If you regularly access X (formerly known as Twitter) via your iPhone or iPad, you may be sending unwanted personal data without your knowledge. That's the worrying finding of two iOS developers and security researchers.
Following a testing round, they observed that the X app for iOS keeps sharing crash reports with the popular social media provider even when users opt out of this option in the settings.
That's not the first time the duo unveiled security flaws linked to Apple devices and their applications. In 2022, they reported a data leak occurring when using VPN services on iOS 16. Let's look at what this new Apple privacy bug means for your privacy.
X for iOS privacy bug
"X for iOS has an option to disable sending crash reports. Well, it is useless. The app continues to send crash reports even if you opt out," tweeted developer and security researcher Tommy Mysk on January 15.
If you head to Settings on your X application, you can decide whether or not to send crash reports to the social media provider by turning on or off the toggle you find in the Additional Resources tab. That's on paper, at least.
A new video, which researchers uploaded on their official YouTube channel, clearly shows how the X app keeps sharing this data despite the Send crash reports button being off.
Replying to a worried comment about the same potential issues on the X app for desktop, the researchers said that the MacOS version hasn't been updated yet as it still comes with the platform's old name, Twitter.
So, what does all this mean for your online privacy?
As Apple describes in a blog post, crash reports give out details on "how your app terminated, and also contains the complete backtrace of each thread, which shows the code running at the time of the crash."
It might not sound so intrusive, after all. Yet, if you take the time to look for the X app on the Apple Store, you can see that the data linked to you (meaning the information that can be linked to your identity) also includes usage data and diagnostic details, among other things.
"In fact, this is the reason why we make sure we switch the option off. To our surprise, it turns out the setting is useless," said Mysk.
In addition to this, I would say, such a finding doesn't certainly assure all those users concerned about their mobile privacy who carefully review their settings every time they download a new app to minimize as much as possible their digital footprint.
I contacted Apple about this privacy issue, but I'm still waiting for a comment at the time of writing.
