or Connect
AppleInsider › Forums › Software › Mac Software › Apple pulls iOS privacy-tracking app from App Store
New Posts  All Forums:Forum Nav:

Apple pulls iOS privacy-tracking app from App Store

post #1 of 22
Thread Starter 
Amid the kerfuffle surrounding the use of sensitive personal data stored on or transmitted from iOS devices, Apple has pulled a privacy-tracking app from the App Store two months after it was approved for sale.

Clueful, an app created by Bitdefender to "address the lack of insight into iOS app privacy," scanned other programs installed on a device for required permissions to effectively keep track of how a user's data was being handled, reports PC Mag. The software company failed to say why Apple pulled its app.

"iPhone owners need to know which apps they have installed may be using their personal data in ways that are not expected," Bitdefender said.

During the two months that Clueful was on iOS an analysis of over 65,000 apps yielded troubling results pertaining to encryption of personal data. For example, Bitdefender found that 42.5 percent of apps don't encrypt personal data when sending to off-site servers while 41.4 percent track users' locations without their knowledge or consent. Apple attempted to fix the latter by instituting an indicator on both the iOS home screen and in the settings menu that shows if location services are currently being used or have been used within the last 24 hours.

About 20 percent of apps surveilled had the ability access and upload the entire address book of an iOS device without user interaction. The harvesting and uploading of contact data, including purportedly anonymous systems, gained negative media attention in February when the popular social networking app Path was found to do so without first asking a user's permission. Apple CEO Tim Cook reportedly "grilled" Path co-founder Dave Morin over the alleged privacy breach though the issue was rectified in a later update to the app.

Clueful App
Clueful app screenshot. | Source: Clueful


Apple on Wednesday reportedly began attaching unique identifiers to in-app purchase receipts sent to developers in an attempt to patch a purported hack which allowed free downloads of for-pay content.

It is unclear whether the newly-implemented identifiers contain unique device identifier (UDID) data, though Apple has taken steps to curb the use of such information by third-party app makers. Reports from March claimed the iPhone maker was rejecting app submissions that leveraged UDID data.

Mobile ad agencies have argued against the removal of UDID access, saying it would hurt business as the companies use the data to accurately track demographic metrics to monetize advertisements. Various consumer groups have come out in protest, however, and even high-powered government officials have voiced concern over the issue.
post #2 of 22
Quote:
Originally Posted by AppleInsider View Post

Amid the kerfuffle surrounding the use of sensitive personal data stored on or transmitted from iOS devices, Apple has pulled a privacy-tracking app from the App Store two months after it was approved for sale.
Clueful, an app created by Bitdefender to "address the lack of insight into iOS app privacy," scanned other programs installed on a device for required permissions to effectively keep track of how a user's data was being handled, reports PC Mag. The software company failed to say why Apple pulled its app.

Got to love the kerfuffle. Probably because apps are not supposed to be able to see other app's data, processing, activity etc. You know proper sandbox and all. Too bad really if they were actually looking out for the consumer.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #3 of 22
Quote:
Originally Posted by mstone View Post

Got to love the kerfuffle. Probably because apps are not supposed to be able to see other app's data, processing, activity etc. You know proper sandbox and all. Too bad really if they were actually looking out for the consumer.

Sandbox fail. Remove app showcasing failure
post #4 of 22
Quote:
Originally Posted by mstone View Post

Got to love the kerfuffle. Probably because apps are not supposed to be able to see other app's data, processing, activity etc. You know proper sandbox and all. Too bad really if they were actually looking out for the consumer.

It does sound like it's violating the rules but then why was in the first place? Apple needs to be more vigilant about their user's personal data. I don't think Apple will steal my data but if they are going to have a curated app store they need to make sure those apps are reasonably secure.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #5 of 22
Quote:
Originally Posted by SolipsismX View Post

It does sound like it's violating the rules but then why was in the first place? Apple needs to be more vigilant about their user's personal data. I don't think Apple will steal my data but if they are going to have a curated app store they need to make sure those apps are reasonably secure.

It's not stealing when you give it to them to store. Apples iAd does use that data.
post #6 of 22

If Apple is allowing apps to be sold that access private information, what else are these apps capable of doing?  FAIL.

post #7 of 22
I guess BitDefender shouldn't have been accessing people's private data.
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #8 of 22
Quote:
Originally Posted by hill60 View Post

I guess BitDefender shouldn't have been accessing people's private data.

It did what the program was intended for. Show casing which programs broke policy by breaking policy itself but at least it was user initiated
post #9 of 22

My memory on this app was that it can't access other processes and gather information. Rather, it detects what apps are on your device from a list of known apps, and then gives you a report based on research the company does. For instance, it sees if you have Facebook installed based on supported URL schemes and then looks up to see what Facebook sends and tells you.  There didn't seem to be anything snooping around and as far as I know, as a developer, unless they are using some kind of private framework (which can get you banned from the app store), then there is not way of obtaining that information.

post #10 of 22
Quote:
Originally Posted by Just_Me View Post


It did what the program was intended for. Show casing which programs broke policy by breaking policy itself but at least it was user initiated

 

So basically, Apple has told users that they're not allowed to run code on their phone that gives them too much information, while demonstrating that (as everyone with a clue knew already) the "curation" process is filled with flaws, which ends up in evil code running on your phone. At least an Android phone is as secure as its user (which, obviously, doesn't mean much for Average Joe, but does mean something for Mr PowerUser).

