Back to blog homepage

Google can track iOS users through fonts

https://twitter.com/sandofsky/status/1172200578207772672

Google’s Crashyltics allow them to track crashes from the “Beta” version of the app through a font.

https://twitter.com/sandofsky/status/1172215993625505792

However, there is at least a prompt to install it.

One of the things iOS has always lacked is the ability to install custom fonts. Apple has delayed it, stating security concerns. Proving Apple’s point, Google-owned Crashlytics is abusing the feature to track users by installing a font with a custom identifier embedded. Because fonts are installed system-wide in order to be used across multiple apps, it could be possible for any app to use Crashlytics’s font to uniquely identify users, and piggy-back off the tracking without doing any workthemselves.

This sets up a host of security and privacy concerns and problems. The basic fact remains that something as innocuous as a font should not be used for fingerprinting users, because most consumers will not know a font should/could be used for that purpose.

It helps me if you share this post

Published 2019-09-13 07:59:35

Leave a Reply

Your email address will not be published. Required fields are marked *