the iPhone, even in the EU. Users should be aware that the App Store collects exhaustive usage data and sends it to #Apple . This can't be turned off. We made this video to show how tapping an app link getsโ€ฆ
4
49
191
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 months
Google Authenticator still syncs two-factor authentication secrets without E2EE. If you enable cloud syncing, this means: 1๏ธโƒฃ Google can read the secrets and generate one-time passwords for your accounts 2๏ธโƒฃ Google knows the services you use 3๏ธโƒฃ #Google knows your usernames #Privacy
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices. TL;DR: Don't turn it on. The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.โ€ฆ
Tweet media one
Tweet media two
Tweet media three
Tweet media four
111
1K
3K
11
67
189
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
๐Ÿงต 1/7 During our research on link previews, we discovered that Instagram servers execute #JS code in links sent in DM. We contacted Facebook security team. They said it was expected behavior, no issue. We published the work. @TeamYouTube took down the video and sent us a warning
Tweet media one
Tweet media two
11
67
192
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
Just got the "ad free" subscription of Prime Video in the iOS app and paid with my credit card directly to Amazon. I didn't see an option to pay with the App Store's in-app purchase, neither did I see a "scare screen." Digital content? Yes. Can other apps do this? ๐Ÿซ 
Tweet media one
Tweet media two
7
13
189
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
6 months
Thank you @Apple ! We were rewarded a bounty of $5,000 for reporting this bug. ๐Ÿ™ CVE-2023-42846
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
7 months
๐Ÿšจ NEW: Private Wi-Fi addresses had been useless ever since they were introduced in iOS 14. When an iPhone joins a network, it sends multicast requests to discover AirPlay devices in the network. In these requests, iOS sends the device's real Wi-Fi MAC address. ๐ŸŽฌ Watch theโ€ฆ
Tweet media one
Tweet media two
Tweet media three
13
61
258
16
16
187
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
9 days
It's May 1. Instagram for iOS just got updated. It still sends the device's system uptime to remote servers. Starting today developers are no longer allowed to access this API without providing a reason. And in no way can the app send the value off-device. #Privacy
Tweet media one
Tweet media two
6
32
204
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
This statement is from a court document submitted by Apple's lawyers regarding the App Store data privacy class action lawsuit: "Given Appleโ€™s extensive privacy disclosures, no reasonable user would expect that their actions in Appleโ€™s apps would be private from Apple."
Tweet media one
9
58
178
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
10 months
The "Advanced Tracking and Fingerprinting Protection" introduced in Safari in iOS 17 leaks DNS queries to Apple DNS server. Users who rely on custom DNS to block malware domains will be unprotected. We reported this bug to Apple, but Apple says it is not an issue. In ourโ€ฆ
Tweet media one
Tweet media two
Tweet media three
Tweet media four
9
44
176
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 years
We prepared this video to illustrate why access to the accelerometer should get a permission in iOS. Unrestricted access to accelerometer data can breach user privacy. We used Facebook as an example in the video. #Cybersecurity #Privacy #iOS
Tweet card media
Privacy: Here is how you find iOS apps that monitor accelerometer...

Any iOS app can read iPhone accelerometer data without a permission. The accelerometer can be used to measure the motion and vibration of the iPhone. We used...

