Is there any reason the :zevvle: iOS app is reaching out to Facebook every time it’s open? Granted, it seems like the SDK isn’t configured properly and it results in 400 errors but I’m just wondering why this malware was included in the app in the first place and if it was possible to remove it or have a toggle for it (ideally have the toggle during initial app install before the SDK even has a chance to load)?
2 Likes
I draw comfort from the fact that @Rjevski is checking all the apps I run for trackers. Means I don’t have to worry about doing so myself. 
3 Likes
I wasn’t actually checking for trackers and simply trying to reverse-engineer the internal API so I can build an Apple Watch app for it (got the idea from the desktop app on the other thread) but something nasty caught my eye and sure enough, that was good old Zuckerberg saying hello. 
Now that you say that and that I have the proxy configured I’m gonna do a full sweep of all the (~10 or so) apps on my phone for any more shenanigans.
Edit: didn’t expect Here Maps to call out to Facebook. I guess that explains why they insist so much on asking access for contacts so that you can “get directions faster when visiting friends”… I guess I’m back to Apple Maps.
Edit 2: Shazam is doing something really weird by POSTing to https://carrierbundle.itunes.apple.com/WebObjects/MZCarrierBundle.woa/wa/fuseHeaderEnrichment with your MCC/MNC, phone number, IEMI, carrier name and some random GUID. Response is pretty much empty. I guess this must be their way of checking whether the carrier does “header enrichment” to be able to subscribe to Apple Music by paying through your phone carrier?
Edit 3: Curve is sending extremely granular device and accelerometer data to some scum called “Sift Science”. I guess the ICO is going to be hearing about this shortly.
HTTP payload (quite large)
{
"data": [
{
"user_id": "2595988399",
"installation_id": "25C4231F-1A00-4161-9F7D-867078C69824",
"time": 1586436674700,
"ios_app_state": {
"device_orientation": "ui_device_orientation_unknown",
"motion": [
{
"magnetic_field_y": -28.69310760498047,
"gravity_y": -0.8029879331588745,
"attitude_yaw": -0.6435071067925995,
"rotation_rate_x": -0.10213395208120346,
"user_acceleration_x": -0.0029928386211395264,
"magnetic_field_calibration_accuracy": "cm_magnetic_field_calibration_accuracy_high",
"time": 1586436675449,
"gravity_z": -0.5810462832450867,
"user_acceleration_y": -0.009168863296508789,
"magnetic_field_z": -38.88580322265625,
"magnetic_field_x": 6.2273101806640625,
"user_acceleration_z": -0.01798790693283081,
"rotation_rate_z": 0.11331115663051605,
"attitude_roll": -0.2244464291340842,
"gravity_x": -0.13264872133731842,
"rotation_rate_y": 0.03996288776397705,
"attitude_pitch": 0.9322917273111061
},
{
"magnetic_field_y": -26.40656280517578,
"gravity_y": -0.7889502048492432,
"attitude_yaw": -0.6694099129669479,
"rotation_rate_x": 0.07135847955942154,
"user_acceleration_x": 0.00561562180519104,
"magnetic_field_calibration_accuracy": "cm_magnetic_field_calibration_accuracy_high",
"time": 1586436675945,
"gravity_z": -0.6000208854675293,
"user_acceleration_y": 0.01596808433532715,
"magnetic_field_z": -39.32489013671875,
"magnetic_field_x": 5.718635559082031,
"user_acceleration_z": 0.014162659645080566,
"rotation_rate_z": 0.027085669338703156,
"attitude_roll": -0.21719547808178027,
"gravity_x": -0.13241049647331238,
"rotation_rate_y": -0.04473874717950821,
"attitude_pitch": 0.9090986107560467
},
{
"magnetic_field_y": -28.112747192382813,
"gravity_y": -0.7956211566925049,
"attitude_yaw": -0.6612505365738006,
"rotation_rate_x": -0.0006946884095668793,
"user_acceleration_x": 0.004716545343399048,
"magnetic_field_calibration_accuracy": "cm_magnetic_field_calibration_accuracy_high",
