CP
cyberpings
PrivacyHIGH

Apple OHTTP Relay - Exposes User Data Through Third-Party Endpoints

Featured image for Apple OHTTP Relay - Exposes User Data Through Third-Party Endpoints
FDFull Disclosure
AppleLive Caller IDOHTTPdata privacyOpenAI
🎯

Basically, Apple routes your caller ID data through many unknown companies without telling you.

Quick Summary

Apple's OHTTP relay for Live Caller ID Lookup routes user data through 14 third-party endpoints across six countries. This lack of transparency affects all iPhones running iOS 18+, raising serious privacy concerns. Users deserve to know how their data is being handled.

What Changed

Apple's new Oblivious HTTP (OHTTP) relay for Live Caller ID Lookup in iOS 18+ has sparked significant privacy concerns. The system routes user data through 14 third-party endpoints located in six different countries. This setup raises questions about data transparency and user consent, as Apple has not disclosed this information to its users.

How This Affects Your Data

The OHTTP relay connects devices to various third-party services, including an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint operated by Yandex, and a Swiss company whose privacy policy is vague about its data handling practices. This means that sensitive user data, such as caller ID information, may be exposed to entities without the users' knowledge or consent.

Who's Responsible

Apple is at the center of this controversy, as it has implemented this system without adequately informing its users. The networkserviceproxy daemon on iPhones executes numerous background tasks that facilitate these connections, which appear inconsistent with the stated function of the service. Users expect privacy and security, yet this infrastructure raises serious red flags.

How to Protect Your Privacy

  • Review Your Settings: Check if the Live Caller ID Lookup feature is enabled on your device and consider disabling it if privacy is a concern.
  • Stay Informed: Keep up with updates from Apple regarding privacy policies and any changes to the OHTTP system.
  • Use Alternative Services: Consider using third-party caller ID services that prioritize user privacy and transparency.
  • Advocate for Transparency: Encourage Apple to provide clearer information about data handling practices and to improve user consent mechanisms.

Technical Details

The endpoints identified include:

  1. Taiwan Mobile Co., Ltd.
  2. StopScam LLC
  3. Yandex
  4. Truecaller
  5. Google APIs

These endpoints have been confirmed through various technical methods, including sysdiagnose captures from production iPhones. This shared infrastructure means that all devices using the Live Caller ID Lookup feature are potentially affected.

Conclusion

Apple's OHTTP relay system for Live Caller ID Lookup has raised serious privacy concerns due to the involvement of multiple third-party endpoints. Users are left in the dark about how their data is being handled and shared. Immediate action is required to ensure user privacy and transparency in data handling practices.

🔒 Pro insight: This incident highlights the need for stricter regulations on data transparency and user consent in tech ecosystems.

Original article from

FDFull Disclosure
Read Full Article

Share

Related Pings

MEDIUMPrivacy

Messaging Apps - Analyzing Permissions on Android Devices

A new analysis compares Messenger, Signal, and Telegram's permission requests on Android. Telegram has the least permissions, while Messenger has the most. This impacts user privacy significantly.

Help Net Security·
MEDIUMPrivacy

Digital Trust Erosion - How Logins Impact User Confidence

Sign-up forms and login processes are causing digital trust to erode. With 68% of users reporting issues, understanding these challenges is vital for improving security and user experience. Organizations must address these concerns to build lasting trust.

Help Net Security·
HIGHPrivacy

House Democrats Criticize ICE's Use of Paragon Spyware

What Happened Recently, Immigration and Customs Enforcement (ICE) confirmed its use of Paragon spyware, a revelation that sparked outrage among several House Democrats. Acting ICE Director Todd Lyons responded to inquiries from lawmakers, stating that the agency employs this technology to combat fentanyl trafficking, particularly against groups using encrypted communications. However, this explanation did not satisfy the concerned representatives.

CyberScoop·
MEDIUMPrivacy

Jacob Mchangama - Discusses Free Speech and Its Challenges

Jacob Mchangama discusses the state of free speech and its challenges in today's world. He emphasizes the need to protect this essential freedom for democracy. His insights shed light on the importance of advocating for free expression amidst rising concerns.

EFF Deeplinks·
HIGHPrivacy

Identity Security - Rethinking for a Borderless Attack Surface

Identity security is under siege as attackers exploit stolen credentials. Organizations must adapt to protect against these evolving threats effectively. It's crucial to rethink identity management strategies.

SC Media·
HIGHPrivacy

ICE Buys Paragon Spyware for Drug Trafficking Cases

ICE has purchased spyware from Paragon Solutions to combat drug trafficking. This decision raises serious privacy concerns for affected communities, including immigrants and activists. Critics warn of potential abuses and demand accountability from the agency.

TechCrunch Security·