www.youtube.com
12
92
175
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
6/6 It is worth noting that the DSID is also sent by other Apple apps for analytics purposes. You just need to know three things: 1- The App Store sends detailed analytics about you to Apple 2- There's no way to stop it 3- Analytics data are directly linked to you
8
39
172
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
2/6 Apple states in their Device Analytics & Privacy statement that the collected data does not identify you personally. This is inaccurate. We also showed earlier that the #AppStore keeps sending detailed analytics to Apple even when sharing analytics is switched off.
Tweet media one
5
40
172
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
Many comments suggest that if you don't want Apple to collect this private data about you, don't buy an iPhone. Well, many users already bought iPhones based on Apple's privacy promises. What should they do? Moreover, Apple has its own definition of the term "tracking" ๐Ÿ‘‡
Tweet media one
Tweet media two
Tweet media three
Tweet media four
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
๐ŸŽฌ The App Store will continue to be the only place to install apps on the iPhone, even in the EU. Users should be aware that the App Store collects exhaustive usage data and sends it to #Apple . This can't be turned off. We made this video to show how tapping an app link getsโ€ฆ
4
49
191
12
38
174
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
Many iOS users report losing their 2FA codes after updating their Google Authenticator app. Meanwhile, Android users took to Google Play reviews to complain about the lack of end-to-end encryption. #Google #2FA #Security #cybersecurity #InfoSec #iOS #Android
Tweet media one
Tweet media two
19
37
164
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
11 months
When you view the tweet below by @signalapp on an iPhone, you'll see a card showing the Signal app with a button to install the app. If you tap on the button, a sheet is presented within the Twitter app showing more details about Signal. Even though the sheet is presented insideโ€ฆ
Tweet media one
Tweet media two
Tweet media three
Tweet media four
@signalapp
Signal
@signalapp
11 months
Announcement! Signal is refreshing our board as we grow. Weโ€™re delighted to welcome @krmaher , @ambaonadventure , and @jaysullivan as Signalโ€™s new Directors. Learn more here:
47
66
524
15
42
159
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
The definition of app sideloading: #Apple v #Google
Tweet media one
Tweet media two
2
21
157
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
7 months
Again, iOS 17.0.3 changed my privacy settings and turned these settings on: Significant Locations iPhone Analytics HomeKit and more ๐Ÿคฌ Check your iPhones before and after the upgrade and let us know ๐Ÿ™ Settings -> Privacy & Security-> Location Services-> System Services
Tweet media one
Tweet media two
34
32
158
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
Many iPhone users are asking us to recommend safe authenticator apps. Well, the @AppStore is making it useless to recommend any app. No matter what you search for, the top hit is almost always an ad for a scam app. #Apple #AppStore #2FA
Tweet media one
Tweet media two
Tweet media three
Tweet media four
12
33
154
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
4 months
๐Ÿšจ๐ŸŽฌ Here is what happens when you insert an unlocked SIM card into a locked iPhone: - The #iPhone accepts the SIM card and connects to the internet ๐Ÿ˜ณ - Apple immediately adds the phone number of the SIM card to the Apple ID of the iPhone owner ๐Ÿ˜ฒ - Apple accepts the new phoneโ€ฆ
Tweet media one
12
34
153
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
Update: The Lockdown Mode leaks more traffic outside the VPN tunnel than the "normal" mode. It also sends push notification traffic outside the VPN tunnel. This is weird for an extreme protection mode. Here is a screenshot of the traffic (VPN and Kill Switch enabled) #iOS
Tweet media one
6
35
151
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
@hugelgupf @Apple Order an iPhone or iPad. Sign in to your iCloud account, accept the new terms, reset the device, and then send the device back to Apple. You can always return items purchased from Apple within 2 weeks. It's not good for the environment, but it should work.
14
4
149
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 months
If you leave the EU for "too long," you won't be able to update apps installed from alternative app marketplaces. This is not the case for the App Store. A German account can install apps and purchase content from the German App Store even if you're gone for "too long"
Tweet media one
13
26
147
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
๐ŸŽฌ Finally, iOS treats all browsers equally when it comes to PWAs. Previously, only Safari was able to install and run PWA apps. With iOS 17.4 beta in the EU, no browser can install PWA apps, even Safari. It seems PWAs have been disabled entirely. Oh yes, when you set aโ€ฆ
23
31
145
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
3/6 Apple uses DSID to uniquely identify Apple ID accounts. DSID is associated with your name, email, and any data in your iCloud account. This is a screenshot of an API call to iCloud, and DSID it can be clearly seen alongside a user's personal data:
Tweet media one
Tweet media two
1
22
141
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
@narenkram @ProtonVPN ๐Ÿคฃ๐Ÿคฃ... You caught me. I'm doing it right now ๐Ÿ˜‚
1
3
139
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
11 months
The rogue 2FA app that steals scanned secrets is now ranked 18 on the German @AppStore for the productivity category. No wonder! The app disguises as a Microsoft app. It is the top hit when you search for "Microsoft Authenticator" and the developer has updated the screenshots inโ€ฆ
Tweet media one
Tweet media two
Tweet media three
Tweet media four
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
Many iPhone users are asking us to recommend safe authenticator apps. Well, the @AppStore is making it useless to recommend any app. No matter what you search for, the top hit is almost always an ad for a scam app. #Apple #AppStore #2FA
Tweet media one
Tweet media two
Tweet media three
Tweet media four
12
33
154
3
61
136
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 months
Great news: PWAs are back in the EU, albeit only on WebKit. Thanks a lot for everyone who echoed the concerns of many developers around the world. Your voice matters, and Apple has listened to it. #Apple #PWA #WebApps #iOS
Tweet card media
iOS 17.4 won't remove Home Screen web apps in the EU after all - 9to5Mac

Last month, Apple confirmed that iOS 17.4 would remove support for Home Screen web apps in the European Union. At...

9to5mac.com
7
23
139
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
10 months
iOS has a #privacy option to hide the iPhone's MAC address. It reduces tracking across Wi-Fi networks. macOS doesn't have this option yet. In fact, when your Mac joins a network, it advertises its AirPlay capabilities, including: - Your Mac name - Your Mac model - The MAC address
Tweet media one
Tweet media two
2
24
137
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
This privacy statement says that ad clicks are not tied to your Apple ID. But here's a screenshot of the exact data sent to Apple right after tapping on an ad on the App Store. Everything is linked to the DSID, which is your Apple ID. ๐Ÿง #Apple #Privacy #InfoSec #iOS #iPhone
Tweet media one
Tweet media two
11
40
132
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
8 months
iPhone 15 Pro features a USB 3 connector. Side note: USB 3 was released in 2008 #AppleEvent
Tweet media one
9
21
130
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
10 months
No, you're not seeing fewer ads on X/Twitter, just the "ad" mark got less noticeable.
Tweet media one
Tweet media two
6
32
127
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
5/6 This means that your detailed behvior when browsing apps on the App Store is sent to Apple, and contains the ID needed to link the data to you. We showed the extensive details that the App Store sends to Apple in this video,and it is all linked to you:
Tweet card media
The App Store on your iPhone is watching your every move

This video shows the app analytics that the App Store app sends to Apple while using the app. This includes detailed information about the device, every tap ...

www.youtube.com
2
23
122
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
The EU fines Apple โ‚ฌ500m for blocking music apps from telling customers about how to subscribe outside the iOS app. Meanwhile, Amazon used to offer an option in the iOS app to email customers about how to get a subscription outside the app. The option has now been removed.
Tweet media one
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
Apple blocked Spotify's update for including a button that emailed a link for purchasing audiobooks. Amazon is doing exactly the same. If you tap on the "I Want This Book" button in the #iOS app, you get a link to purchase the book outside the app. Apple Review Team approved it.
Tweet media one
Tweet media two
Tweet media three
Tweet media four
13
45
278
6
20
123
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 months
From DOJ v Apple: "In the end, Apple deploys privacy and security justifications as an elastic shield that can stretch or contract to serve Apple's financial and business interests." #Apple #Privacy #PrivacyMatters #iOS #iPhone
Tweet media one
4
30
126
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
4 months
First quick app sideloading attempt on iPadOS 17.4 failed! ๐Ÿ˜‚ #Fortnite
Tweet media one
6
8
121
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
8 months
@tweethue Many privacy-conscious users have picked Philips Hue because it doesn't require an account and that, in fact, encouraged them to buy more of your lights. Will they lose the ability to control their lights without an account soon?
3
6
124
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
๐ŸšจNew ๐Ÿงต: (1/9) No, macOS doesn't send info about your local photos to #Apple We analyzed mediaanalysisd after an extraordinary claim by Jeffrey Paul that it scans local photos and secretly sends the results to an Apple server.๐Ÿ‘‡ #Cybersecurity #Privacy
Apple Has Begun Scanning Your Local Image Files Without Consent

