Skip to content(if available)orjump to list(if available)

Meta bypassed Apple privacy protections, claims former employee

Meta bypassed Apple privacy protections, claims former employee

37 comments

·September 15, 2025
Visit

thewebguyd

Surely Apple also knows this, so when are they going to follow their own App Store policy and pull Meta's apps off the platform?

They won't because rules for thee, not for me. It's OK if someone big enough violates Apple's rules, but if a smaller dev does it? You get booted off the store.

ceejayoz

Same for Uber, which sends both important order updates and marketing as push notifications.

https://developer.apple.com/design/human-interface-guideline... says "before you send [marketing push] notifications to people, you must receive their explicit permission to do so".

kmlx

> Same for Uber, which sends both important order updates and marketing as push notifications.

can be disabled via:

settings > communication > push notifications

but the worst part is when they add a new category (eg uber teen accounts) and surprise it’s enabled by default.

latexr

> Uber, which sends (…) marketing as push notifications.

Apple themselves have started doing that, so zero chance of the rule being enforced.

> https://developer.apple.com/design/human-interface-guideline... says

Those are the Human Interface Guidelines, which are basically suggestions on how to make a proper app. They don’t impact policy and Apple has been shitting on them for years now. Liquid Glass breaks so many rules it’s not even funny. What you want to link to is the App Review Guidelines, specifically 4.5.4.

https://developer.apple.com/app-store/review/guidelines/#4.5...

ceejayoz

4.5.4 is more important, and agrees with the "you must" bit in the HIG.

"Push Notifications should not be used for promotions or direct marketing purposes unless customers have explicitly opted in to receive them via consent language displayed in your app’s UI, and you provide a method in your app for a user to opt out from receiving such messages. Abuse of these services may result in revocation of your privileges."

> Apple themselves have started doing that

Well, it's their platform. They've their own internal rules and app review processes, one would presume. Like how the cops can shoot people, but I can't.

Isamu

>Surely Apple also knows this

No, this is not as simple as Meta calling internal APIs that can be detected. This is Meta developing tricky ways of identifying users from patterns of usage without regard to opt-in. If users consent, the app can use the Apple API to track. Easy. If users don’t consent, Meta tracks through tricks matching behavior stored on their servers.

This is Meta abiding by the letter of the Apple developer agreement but not the spirit of the agreement.

SoftTalker

And it doesn't even really matter if it's perfect. While they are subverting the intent of their users, they are also certainly subverting the intent of their advertisers and portraying a targeting ability that is an exaggeration of what they actually can do. The advertisers may even realize it; in advertising no targeting is perfect, and if your ads are within the blast radius of most of your intended eyeballs, that's good enough.

ceejayoz

> No, this is not as simple as Meta calling internal APIs that can be detected.

Yes, it is. It's just more manual.

Meta has repeatedly done this sort of thing. It's clear that Apple knows they're up to this stuff, and it's clear that Meta will continue to do it, and it's clear that Apple doesn't have the will to kill their apps over it.

Which they would absolutely do for an app you or I made.

andy_ppp

They probably have an agreement that involves money and anticompetitive behaviour.

netdur

Meta is run by people with no regard for ethics, and if that surprises you, that’s on you. Their whole model is just packaging and selling you with whatever tech they can grab. If you’re worried, don’t install Meta apps. I’ve got WhatsApp on Android and Instagram on iPad, They’re already getting eaten alive by TikTok and AI girlfriends

ujkhsjkdhf234

Most people are not the Hacker News types who know this. The Facebook movie is the closest the average person has come to knowing how evil this company is.

SoftTalker

Most people if they know, don't care. They don't see an issue with their data being harvested and sold. They think "who cares, why would anyone be interested in me, besides, everyone does it."

They use supermarket loyalty cards to save $0.25 on a gallon of milk. They install tracker apps to save money on gas. People don't care.

daft_pink

I feel like everyone paying attention deep down knew that they were doing this. This is just the article that confirms it.

righthand

15 years ago it was celebrated in the media as a “cool inventive cutting edge idea” that Facebook was running psychological experiments on it’s users without consent.

antiframe

Most of the media I remember from that time was less celebratory and more skeptical. [1] [2] [3]

Do you have some examples of the media celebrating Facebook's psychological experiments? Perhaps you live in a different influence sphere or filter bubble than I do.

