Official site: https://www.iceblock.app/
The CNN article talks a bit more about privacy issues. This bit caught my eye:
It’s only available on iOS because Aaron says the app would have to collect information that could ultimately put users at risk to provide the same experience on Android.
I would like to see some details about this. Perhaps there’s a way to work around that problem, even if it meant publishing on F-Droid instead of Google Play.
Without open source, it could be a honey pot.
TechCrunch did a traffic analysis: https://techcrunch.com/2025/07/01/iceblock-an-app-for-anonymously-reporting-ice-sightings-goes-viral-overnight-after-bondi-criticism/
I did check to see what permissions and data it wants access to. None. That seems like a good sign.
A nefarious app might also want permissions to see all your contacts.
Edit to clarify: The app install page says only “Data Not Collected”. I would presume they would list IP and/or location if that were amongst the data collected as I have seen other apps do, but I am certainly no expert. The dev is All U Chart, Inc.
Don’t apps self-report this stuff? You presumably need to make a DB query from their backend to see any reportings in a 5mi radius, so at minimum they have your GPS coordinates and IP address (which when combined would uniquely identify you)
Iirc, permissions for iOS are required for devs to be able to use the functions/methods under those permissions.
So if the app doesn’t use them, they won’t show up as needing them.
That may be true for things like contacts, but here they have your location, and they use the network. Thus they could hoover that up and store it, even mapping everywhere you go over time in their DB.
“Apple keeps most of your location history on your device: the bits of information stored in the cloud are either end-to-end encrypted, meaning only you can decipher them, or anonymized. As such, the risk of having your location history compromised by a data breach, or by a request from law enforcement to Apple for this data, is greatly reduced.”
In this case they are anonymized. The service can tell what device is where but not what user that deviceID matches and those identifiers are rotated to make it harder to match that data up.
From: https://privacyinternational.org/guide-step/5537/guide-keeping-your-mobile-phones-location-history-private
That’s for Apple services specifically. If I build an iOS app, I can get geo coordinates.
But if the user doesn’t create an account and the deviceID rotates frequently, is there any way to tie those coordinates at a specific time to a specific person in a large enough geographical area and provide notifications (also provided via on device only services)? That’s what it seems like the developer has said Apple facilitates better.
The also said they will have a more detailed post up July 2nd about android on their site.
See also: https://techcrunch.com/2025/07/01/iceblock-an-app-for-anonymously-reporting-ice-sightings-goes-viral-overnight-after-bondi-criticism/
The point they’re trying to make is that while Apple location collects anonymized data, the app itself could collect that data and send it off with a unique identifier. Like Strava except it’s spyware. It has location and internet permissions, and the App Store data privacy thing is self reported and not necessarily factual. We can’t know unless we dissect the app because it’s not open source. Right now it seems they’re not doing that, but nothing is stopping them.
Android’s Fused Location Provider, even though it’s provided by Google Play Services, works in the same way and is just as private as Apple’s location API. They are both on device with anonymized data sent back. So IDK what the devs are talking about. But I am interested in their blog post.
Sightings are tiny and compressible you could download all the sightings then diffs and never leak anything but ip or if a VPN not even that.
that mainly applies to trackers and analytics. the company still makes backend calls to its own servers and can do whatever it wants there with the location data it collects from you
the fact that i cannot use the app at all if i deny location permissions is a red flag. there’s no reason not to have a read only mode.
there may be no trackers as the other commenter mentioned about the TechCrunch analysis, but who is this random company that owns it: ALL U Chart, Inc. They’re likely pinging back their own servers with your coords
Fake your GPS and put it inside Republican homes
Can you do that on iOS?
you can using xcode and a manual gpx file
Easily? No. You could run an android emulator on desktop though.
Looks like honey to me