The personal website of Jeffrey Paul.

sneak.berlin
8
26
121
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
Apple: Our apps mind their business. Notย yours. Also Apple: No reasonable user would expect that their actions in Appleโ€™s apps would be private from Apple.
Tweet media one
1
19
120
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
@GeekyxNerdy Watch @naomibrockwell 's video to make an informed decision and pick an option that suits your own needs:
Tweet card media
Most PRIVATE 2FA apps

2FA is essential for securing your accounts, and one popular method is using an authenticator app. But some of the most well known authenticator apps are col...

www.youtube.com
4
18
117
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
11 months
The first three search results on @GooglePlay are ads whereas the first search result on the @AppStore is an ad. Either way good luck finding the app you're searching for.
Tweet media one
Tweet media two
11
16
115
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
8 months
When you delete your Apple ID, Apple keeps a record of the email address associated with your Apple ID permanently. According to the GDPR, the email address itself is considered personal data, let alone when users include their first and last names in their email address.โ€ฆ
Tweet media one
8
20
117
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 months
PWAs won't work on iOS, but only in the EU. Q: Why is it a big deal? A: Most businesses choose PWA apps because they want to: 1- Avoid app stores 2- Write one code for both iOS and Android With #Apple removing PWA support in iOS for EU users, businesses now have to: 1- Write aโ€ฆ
12
31
119
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
It's their app. They can set whatever rules they please, but to give this nonsense reason as to why users have to accept sharing analytics is unfathomable. "To keep Authenticator secure and up to date, we need to collect basic app diagnostic data" ๐Ÿคฏ #Microsoft #Authenticator
Tweet media one
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
Microsoft Authenticator prompts the user to accept sharing analytics during the first launch. The prompt only dismisses when the user taps on "Accept." In fact, the app starts sending analytics even before accepting the privacy statement.๐Ÿคฆโ€โ™‚๏ธ In this video, โ€ฆ
10
47
114
9
31
113
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
Just like its #iOS version, this #Android authenticator app sends scanned QR codes to a remote server. It has been downloaded 500K+ times. It's among the top 5 hits when you search for #2FA apps on @GooglePlay . Spread the word and warn your friendsโœŒ๏ธ #Privacy
Tweet media one
Tweet media two
Tweet media three
Tweet media four
4
54
112
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
8 months
@SnazzyLabs Itโ€™s surprising sometimes how even old iPhones can take pretty decent pictures with some post processing. This is a photo I took with an iPhone 6 back in 2015. Yeah the colours are a little saturated and you can see the HDR halo, but I kinda like it.
Tweet media one
2
1
117
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
Example of PWA disruption in the EU: @MagentaMusik is an entertainment service -part of the German telecom company @deutschetelekom - offering information about concerts and festivals. In 2022, Magenta Musik shut down their native apps on both #iOS and #Android and replaced themโ€ฆ
6
23
115
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
8 months
The new lock screen in #macOS Sonoma is gorgeous
5
12
114
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
The VPN leaks got worse in #iOS 16.1. Now push notifications also bypass the VPN in the standard mode. The Lockdown Mode is the same. It's only Apple services that bypass the VPN, all other connections are tunneled in the VPN.
16
31
115
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
Microsoft Authenticator prompts the user to accept sharing analytics during the first launch. The prompt only dismisses when the user taps on "Accept." In fact, the app starts sending analytics even before accepting the privacy statement.๐Ÿคฆโ€โ™‚๏ธ In this video, โ€ฆ
Tweet card media
Privacy: Microsoft Authenticator sends analytics even before accept...