 

I hope Apple starts doing real curation someday, instead of the aphazard accept/refuse they currently do. AppStore has SO MANY evil/crap apps that I seldom open it, unless someone tells me "hey, check out that app". I'm sure I'm far from being the only one to do so.

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #11 of 22
Quote:
Originally Posted by hill60 View Post

I guess BitDefender shouldn't have been accessing people's private data.

 

it was more like @jkichline described. found this http://cl.ly/image/1Q0A2Q0c0L2u


Edited by cheeseburger - 7/20/12 at 4:08am
post #12 of 22

And so when iOS 6 rolls out with increased privacy controls and requires user permission when an app attempts to access to contacts, calendar, etc. (making this removed app obsolete), the pundits will whine that the pop-up dialogs are a major annoyance.  

post #13 of 22
Quote:
Originally Posted by cheeseburger View Post

 

it was more like @jkichline described. found this http://cl.ly/image/1Q0A2Q0c0L2u

I'm pretty sure he already knew that. He was simply wanting to push the issue away from nefarious appStore apps and deflect to BitDefender instead.

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #14 of 22

I said this before, I want a program like Little Snitch for IOS and program like Saft which you can use with Safar to block website from hitting with all kinds of ad and putting back user information. I use little snitch to keep programs from phoning home about how I using there products and such, none of their business as far as am concern. If you had a power to block apps from phoning home this would solve this problem.

post #15 of 22
Quote:
Originally Posted by mstone View Post

Got to love the kerfuffle. Probably because apps are not supposed to be able to see other app's data, processing, activity etc. You know proper sandbox and all. Too bad really if they were actually looking out for the consumer.

 

It doesn't track other apps. It merely pulls a list of apps that are on your device and pulls down information already gathered about what those apps do from their database to your phone. It's clever in that it's a simple idea... It's not really breaking the sandbox.

 

Would be nice for Apple to actually build in information in the Settings app that told you all of this information, including how much data/CPU each one is using up... Then it'd be easier to know which apps are causing problems.

 

Maybe they pulled it from the app store because it conflicts with future iOS updates...

post #16 of 22
Quote:
Originally Posted by jowie74 View Post

 

It doesn't track other apps. It merely pulls a list of apps that are on your device and pulls down information already gathered about what those apps do from their database to your phone. It's clever in that it's a simple idea... It's not really breaking the sandbox.

 

Would be nice for Apple to actually build in information in the Settings app that told you all of this information, including how much data/CPU each one is using up... Then it'd be easier to know which apps are causing problems.

 

Maybe they pulled it from the app store because it conflicts with future iOS updates...

Evil...I mean bbbaaaahhhhhh

post #17 of 22
Quote:
Originally Posted by Maestro64 View Post

I said this before, I want a program like Little Snitch for IOS and program like Saft which you can use with Safar to block website from hitting with all kinds of ad and putting back user information. I use little snitch to keep programs from phoning home about how I using there products and such, none of their business as far as am concern. If you had a power to block apps from phoning home this would solve this problem.

 

I've been saying the same thing for years.  I don't make much use of my iOS devices except in specific cases, precisely because we DON'T have something like this.

No Matte == No Sale :-(
Reply
No Matte == No Sale :-(
Reply
post #18 of 22
Quote:
Originally Posted by jowie74 View Post

 

It doesn't track other apps. It merely pulls a list of apps that are on your device

 

So how does it get that list. Sounds like something that is perhaps a private API which could be why Apple pulled it as we aren't allowed to use such things in our apps

 

as opposed to say, building a database of the details and I put in what app I am curious about regardless of whether it is on my device or not

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #19 of 22

Why on Earth do the AI editors or writers seem to choose random forums in which to post their threads? This is an iOS story. It doesn't belong in the Mac Software Forum. At least it wasn't posted in Genius Bar like so many of the other recent stories.

post #20 of 22
Quote:
Originally Posted by tonton View Post

Why on Earth do the AI editors or writers seem to choose random forums in which to post their threads? This is an iOS story. It doesn't belong in the Mac Software Forum. At least it wasn't posted in Genius Bar like so many of the other recent stories.

Agreed, altho after-the-fact the same Russian "hacker" now also offers a Mac app exploit that does the same thing.

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #21 of 22
Quote:
Originally Posted by tonton View Post
Why on Earth do the AI editors or writers seem to choose random forums in which to post their threads? This is an iOS story. It doesn't belong in the Mac Software Forum. At least it wasn't posted in Genius Bar like so many of the other recent stories.

 

The bot handles all article submissions automatically. They're working on learning why it doesn't understand where to put things.

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already fucked.

 

Reply

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already fucked.

 

Reply
post #22 of 22
Quote:
Originally Posted by Tallest Skil View Post

Quote:
Originally Posted by tonton View Post
Why on Earth do the AI editors or writers seem to choose random forums in which to post their threads? This is an iOS story. It doesn't belong in the Mac Software Forum. At least it wasn't posted in Genius Bar like so many of the other recent stories.

 

The bot handles all article submissions automatically. They're working on learning why it doesn't understand where to put things.


There are what, maximum five articles posted on a busy day? Why don't they just do it manually? Why rely on a "bot" that hasn't gotten it right in three months *at all*?

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac Software
AppleInsider › Forums › Software › Mac Software › Apple pulls iOS privacy-tracking app from App Store