"time": 1586436676441,
"gravity_z": -0.5902780294418335,
"user_acceleration_y": 0.017002761363983154,
"magnetic_field_z": -39.4288330078125,
"magnetic_field_x": 5.733909606933594,
"user_acceleration_z": 0.011384427547454834,
"rotation_rate_z": -0.008209256455302238,
"attitude_roll": -0.22681844462559067,
"gravity_x": -0.1362302005290985,
"rotation_rate_y": -0.0013528582639992237,
"attitude_pitch": 0.9200322933252595
},
{
"magnetic_field_y": -27.722923278808594,
"gravity_y": -0.8024813532829285,
"attitude_yaw": -0.6633823653032123,
"rotation_rate_x": 0.0014027683064341545,
"user_acceleration_x": 0.019085079431533813,
"magnetic_field_calibration_accuracy": "cm_magnetic_field_calibration_accuracy_high",
"time": 1586436676937,
"gravity_z": -0.5804246664047241,
"user_acceleration_y": 0.004113912582397461,
"magnetic_field_z": -38.52374267578125,
"magnetic_field_x": 5.380561828613281,
"user_acceleration_z": 0.017192065715789795,
"rotation_rate_z": -0.0007058070041239262,
"attitude_roll": -0.23393629680770078,
"gravity_x": -0.13831479847431183,
"rotation_rate_y": 0.012351199984550476,
"attitude_pitch": 0.9314422352429002
},
{
"magnetic_field_y": -28.248268127441406,
"gravity_y": -0.8049471974372864,
"attitude_yaw": -0.6723782028995834,
"rotation_rate_x": 0.023446694016456604,
"user_acceleration_x": 0.007853090763092041,
"magnetic_field_calibration_accuracy": "cm_magnetic_field_calibration_accuracy_high",
"time": 1586436677434,
"gravity_z": -0.5777023434638977,
"user_acceleration_y": 0.008616447448730469,
"magnetic_field_z": -39.1016845703125,
"magnetic_field_x": 5.201866149902344,
"user_acceleration_z": 0.0023894309997558594,
"rotation_rate_z": -0.012611309066414833,
"attitude_roll": -0.23014139555349652,
"gravity_x": -0.13535133004188538,
"rotation_rate_y": -0.0029278486035764217,
"attitude_pitch": 0.9355864880403786
},
{
"magnetic_field_y": -28.62226104736328,
"gravity_y": -0.8077072501182556,
"attitude_yaw": -0.6777983754700799,
"rotation_rate_x": 0.02385319024324417,
"user_acceleration_x": 0.004835158586502075,
"magnetic_field_calibration_accuracy": "cm_magnetic_field_calibration_accuracy_high",
"time": 1586436677930,
"gravity_z": -0.574044942855835,
"user_acceleration_y": 0.014164745807647705,
"magnetic_field_z": -39.1185302734375,
"magnetic_field_x": 5.2371978759765625,
"user_acceleration_z": 0.0009202361106872559,
"rotation_rate_z": -0.0055016824044287205,
"attitude_roll": -0.23009682785609753,
"gravity_x": -0.13446743786334991,
"rotation_rate_y": -0.0058000837452709675,
"attitude_pitch": 0.9402529167419488
},
{
"magnetic_field_y": -28.483245849609375,
"gravity_y": -0.8081878423690796,
"attitude_yaw": -0.6764572797253112,
"rotation_rate_x": -0.016017068177461624,
"user_acceleration_x": 0.009356945753097534,
"magnetic_field_calibration_accuracy": "cm_magnetic_field_calibration_accuracy_high",
"time": 1586436678426,
"gravity_z": -0.5731827616691589,
"user_acceleration_y": 0.012410104274749756,
"magnetic_field_z": -38.77215576171875,
"magnetic_field_x": 5.181297302246094,
"user_acceleration_z": 0.007826924324035645,
"rotation_rate_z": -0.00904708169400692,
"attitude_roll": -0.23173152796556556,
"gravity_x": -0.13525426387786865,
"rotation_rate_y": -0.011904917657375336,
"attitude_pitch": 0.9410685210129237
},
{
"magnetic_field_y": -28.518234252929688,
"gravity_y": -0.8083063960075378,
"attitude_yaw": -0.6772623347014985,
"rotation_rate_x": -0.0027772895991802216,
"user_acceleration_x": 0.008488982915878296,
"magnetic_field_calibration_accuracy": "cm_magnetic_field_calibration_accuracy_high",
"time": 1586436678922,
"gravity_z": -0.573096752166748,
"user_acceleration_y": 0.01347649097442627,
"magnetic_field_z": -39.0081787109375,
"magnetic_field_x": 5.2380828857421875,
"user_acceleration_z": 0.0011019706726074219,
"rotation_rate_z": -0.008802538737654686,
"attitude_roll": -0.23119625058856547,
"gravity_x": -0.13491015136241913,
"rotation_rate_y": 0.005282094702124596,
"attitude_pitch": 0.9412699034870871
},
{
"magnetic_field_y": -28.7769775390625,
"gravity_y": -0.809404194355011,
"attitude_yaw": -0.6770168590356921,
"rotation_rate_x": 0.011362927965819836,
"user_acceleration_x": 0.006749778985977173,
"magnetic_field_calibration_accuracy": "cm_magnetic_field_calibration_accuracy_high",
"time": 1586436679418,
"gravity_z": -0.5716021060943604,
"user_acceleration_y": 0.009463906288146973,
"magnetic_field_z": -39.1534423828125,
"magnetic_field_x": 5.568885803222656,
"user_acceleration_z": 0.005841076374053955,
"rotation_rate_z": -0.013553611934185028,
"attitude_roll": -0.23138120858441355,
"gravity_x": -0.13466989994049072,
"rotation_rate_y": -0.013596957549452782,
"attitude_pitch": 0.9431368294843803
},
{
"magnetic_field_y": -28.436141967773438,
"gravity_y": -0.8083756566047668,
"attitude_yaw": -0.6784509759018725,
"rotation_rate_x": -0.01260838657617569,
"user_acceleration_x": 0.008252471685409546,
"magnetic_field_calibration_accuracy": "cm_magnetic_field_calibration_accuracy_high",
"time": 1586436679914,
"gravity_z": -0.5731775164604187,
"user_acceleration_y": 0.013761162757873535,
"magnetic_field_z": -38.764892578125,
"magnetic_field_x": 5.4209747314453125,
"user_acceleration_z": 0.007103919982910156,
"rotation_rate_z": 0.006131382193416357,
"attitude_roll": -0.22990927381998594,
"gravity_x": -0.13415084779262543,
"rotation_rate_y": 0.0008778441697359085,
"attitude_pitch": 0.9413875167574092
}
],
"battery_level": 0.8299999833106995,
"network_addresses": [
"10.195.188.241",
"fe80::c7a:8d32:ca09:82f1",
"192.168.0.21",
"fe80::308e:54ff:fe32:7bab",
"fe80::baf1:2aff:fea0:316d",
"fd74:6572:6d6e:7573:d:f413:fd24:b2c9",
"fd74:6572:6d6e:7573:c:f413:fd24:b2c9",
"fe80::6f1a:c6ed:e4ac:b6b4",
"fe80::1176:e1ee:f9f9:f176",
"fe80::b505:81df:631c:9990",
"fe80::baf1:2aff:fea0:316d",
"fd74:6572:6d6e:7573:c:f413:fd24:b2c9",
"10.254.254.254",
"fd74:6572:6d6e:7573:d:f413:fd24:b2c9",
"fe80::baf1:2aff:fea0:316d",
"fd74:6572:6d6e:7573:c:f413:fd24:b2c9",
"10.254.254.254",
"fd74:6572:6d6e:7573:d:f413:fd24:b2c9"
],
"application_state": "ui_application_state_inactive",
"heading": {
"time": 1586436680095,
"raw_magnetic_field_x": 5.370582580566406,
"magnetic_heading": 315.1876220703125,
"true_heading": 315.28851318359375,
"raw_magnetic_field_z": -39.074951171875,
"accuracy": 11.492536544799805,
"raw_magnetic_field_y": -28.277008056640625
},
"sdk_version": "v0.9.10",
"battery_state": "ui_device_battery_state_unplugged"
}
}
]
}
2 Likes
The library we use (ExpoKit from Expo) has the Facebook SDK built-in unfortunately and we couldn’t remove it previously. We don’t have Facebook, we haven’t configured the app with it, and none of your data is sent there (hence the 400 errors).
We’re updating the app next week and I’ll try to remove it completely, and if not then shortly after. I’m sorry we didn’t mention it previously, I don’t like it being there either.
5 Likes
Thanks for the feedback. I suspected it might’ve been a built-in from the Expo SDK. Surprising they enable it by default even if no Facebook App IDs are configured as it’s a pure waste of resources.
/puts on tinfoil hat
I wouldn’t be surprised if Facebook uses error logs as advertising insights. At this point we should assume any single packet sent to their AS will be used in one way or another to stalk people or influence advertising.
3 Likes
Yes! Wasn’t a big consideration early on, but they’re working on it. Being able to do over-the-air updates without going through the Apple/Google stores each time is excellent.
3 Likes