When opening Microsoft Authenticator for the first time after downloading it from the App Store, it prompts the user to accept sharing diagnostics with Micro...

www.youtube.com
10
47
114
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
5 months
While a few apps such as Signal, iMessages, WhatsApp, and Threema encrypt the payload of their push notifications end-to-end, many other apps don't encrypt the payload. This includes most email apps and most apps in the social networking and shopping categories. #Privacy
@NBCNews
NBC News
@NBCNews
5 months
Sen. Ron Wyden has warned that foreign governments are spying on smartphone users by compelling Apple and Google to turn over push notification records, according to a letter he sent to AG Garland.
28
41
61
11
18
111
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
2/5 As the user browses the App Store app, detailed usage data is sent to Apple simultaneously. The data contains IDs to map the behavior to a profile (redacted in the video). Data shown in the video is 152KB. Here's a log of the requests while using the app for 10 minutes:
Tweet media one
1
16
108
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
โ€œThose situations will force many users into having to say โ€˜okayโ€™ to marketplaces without knowing a lot about them,โ€ Schiller says. But the current situation forces *all* users into having to say โ€˜okayโ€™ to *one* marketplace without knowing that the App Store collects exhaustiveโ€ฆ
@FastCompany
Fast Company
@FastCompany
3 months
Exclusive: Appleโ€™s Phil Schiller says alternative app stores expose iPhone users to more risk. Heโ€™s right.
11
2
11
5
21
107
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
4/6 The analytics data that the App Store sends to Apple always contain an ID called "dsId". We weren't sure if this was the same as the DSID, the ID that uniquely identifies an iCloud account. We confirm that they're the same ID.
1
15
108
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
7 months
Remarks about our recent iOS 17 privacy issues We recently wrote about two privacy issues we discovered in iOS 17. A few remarks we would like to share. Location Services Last week we reported that iOS 17 is switching two sensitive privacy settings back on for users who haveโ€ฆ
Tweet media one
Tweet media two
11
18
104
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
10 months
RIP
Tweet media one
7
11
107
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
You can check out @tommymysk 's music: ๐Ÿ˜Ž
Tweet card media
Knotted by Tommy Mysk

Stream and Save Knotted - Distributed by DistroKid

distrokid.com
4
8
105
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
Which authenticator app am I gonna go with? ๐Ÿค”
Tweet media one
34
8
105
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 months
Now it is confirmed: ๐Ÿ‘‰Users must have an Apple ID so that they can install alternative app marketplaces ๐Ÿ‘‰Developers must have an Apple ID so that they can distribute their apps to alternative app marketplaces. What kind of compliance is this?
Tweet media one
11
15
105
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
We previously showed that Microsoft Authenticator sends this usage data about every QR code you scan to add a 2FA token. Google Authenticator is a better option, it sends nothing. #Privacy #cybersecurity
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 years
Every time you scan a QR code with MS Authenticator, the app sends the service name to the server along with device info and session IDs. The app keeps sending analytics even when sharing usage data is off, but it excludes QR code info. Here scanning a code from Google๐Ÿ‘‡
Tweet media one
Tweet media two
Tweet media three
1
10
33
13
25
106
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
This is how #Apple introduced Privacy Nutrition Labels at #WWDC 2020. Okay, what if a user decides not to download or use the App Store app because its privacy label shows that the app links a lot of data to the user's identity. Can the user delete it? Or use another app store?
3
12
103
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
8 months
In #iOS17 , Apple apps continue to access protected resources without asking for permission. While this behavior can be justified for built-in apps, other #Apple apps installed from the App Store should ask for permission. The Apple Store app accesses the contacts without asking:
Tweet media one
Tweet media two
Tweet media three
4
20
103
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
This shows that adding end-to-end encryption to Google Authenticator wasn't planned at all, leaving the data of at least 100M+ users at risk. Without your support to spread the word and raise awareness, Google wouldn't have reacted. Thank you ๐Ÿ™
Tweet media one
Tweet media two
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices. TL;DR: Don't turn it on. The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.โ€ฆ
Tweet media one
Tweet media two
Tweet media three
Tweet media four
111
1K
3K
7
22
100
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 years
@dreikelvin @ProtonVPN All of the traffic that appeared in the video is either encrypted or double encrypted. The issue here is about wrong assumptions. The user assumes that when the VPN is on, ALL traffic is tunneled through the VPN. But iOS doesn't tunnel everything. Android doesn't either.
4
11
105
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
4 months
Agreed. App sideloading would open the door for privacy invasive apps. But the App Store app itself has become one of these apps. Every iPhone user is invited to do the following: - Open - Sign in and request a copy of your data - When you get the data,โ€ฆ
Tweet media one
@daringfireball
Daring Fireball
@daringfireball
4 months
โ˜… Coming to Grips With Appleโ€™s Seemingly Unshakable Sense of Entitlement to Its Commissions From Third-Party iOS Apps
13
5
55
4
27
102
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
17 days
AltStore PAL just updated their FAQ saying that they currently support one device per subscription. This confirms that Apple left marketplace app developers with no option to tell whether multiple devices belong to the same user or not. Apple promises that the CTF applies onceโ€ฆ
Tweet media one
Tweet media two
Tweet media three
Tweet media four
2
18
105
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
8 months
Security tip: You can use the new Action Button on your iPhone 15 Pro to sanitize links you copy and share by quickly removing all tracking and reference information. Here's a demo, and the Shortcuts recipe to create the same on your iPhone. โœŒ๏ธ #CyberSecurity #Privacy #Security
3
16
101
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
A 4th lawsuit against Apple based on our iOS findings, below similar findings about the App Store on macOS:
Tweet card media
Apple sued for promising privacy, failing at it

