Privacy researchers Mysk have released Loupe, a free and open-source iOS app that shows users what information apps can learn about their devices through publicly available iOS APIs.
The tool highlights how data such as language settings, device characteristics, installed apps, and sensor information can be combined to create a fingerprint that can recognize users across apps and websites.
Announcing the release on X, Mysk described Loupe as a way for users to discover what their iPhones already expose to third-party apps. The app is available for iOS and iPadOS, and its source code has been published on GitHub under the MIT license.
Mysk is a privacy research team known for investigating mobile app tracking practices and privacy issues affecting major platforms and services. The group also develops privacy-focused software, including the Psylo browser for iPhone and iPad.
Loupe demonstrates the device fingerprinting surface available on Apple devices by reading real values exposed through public iOS APIs, the same interfaces accessible to any App Store application. Rather than simulating tracking techniques, the app displays the actual information that apps can retrieve from a device.
Trackers do not necessarily need names, email addresses, advertising IDs, or location data to recognize users. Individual data points may reveal little on their own, but combining numerous signals can produce a fingerprint that remains stable enough to identify a device across multiple apps and websites.
To help users understand how information is exposed, Loupe organizes collected signals into three categories:
- Passive – Information available to any application without requesting permission, including locale settings, time zone, display characteristics, battery information, and similar device attributes.
- Needs Permission – Data that requires explicit user approval through iOS permission prompts, such as access to contacts, photos, location, and calendars.
- Advanced – More sophisticated fingerprinting techniques that leverage public APIs in unexpected ways, including URL scheme probing through Apple's canOpenURL API and examining data persistence through the iOS Keychain across application reinstalls.
Loupe displays collected values in their raw form instead of aggregating or anonymizing them, allowing users to see exactly what information applications can access. Mysk says all data remains on the device unless users explicitly choose to export it, and that nothing is uploaded, synchronized, or shared with external servers.
The project's GitHub repository also reveals that Loupe was written “almost entirely by AI coding tools,” making it another example of AI-assisted software development for building consumer-facing applications. While the primary release targets iOS and iPadOS, Mysk says a macOS version is also supported, though some work remains before it is fully polished.
For privacy-conscious users, Loupe offers a practical look at how modern device fingerprinting works and why app permissions alone do not always tell the full story. The app does not block tracking techniques, but it provides visibility into the information available to apps and the ways seemingly harmless device signals can be combined to identify users over time.
Leave a Reply