SecureMac, Inc.

Checklist 258: Trackers, Thieves, and Spyware Warnings

December 10, 2021

Verizon iPhone tracking, AirTag used to steal cars, and what Apple is doing to help Pegasus spyware victims.

Checklist 258: Trackers, Thieves, and Spyware Warnings

On this week’s Checklist podcast:

The tracking experience

A recent Cult of Mac report is shining a light on the privacy practices of Verizon, a U.S. wireless carrier. It seems that the mobile provider is tracking iPhone users on its network — even when they’ve already opted out of tracking in iOS. According to Cult of Mac, the tracking includes “the websites you visit, the apps you use, your location and more”.

If you’re part of Verizon’s “Custom Experience” or “Custom Experience Plus” programs, this applies to you. Verizon says that these programs are meant to “personalize” communications with the customer. But this is just a nice way of saying that they’re going to build a marketing profile on you in order to serve you targeted ads.

Verizon did send users an “opt out” link in the form of an automated SMS message. But frankly, the message looked a lot like the kind of spam texts people usually just ignore.

And what, you may ask, about App Tracking Transparency and Privacy Labels? Weren’t those supposed to stop tech companies from tracking iOS users?

Well, yes and no. Apple can definitely control what happens on iOS, and to some extent, with apps from the App Store. But they can’t really do anything about tracking based on a user’s activity on a wireless carrier’s network.

How to opt out of Verizon tracking 

The good news here is that there is a way to opt out of tracking, and to erase any data already collected by Verizon.

To do this, go to either the Verizon site or mobile app, and then head for your account’s Privacy Settings area. Look for the section labeled Custom Experience or Custom Experience Plus. This is where you opt out.

Disable everything that you can, then click the Reset button under Custom Experience Settings in order to delete all of the data that Verizon has already collected. 

Grand Theft AirTag?

Canadian police are warning of a high-tech tactic being used by car thieves: using AirTag to boost rides!

AirTag, as you will remember, is Apple’s tracking device for stuff. Privacy experts worried that AirTag could be misused by bad actors to track other people. It appears that their worries may have been correct — though as we’ll see, there’s a little more to the story than that.

Law enforcement officials in Ontario say that they have investigated several thefts in which criminals used AirTag to help steal luxury cars. Here’s how it works: First, the thieves plant an AirTag on a high-end car that’s parked in a public place. Then, they use the AirTag to track the vehicle back to the victim’s home, where they can steal it from the driveway later on.

So is this something to be concerned about?

Probably not for most folks. This tactic has only been seen in a very limited number of cases (just five car thefts out of a total of 2000 in the period studied by the Canadian police). And in fairness to Apple, using GPS trackers to steal cars is not a new idea, so it’s not as though this is something that’s only happening because of AirTag.

How to disable an AirTag that’s tracking you

With that said, there is still some level of risk here, so you should be aware of how you can mitigate it.

First, in terms of general theft prevention, the police in Ontario suggest falling back on tried and true low-tech solutions. In other words: Park your car in a secure garage, use steering locks, and so on.

From a cybersecurity perspective, you should be aware that Apple has rolled out a number of anti-stalking features meant to prevent the malicious use of AirTag. Relevant here: iPhone users receive notifications when an unknown AirTag is following them. So if you see one of these messages, and you can’t imagine where the AirTag could be, consider that the mystery device might be concealed somewhere on your vehicle.

To disable a rogue AirTag, tap the message that says AirTag Found Moving With You, tap Continue, then follow the steps provided to shut the device off. 

Apple’s Pegasus alerts

On last week’s show, we talked about why Apple is suing NSO Group, the makers of Pegasus spyware. This week, we’ll tell you what Apple is doing to help repair the damage done by the spyware company.

A quick recap for those who haven’t been following the story: Pegasus is a multi-platform mobile spyware suite that can access the camera, mic, and sensitive data on an infected device. It is being used to spy on iPhone users, hence Apple’s lawsuit.

Pegasus is marketed as a resource for law enforcement to use in criminal investigations. In actual practice, it’s a favorite tool of authoritarian regimes around the world, often used to target high-risk individuals. In its press release on the lawsuit, Apple notes that:

Researchers and journalists have publicly documented a history of this spyware being abused to target journalists, activists, dissidents, academics, and government officials. 

In the same statement, the company said that it would alert users “any time Apple discovers activity consistent with a state-sponsored spyware attack”. It now seems that they’ve started doing exactly that. According to a MacRumors piece:

Apple has notified at least nine U.S. Department of State employees that they may have been targeted by state-sponsored spyware created by Israeli company NSO Group…

Apple notifies users of state-sponsored attacks in two ways. The company displays a Threat Notification when an targeted user signs in at appleid.apple.com. It also sends an email and iMessage notification to the email address and mobile number associated with the affected Apple ID. Users will then be given steps to help secure their devices.

Want to learn more about digital security and privacy while waiting for the next Checklist? Have a look through our show archives!

Join our mailing list for the latest security news and deals