Disabling iOS Personalized Ads tells kernel to kill daemon every 3 seconds
twitter.comApple is pretty good at having daemons that randomly take 100% cpu with no recourse. Last one didn't have access to something I didn't know existed, and it was Apple who should have set it up :)
> Apple is pretty good at having daemons that randomly take 100% cpu with no recourse
Spotlight/mds/mdworker/... has been a monstrosity since forever, but the accursed macOS daemons that earn my unending ire are photoanalysisd and syspolicyd. (The former probably runs on iOS as well but I mitigate it by deleting photos after import.)
Whenever I pull my laptop out of a bag or backpack and it's unreasonably hot, photoanalysisd or syspolicyd are usually to blame, scanning the same files again for the 1000th time. I haven't enabled smart nap, so this must be the "stupid nap" functionality.
There doesn't seem to be any easy way to disable these evil daemons without messing with SIP etc. Even if you disable awful misfeatures of Photos like Memories, photoanalysisd still runs. Syspolicyd doesn't have a UI. At least with spotlight you can disable it on certain volumes, though of course that breaks Mail's search function.
Regarding 100% CPU, I wonder if low-power mode would help? iOS low-power mode seems like a great feature, but unfortunately it turns itself back on after the battery charges.
Yeah I wish they would stop the bullshit with their photo software. We had iPhoto, it was fine, it had almost all the features you could want for a nonprofessional photo cataloging software. But they had to overengineer a new one full of unnecessary features and useless daemon.
Funniest thing is that ease of access/availability of photos in other apps hasn't improved much so what's the point of the overkill photo DB. Better use the filesystem at this point...
I jailbreak and photoanalysisd always fails or causes high CPU usage on iOS.
If I were a conspiracy nutter I'd ponder the daemon name and Apple's plan to scan for child porn.
In the 2000's, Windows Explorer on Windows XP had a feature to preview media files, but when it encounters a large video the system doesn't have a codec for...
Microsoft is very good at it too.
It’s a problem that spans across all modern operating systems. Even if they are not taking up 100% CPU, they are running and that’s still a problem. Just look at Windows Task Manager or Apple’s Activity Monitor (or even Linux ps on some problematic distributions). There are always dozens (hundreds?) of unknown daemons sitting there doing god knows what on a computer that is supposed to be yours. How did we users allow this to happen?
I long for the days when all that was running on your computer were things you commanded it to run, not things that the OS vendor wants running at all times for whatever (nefarious or otherwise) purpose.
People like the convenience of cloud services (cloud storage and backup, easy file sharing, data and password sync across devices, etc.) and multi-device integration (cross-device drag/drop/copy/paste, continuity, call/conference transfer across devices, etc.) but these tend to be implemented with lots of daemons - which makes sense vs. a huge monolithic cloud/services daemon.
Another cause is that Apple and Microsoft are now service vendors, and they want to sell you subscriptions to Apple {Music,Arcade,TV+...} or Xbox Game Pass, and they also have app stores where they want you to buy things. The services and apps aren't necessarily bad, but everyone doesn't necessarily want every service, and they add more daemons which seem to run even if you're not using the service.
Managed systems for companies and schools also seem to add more daemons to the OS, even non personal, non-managed systems.
Finally, security has been a terrible issue, since mainstream operating systems and apps were not designed to be secure (which admittedly is very hard! and threats keep evolving) and customers have largely voted with their wallets for features and performance over security and reliability. Apple and Microsoft have tried to become more security-conscious but this has also made the systems less usable and added anti-malware daemons that do annoying things like phoning home to check if an app's developer certificate has been revoked, or repeatedly re-scanning files to see if they match a newly updated list of malware signatures.
Those days are still here if you think you have the time for it. I.e. https://www.linuxfromscratch.org/
Eh I did that. I've also installed Slackware from floppies and recompiled my kernel for the proper drivers, which came before it.
Atm Mac OS seems like the least shitty option (mind, not the best, there is no best) so I mainly use that.
> How did we users allow this to happen?
Divide and Conquer.
Millions of users against •one• company.
Resistance is futile. Users adapt.
Well, Google + Apple + Microsoft + Canonical are at least 4 companies.
No, it's unrelated.
https://github.com/WebKit/WebKit/commit/064df1a9f395f8c6e32c...
So this post is about a bug from two years ago that's completely unrelated to the purported cause?
> Note: It may work differently on later iOS - I tested on 15.4.1
That's over a year and a half (released Mar 2022) and two major revisions ago, would be helpful to confirm if this is still an issue.
Yup and as others have noted, this report comes from a jailbroken iPhone. I have nothing against people jailbreaking their phones, but it would be good to know if this issue also occurs on iPhones running up-to-date stock iOS.
It’s very possible that iOS can end up in a situation where it starts starting a daemon in a loop but the premise here seems a little unexplored to me given the odd nature of the bug. The kernel failing to spawn the process due to a sandbox issue seems very odd. Given that the device is obviously jailbroken I think it’s somewhat likely that a sloppy patch or tweak is causing this to occur instead.
The screenshot is (obviously) from a jailbroken phone. Currently nobody with a stock phone can reproduce it (through Console on a Mac with Developer Mode enabled) although you are free to try it and test for yourself. This is just another side effect of how jailbreaks make your device more unstable.
Isn't something deeply broken if that would cause issues with something as superfluous as ad tracking?
I feel like all bets are off if you're modifying your phone away from what the manufacturer explicitly supports. Not saying you shouldn't, but this says nothing about the brokenness of the stock software.
If you open the hood on your Mercedes EQS, and the next time you drive it, ABS doesn't work or the speedometer goes blank, should that be considered your fault too and not evidence that the stock software is broken? (This example is not hypothetical. Mercedes actually tells you not to open the hood, and the EQS actually had a recall for those problems.)
It’s more like popping out a car’s headlight to get to the CAN bus to hook up some device from alibaba to unlock the door/ start the engine, then installing a third party infotainment OS on the head unit, and then wondering why ABS is broken.
This is more like you replaced the exhaust system with something bought 3rd and reflashed your car with a 3rd party CAN bus widget, then complain when it overheats and has a flat zone around 3500 rpm.
By what logic?
Jailbreaking isn't like opening the hood, it's effectively messing with the system and setup (just like the ECU example). It might not cause any problems, but it also might.
I have no problem with that by the way, but you are on your own lookout and should accept it as part of the deal. Similarly if I damage engine performance due to bad tuning it's my problem, not theirs.
I do think it's too broad of manufacturers (whether car or phone) to apply a blanket warranty denial in such cases. But in the phone case, no reason apple should accept bug reports on a jailbroken system if it can't be reproduced on a "stock" one.
Jailbreaking is a pretty invasive procedure that exploits software faults in order for it to work. This really is not comparable.
Exploits in computers and using them doesn't inherently make them more unstable. These exploits rely on existing things in code and memory to make use of. It's not like after using one, your system will be less unstable in almost all cases. It is possible that the system could somehow detect that it was tampered with, or the jailbreak itself did some things, potentially malicious, then make things like this happen. You could also say that it may not be seeable from a mac because the system is more open than the mobile version. If someone wanted to hide it, they might decide not to put it in the version that can be more easily reverse engineered.
Tell me you’ve never hooked an OS kernel’s undocumented features without telling me
I sure have, but I have not jailbroken an iPhone. Well I hadn't imagined how a jailbreak on iOS might work either. Will it patch system files, programs, and drivers on disk persistently? Well that seems it would be the simplest way to keep the jailbreak, now that's some extra integrity checking to bypass as well. Do these jailbreakers have a number of exploits for writing to kernel memory? It's likely they would want to read it as well, but it's not always required. It seems old parts of the Darwin kernel are open source, which if it hasn't been drastically changed in every way, makes it a lot easier to understand the kernel and find problems. It would be interesting to see how these older released exploits work. How do you even do a syscall on iOS?
A bigger challenge I think would be new gen gaming consoles, this would be awesome. There does exist exploits for these I believe, but they are private and public ones get patched, then you can't play online or downgrade updates easily. Maybe it would be easier to stay on an older version and make your PlayStation think your on the latest version, maybe this is what those who have it do.
On windows, there are many problems you can run into by directly manipulating kernel structures, but that doesn't mean it cant be done safely, especially on things outside of something like win32k which is a mess. Hooking things won't get you in trouble, unless for example you're hooking integrity checked functions or data regions on Windows and get patchguarded. Which doesn't run everywhere on the windows kernel and can be maliciously disabled, not even ntoskrnl executable sections are fully protected by PG.
I understand the security benefits of immutable OS images and signed executables, but Apple's default configuration enables lots of stuff that I don't necessarily use, need, or want.
Only if the foundations have fundamental issues.
Ad tracking should be so high up in the stack that for a change that far down to cause issues then far more significant issues should be occurring at all.
If your system has to be balanced juuuuuuust right to function it's a poorly engineered system.
No.
Sorry, for those of us that are not mobile devs, how are the white text on black background obviously signaling that it is jailbroken?
You wouldn’t be able to see that debug information on the phone itself if it wasn’t jailbroken, as the GP mentioned you would need to use console on a Mac. The second screenshot is from a phone, ergo, jailbreak.
Also other commenters have mentioned he’s on 15.4.1. That’s two major iOS versions old. It’s possible they’re just on an iPhone 6S/SE/7 which was capped at that version, but a jailbreak is likely.
You talk like a jailbreak is some "dangerous and system-destroying action".
The fact that a jailbreak is even needed to actually get full ownership of your device that's "sold" is laughable. And we have people fighting and demeaning people for demanding the full rights to devices they supposedly own?
Apple fraudulently "sells" rentals as if they were a purchase.
Jailbreaking is a dangerous action... you're running unsupported, privileged software, that inherently takes advantage of an existing flaw in the system. That's not a judgement, I ran jailbroken phones myself for years and years. It's just the facts.
The parent posts didn't seem judgmental of jailbreaking at all.
> Apple fraudulently "sells" rentals as if they were a purchase.
..But only because most customers feel safest inside a jail.
The console message is from an app for jailbroken devices: https://github.com/NSAntoine/Antoine
Does jailbreaking somehow cause Apple ad tracking to run as a daemon? Maybe you can explain how these things are possibly related.
My guess? The ad tracking is a daemon regardless, but when you disable it regularly it disables the daemon. However when jailbroken, there may be code within the jailbreak or an assumption within the OS code that has two processes fighting over starting it and stopping it.
For example the jailbroken code might have something that tries to keep all daemons running and the OS sees the ad one running and tries to kill it.
Is it every three seconds? Or every time a process is run, kill the daemon within 3 seconds? Or even, only if the daemon spawns kill it within 3 seconds. The latter two wouldn't be nearly as impactful as the first, and the sandbox message didn't seem clear enough for me to tell.
What makes the daemon start in the first place? If it's a launchd service, which I assume it is, why do they not disable it instead?
Did everybody who knows about Unix leave Apple like, I don't know, around the 10.5-10.6 days? It certainly seems that way to me.
How did he detect this, what tool is he using to view daemons?
He's on a jailbroken device running an older iOS version.
That’s called a bug, bro
I agree I would be shocked if this were intended behaviour
That was my thought as well. Hope this get fixed in one of the next releases and someone compares battery life.
I find these "short term" permanent fixes funny. It's hard for me to conceive of the reasoning that lead to this. My guess is the Ads team at Apple must be super locked down, and an outsider must of had to implement the solution without interaction with that team I suppose.