Privacy

5313 readers

73 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

Be civil and no prejudice
Don't promote big-tech software
No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
No reposting of news that was already posted
No crypto, blockchain, NFTs
No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 1 year ago

MODERATORS

otter@lemmy.ca

shaytan@lemmy.dbzer0.com

115

Some of the info instagram sends when you're using the app. (lemmy.dbzer0.com)

submitted 3 weeks ago by irelephant@lemmy.dbzer0.com to c/privacy@lemmy.dbzer0.com

9 comments fedilink hide all child comments

I've recently been working on scraping the app api for instagram for a project, and I'm surprised at the amount of data it sends that it shouldn't need. I knew it did a lot of tracking already, but after looking at what it sends, I am never installing that app outside of an emulator.

When you login it sends:

How many sim cards you have installed
Whether you have whatsapp installed
whether you gave permission for: call logs, contacts, answer phone calls
Timestamps for when you opened the app and when you clicked any component.

On most requests, it sends:

Your connection type (WIFI/mobile data)
Your connection speed
Whether google play attestation is working
If your phone is foldable or not
Whether you have dark or light theme enabled
What device you are running instagram on
The components you clicked on to navigate to whatever page you are on, as well as timestamps for when you clicked them.

When loading your timeline, they payload contains:

Whether instagram has permission for your camera
Your battery level
Whether your phone is charging
The time you opened the app at.
Whether you used pull to refresh to load your feed.
Your volume level
Your timezone offset.

For every useful request it sends about 2 to /logging_client_events, which has a binary, encoded as base64 payload.

top 9 comments

sorted by: hot top controversial new old

[–] tyler@programming.dev 7 points 3 weeks ago

The whatsapp check is probably so it can exfiltrate your messages.

[–] Railcar8095@lemmy.world 4 points 3 weeks ago

Best is to not use Instagram.

Second best is to use Nora to see the web version and redirect the links automatically. https://f-droid.org/packages/jp.nonbili.nora/

[–] RotatingParts@lemmy.ml 3 points 3 weeks ago

I am guessing that a lot of that tracking information isn't available to them if you don't use the app and just log into instagram via a browser.

[–] just_an_average_joe@lemmy.dbzer0.com 3 points 3 weeks ago (2 children)

Any chance you can share your app when done?

[–] irelephant@lemmy.dbzer0.com 2 points 3 weeks ago* (last edited 2 weeks ago)

I'm not currently working on an app, I am adding support for fetching stuff through accounts to this: https://codeberg.org/irelephant/kittygram .

[–] MrSoup@lemmy.zip 1 points 3 weeks ago (1 children)

+1, I would like too to scrape my android apps without doing a man-in-the-middle with my pc.

[–] irelephant@lemmy.dbzer0.com 1 points 2 weeks ago

You could run the apps in an emulator.

[–] navigator@piefed.zip 2 points 3 weeks ago

I maintain an instagram account solely for my artist profile to promote my music. I have the app installed on a separate phone that only uses wifi (no sim) and no other app installed and with restricted permissions.

[–] Winged_Hussar@lemmy.world 2 points 3 weeks ago

Super interesting!

I don't remember which app it was (Maybe PayPal?) but whenever I opened it I would suddenly get Instagram notifications. Always found that odd/assumed there was some sort data sharing going on there.