Why does a random app (with no special permissions given to it) get access to so much info, and why doesn't Apple tell users this (important) info? Why can't Apple make a long list of check boxes so users can dis/allow on a per-category and per-app basis?
E.g. I had no idea a random app you install (and give no permissions to) instantly has a list of every app installed on the device (e.g. can infer whether you're dating [or cheating!] from presence of tinder/bumble/hinge). That alone seems instantly monetizable by unscrupulous actors via 'is-my-partner-cheating' as a service: charge $10 to give a probable answer.
I'm in that camp of has a dating app installed but have no partner so the is-my-partner-cheating admittedly doesn't resonate with me. I've had to do some of this fingerprinting myself before for non-data-selling reasons so a lot of the system-level statistics didn't quite impress me [1], but that one was a gut-punch when I saw it pop up. It makes me wonder what apps out there have leveraged that as a signal for ads or other behavior modifications to exploit my search for a partner -- without at least having to spend a few pennies querying a data broker!
It makes sense that there's some discovery mechanism - since Google loves to use it to prefer Chrome, GMail, etc when you're in one of their apps. I wish that there were more restrictions though where you only get implicit permission to query from apps that have the same developer ID. Maybe a mutual allowlist that has to be formed, or some sort of privileged intent where you at least have to tell Apple what's going on and that gives them some contractual right to sanction you if you're using it for nefarious purposes instead.
[1] excluding the clipboard copy count, that was novel!
That’s a stupid idea, how would you even get this “is-my-partner-cheating” on your partners phone?
Loupe itself can see if you have tinder/bumble/hinge installed (verify for yourself: install tinder, then install loupe, don't give it any permissions, and it can tell if you have tinder installed or not). So the answer is: buy the data from any app your partner has installed! Or more easily, a data aggregator which will have already combined data from hundreds/thousands of apps.
So your partner only needs to have had 1 single app from the list that sells user data to a data aggregator for this to work. They do not need to have installed some special app.
Here's a random Slate article about apps getting your data and selling it to aggregators/brokers, who sell it to third-parties (you, or I, could be one of those third parties).
> How Shady Companies Guess Your Religion, Sexual Orientation, and Mental Health And sell that data to the highest bidder.
https://slate.com/technology/2023/04/data-broker-inference-p...
It already happens all the time. It even has a name.
https://en.wikipedia.org/wiki/Stalkerware
Of all things, this is where you went?
Okay it's weird but the first thing that came to mind. Logic: if I can think of a monetisable, nefarious application in 10 seconds, then it stands to reason that very many nefarious applications would be possible with more time/effort.
Not just possible, currently being implemented. People are murdered every year using this information. Last year a US politician was assassinated by someone who tracked them by buying this information from aggregator. You thought of a tame use case!
Which politician? I want to read more
https://en.wikipedia.org/wiki/2025_shootings_of_Minnesota_le... search for 'data broker' in page. Nightmare world we live in.
And how would the is-my-partner-cheating get their app onto the victims device to detect the other apps?
They don't, utilise the fact that every single iPhone app has access to what other apps are installed! - purchase that info from literally any iPhone app or aggregator that has it for that user. Curious how much this would cost to purhcase - a working credit card goes for $5-10 on the black market so 'apps installed on X's iphone' might be, like, 10c?
Which even halfway credible app developer would sell you that info? You know that’s illegal right? You might get some stupid indie developer to do this but no chance for anything even half big.
But if you can get actually get this data, maybe try to do this on yourself and write a blogpost about it. I highly doubt you’ll be able to.
I've never made an iOS app and don't have plans to. But my assumption is ~every >= medium-sized iOS app would be monetised by selling data to aggregators.
Even if that was the case - which it isn't - the aggregator data isn't keyed by the user in question. That is highly illegal pretty much everywhere and would get you in a lot of trouble. You can't "just" find out which apps an arbitrary person has installed on their phone. That's not how it works.
My understanding is it's common practice. E.g. How Shady Companies Guess Your Religion, Sexual Orientation, and Mental Health And sell that data to the highest bidder. https://slate.com/technology/2023/04/data-broker-inference-p...
Most app publishers are halfway credible at best, so it's not much of a problem. Even the halfway credible ones often use SDKs that do this.
Ok but if the SDKs do this they use it themselves to serve ads and don’t sell the raw data, right?
Get your hands on a random selection of 10 iPhones and look at the apps installed. I suspect you’d be horrified. As an example - any parent who has installed a free game for their kids likely has all of this info, plus more via tied in logins.
That said, I agree with the rest of your point - you’re not going to go to a developer and offer them $100 for this data on a person (and if you could, you’d still need to tell them which person, which if you could do you could just get the data yourself)
Ask any domestic abuser. Most of them seem to be successful at it.
https://www.npr.org/sections/alltechconsidered/2014/09/15/34...
It’s crazy to me that people are being so skeptical of the idea. A lot of people share their logins freely with their spouses. I have never done it nor would I condone it, but it would be trivial for me to install spyware on the devices of many people I know, because they rightfully trust me. Not only do I know some of their device passwords¹, being “the computer guy” I could just outright ask for it or get them to input it anywhere while fixing some issue they have.
¹ And many more I have forgotten, because I make it a point to not record them, even mentally.
If you can get the app onto my phone in person, you can also just check which apps I have on my phone
That assumes continued access, which may not be true. Installing spyware gives you information down the line.
But if you have credentials and physical access you can just ask for their phone and straight up read their messages/apps.
Yeah, once, possibly under time pressure, and not at all times. Spyware gives you continued access.