What's allowed for Cupertino is verboten for everyone else

www.theregister.com
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
1 year
๐Ÿงต The App Store on #macOS 13.2 sends detailed usage data and analytics to Apple. All interactions are associated with the user's iCloud ID, or dsid. This happens even when you turn off sharing usage data and analytics. (1/6) ๐Ÿ‘‡ #Privacy #InfoSec
Tweet media one
Tweet media two
7
91
310
0
19
102
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 months
Initially, Apple expected that removing PWAs would affect a small number of users. Today, Apple reversed course after the demands of that "small" number of users had occupied the headlines of major tech outlets. This is a lesson for everyone; never underestimate small numbers๐Ÿ’ช
Tweet media one
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
2 months
Great news: PWAs are back in the EU, albeit only on WebKit. Thanks a lot for everyone who echoed the concerns of many developers around the world. Your voice matters, and Apple has listened to it. #Apple #PWA #WebApps #iOS
7
23
139
5
12
101
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
14 days
PSA: #Apple recently introduced a new URI scheme so that #iOS users in the #EU can install marketplace apps from the browser. #Safari handles the scheme insecurely leaving users exposed to tracking. This video shows how Safari and Brave handle the new scheme. @Brave prevails!
5
22
102
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
15 days
A new alternative marketplace is going to be available soon: @Aptoide
14
15
102
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
Security Tip: If you use a VPN to hide your real IP address from an app, say TikTok, make sure the VPN connection is configured to use the "Always on" option. Because if you receive a push notification from TikTok while the VPN is off, Your IP will leak. More here: ๐Ÿ‘‡
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
4 months
๐Ÿšจ๐ŸŽฌ Privacy Concerns about Apple Push Notifications TL;DR: data-hungry apps use push notifications as a trigger to send app analytics and device information to their remote servers, even if the apps aren't running at all on your iPhone. Such apps include TikTok, Facebook, FBโ€ฆ
13
95
276
4
16
99
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
Speaking of PWAs, @X has a great Progressive Web App. So sadly it won't work in the EU. @elonmusk
6
2
101
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
4 months
I wrote Apple's privacy team to inquire about this data. Let's get to the bottom of this.
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
4 months
Just detected a call made by my iPhone seemingly sending my iOS keyboard data to an iCloud server. The domain name icloud-content[.]com is owned by Apple but not the one normally used for syncing iCloud data. The 316 KB of keyboard data is marked as "UserWords" The data isโ€ฆ
Tweet media one
Tweet media two
21
41
196
3
8
101
@mysk_co
Mysk ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ฉ๐Ÿ‡ช
@mysk_co
3 months
Progressive Web Apps (PWAs) are still disabled for EU users in #iOS 17.4 beta 2. But now there's a new pop-up. The pop-up somehow indicates that PWAs are disabled intentionally, rather than being a bug. Here's a video: #PWA #web #webApps #EU #DMA
16
34
100