To check my centiment, I asked ChatGPT "What was the media sentiment ten years ago about Facebook running psychological experiments on people?" and here was its top-line response:

> Short answer: largely negative — shocked and critical. Journalists, ethicists and privacy advocates framed Facebook’s secret “emotional contagion” experiments as an ethical breach (lack of informed consent, manipulation of users’ moods, corporate research without proper oversight), while a smaller group of commentators pushed back saying large-scale A/B testing is routine for tech firms.

[1]: https://www.wired.com/2014/06/everything-you-need-to-know-ab... [2]: https://www.cnet.com/tech/services-and-software/the-ethical-... [3] https://www.yahoo.com/news/facebook-changed-way-experiments-...

nujabe

What were the signs ?

dylan604

Like the hack they were doing to de-anonymize users?

https://arstechnica.com/security/2025/06/meta-and-yandex-are...

ChrisArchitect

Source story from August: https://www.ft.com/content/be6a99d2-22de-48ec-9afa-1d2e2f709...

gruez

>Meta also secretly linked user data with other information to track users’ activity on other websites without their permission — despite Apple in 2021 introducing measures explicitly requiring consent, according to Purkayastha’s filings.

That's frustratingly vague, not to mention it hinges on the complaint of a disgruntled employee. Facebook finding some way to bypass cross app tracking restrictions would be much more controversial than if they bought purchasing data (grouped by email) from data brokers, and then joined that with their own datasets, for instance.

caycep

is this the incident where Apple pulled Meta's developer licenses or is this a new breach?

toast0

IIRC, Apple pulled Facebook's enterprise developer cert over Onavo stuff; again IIRC, Apple had pulled Onavo from the app store, and Facebook continued to offer it to users by enrolling them in the enterprise developer system; on January 30, 2019 Apple revoked that cert: Onavo distribution was stopped in addition to Facebook's internal apps.

This article says it's about Apple’s App Tracking Transparency (ATT), introduced in 2021. Facebook changed their name to Meta in 2021 as well.

rchaud

> Meta relied heavily on selling personalized advertising, which required it to be able to target particular demographics and interest groups. This was achieved by tracking individual users across different apps.

Yet another reason to dump native apps (many of which are built using the Facebook SDK despite having nothing to do with FB) in favour of web apps.

ujkhsjkdhf234

I like my native apps and I'm not a fan of PWAs because they cannot be made to easily run offline.

nickthegreek

running meta's social media apps offline doesn't seem particular compelling.

electric_muse

When the incentives are this large, it’s just too profitable to not “be evil.” We can decry this, but it’s just human nature.

I also think this is a sign of late stage capitalism where the opportunities to profit “ethically” are becoming much harder to find and exploit. That leads to more pressure to find gray areas that others’ ethical or moral convictions prevented them from exploiting.

I just installed graphene os on a brand new cash-bought pixel for the express purpose of not being left out of some important WhatsApp groups or missing out on some other experiences that require installing apps that I know won’t respect my privacy. I assume anything from Meta is hazardous at this point.

gruez

>I just installed graphene os on a brand new cash-bought pixel for the express purpose of not being left out of some important WhatsApp groups or missing out on some other experiences that require installing apps that I know won’t respect my privacy. I assume anything from Meta is hazardous at this point.

There isn't much point in the "cash-bought" part when android has blocked non-system apps from reading hardware identifiers years ago. Not to mention that facebook can easily deanonmyize you through your social graph.

thepryz

I assume this is a secondary phone? Curious as I’ve been contemplating the same thing

KerrAvon

> it’s just human nature

It's not, though. The universal avarice of the current era may not be unprecedented in history, but it wasn't the norm through most of the 20th century. There was a time when layoffs were considered painful failures at some corporations, instead of routine business strategy -- probably because the Great Depression was still in living memory.

nujabe

[flagged]

orochimaaru

Your bigotry is disgusting

null

[deleted]

nujabe

Why do you think H1B employees, essentially functioning as indentured servants, are not vulnerable to engaging in unethical work?

ceejayoz

Why do you think American citizens are not vulnerable to engaging in unethical work?

orochimaaru

There are plenty of Chinese H1B’s as well including other nations. Somehow they aren’t immune to ethical issues. Only Indians are. Smh.

Like I said - your bigotry is disgusting.