Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Exactly what access do you think they have that you don’t specifically allow that they don’t have from a web browser - running on the same device?


Apps can leverage system APIs, gain always-on persistence.

Not long ago Facebook (Meta) was caught spinning up localhost server on Android devices to gather activities outside of the app.


On iOS devices you can turn off the ability to allow apps to wake up on a one by one basis “background refresh”.

And if you are concerned with your privacy, it’s nonsensical to buy a phone run by an adtech company that only made the operating system in the first place to sell ads and collect your data


That's an easy one, hold my beer:

Pwa with permissions granted gives access to: Location, create notification, phone state, phone #, IMEI, motion data

Mobile app with permissions gives access to EVERYTHING a pwa gets PLUS, Contacts, sms, notification content, biometrics data, web browsing data, phone activity history, location history, camera access, microphone access, NFC access, near device history, nearby wifi listing, saved wifi networks, Bluetooth device ID, Bluetooth beacons nearby, some device settings, personal data access(photos/music)


So you mean if I give an app permission to do something it has permissions to do that thing? How is that a security issue to be worried about?

And iOS doesn’t allow third party apps to intercept SMS messages.


It's rare for me to see this sarcastic attitude in replies on Hacker News. It's common on Reddit, but not here.


I mean it wasn’t a great argument that apps can do stuff after you give it permission to do stuff.


Maybe on Android. Literally half of that shit isn’t accessible by iOS apps even with full permissions. This feels like you’re just throwing shit against the wall.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: