So I reverse engineered the IceBlock app - https://www.404media.co/immigration-raid-tracking-app-ice-block-keeps-your-data-private-researcher-finds/ here's a thread on what I found. The TL;DR is that I didn't find anything suspicious, the app doesn't talk to any third parties, and it doesn't send your location to the developer. Neither your phone ID or iCloud account are associated with the requests the app sends to the apple cloud servers to run. The app is written in Swift and mainly uses the MapKit and CloudKit libraries. When you send a report that report contains the location of the report, this is not necessarily your location but the location at which you saw something. It also contains any free form text you choose to enter. And that's all that is contained in the report, no device ids or iCloud accounts are associated with the report. Could a judge issue a tap and trace order to Apple to get the IP addresses of people submitting reports? Possibly. But that doesn't seem to be how ICE is operating right now. And more importantly that would just give IPs which are going to be DHCP leases from a cellular network not device IDs or any other actual user identifier, so it would be harder to trace these back to real people. The developer assures me that the reports are deleted from the database after a short time so such a theoretical order would also not get any past reports, only future reports. I can't think of a way for the app to defend against this but if its your threat model maybe use a VPN. One argument I've seen against this app is that if you use it Apple will have access to your location, and yea that's probably true. But Apple always has access to your location if you have location services turned on. If that's your threat model turn off location services! My main concern was about false reports. The dev has done a decent job of preventing mass spamming, you are rate limited in how many reports you can upload and you can only make a report within 5 miles of your location. I think more likely is that people will make reports that are inaccurate because they saw an FPS vehicle or a DHS vehicle that isn't ice, or just some cops even. I'm not really sure how to solve this problem. I'm a bit concerned that this could spread fear and uncertainty. The developers take on this issue is that there may be some false reports but if a true report keeps one person from going to that location for a few hours and saves them from getting deported that's a win, I find it hard to argue against that. Anyway at the end of the day it will be up to the communities most at risk of ICE abduction to decide whether this app is useful for them. That isn't my area of expertise and I can only say what I found from a technical perspective. At the end of the day, even if this doesn't turn out to be an effective tool for people to protect themselves from ICE its still a great piece of agitprop or propaganda by the deed. It gives people a way to feel power against ICE and pisses off the administration. In conclusion: Fuck ICE!