{"id":584,"date":"2019-09-13T07:59:35","date_gmt":"2019-09-13T14:59:35","guid":{"rendered":"https:\/\/gmr.dev\/blog\/?p=584"},"modified":"2022-08-08T19:30:20","modified_gmt":"2022-08-09T02:30:20","slug":"google-can-track-ios-users-through-fonts","status":"publish","type":"post","link":"https:\/\/rose.dev\/blog\/2019\/09\/13\/google-can-track-ios-users-through-fonts\/","title":{"rendered":"Google can track iOS users through fonts"},"content":{"rendered":"<p>https:\/\/twitter.com\/sandofsky\/status\/1172200578207772672<\/p>\n<p>Google&#8217;s Crashyltics allow them to track crashes from the &#8220;Beta&#8221; version of the app through a font.<\/p>\n<p>https:\/\/twitter.com\/sandofsky\/status\/1172215993625505792<\/p>\n<p>However, there <em>is<\/em> at least a prompt to install it.<\/p>\n<p>One of the things iOS has always lacked is the ability to install custom fonts. Apple has delayed it, stating security concerns. Proving Apple\u2019s point, Google-owned Crashlytics is abusing the feature to track users by installing a font with a custom identifier embedded. Because fonts are installed system-wide in order to be used across multiple apps, it could be possible for <em>any<\/em> app to use Crashlytics\u2019s font to uniquely identify users, and piggy-back off the tracking without doing any workthemselves.<\/p>\n<p>This sets up a host of security and privacy concerns and problems. The basic fact remains that something as innocuous as a font should not be used for fingerprinting users, because most consumers will not know a font should\/could be used for that purpose.<\/p>\n<hr>\r\nIt helps me if you share this post\r\n<br\/>\r\n<br\/>\r\nPublished 2019-09-13 07:59:35 ","protected":false},"excerpt":{"rendered":"<p>https:\/\/twitter.com\/sandofsky\/status\/1172200578207772672 Google&#8217;s Crashyltics allow them to track crashes from the &#8220;Beta&#8221; version of the app through a font. https:\/\/twitter.com\/sandofsky\/status\/1172215993625505792 However, there is at least a prompt to install it. One of the things iOS has always lacked is the ability to install custom fonts. Apple has delayed it, stating security concerns. Proving Apple\u2019s point, Google-owned &hellip; <a href=\"https:\/\/rose.dev\/blog\/2019\/09\/13\/google-can-track-ios-users-through-fonts\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Google can track iOS users through fonts<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[832],"tags":[],"class_list":["post-584","post","type-post","status-publish","format-standard","hentry","category-software"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/posts\/584","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/comments?post=584"}],"version-history":[{"count":4,"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/posts\/584\/revisions"}],"predecessor-version":[{"id":2459,"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/posts\/584\/revisions\/2459"}],"wp:attachment":[{"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/media?parent=584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/categories?post=584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/tags?post=584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}