Apple pulls iOS privacy-tracking app from App Store

Posted:
in Mac Software edited January 2014
Amid the kerfuffle surrounding the use of sensitive personal data stored on or transmitted from iOS devices, Apple has pulled a privacy-tracking app from the App Store two months after it was approved for sale.

Clueful, an app created by Bitdefender to "address the lack of insight into iOS app privacy," scanned other programs installed on a device for required permissions to effectively keep track of how a user's data was being handled, reports PC Mag. The software company failed to say why Apple pulled its app.

"iPhone owners need to know which apps they have installed may be using their personal data in ways that are not expected," Bitdefender said.

During the two months that Clueful was on iOS an analysis of over 65,000 apps yielded troubling results pertaining to encryption of personal data. For example, Bitdefender found that 42.5 percent of apps don't encrypt personal data when sending to off-site servers while 41.4 percent track users' locations without their knowledge or consent. Apple attempted to fix the latter by instituting an indicator on both the iOS home screen and in the settings menu that shows if location services are currently being used or have been used within the last 24 hours.

About 20 percent of apps surveilled had the ability access and upload the entire address book of an iOS device without user interaction. The harvesting and uploading of contact data, including purportedly anonymous systems, gained negative media attention in February when the popular social networking app Path was found to do so without first asking a user's permission. Apple CEO Tim Cook reportedly "grilled" Path co-founder Dave Morin over the alleged privacy breach though the issue was rectified in a later update to the app.

Clueful App
Clueful app screenshot. | Source: Clueful


Apple on Wednesday reportedly began attaching unique identifiers to in-app purchase receipts sent to developers in an attempt to patch a purported hack which allowed free downloads of for-pay content.

It is unclear whether the newly-implemented identifiers contain unique device identifier (UDID) data, though Apple has taken steps to curb the use of such information by third-party app makers. Reports from March claimed the iPhone maker was rejecting app submissions that leveraged UDID data.

Mobile ad agencies have argued against the removal of UDID access, saying it would hurt business as the companies use the data to accurately track demographic metrics to monetize advertisements. Various consumer groups have come out in protest, however, and even high-powered government officials have voiced concern over the issue.
«1

Comments

  • Reply 1 of 22
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by AppleInsider View Post



    Amid the kerfuffle surrounding the use of sensitive personal data stored on or transmitted from iOS devices, Apple has pulled a privacy-tracking app from the App Store two months after it was approved for sale.

    Clueful, an app created by Bitdefender to "address the lack of insight into iOS app privacy," scanned other programs installed on a device for required permissions to effectively keep track of how a user's data was being handled, reports PC Mag. The software company failed to say why Apple pulled its app.


    Got to love the kerfuffle. Probably because apps are not supposed to be able to see other app's data, processing, activity etc. You know proper sandbox and all. Too bad really if they were actually looking out for the consumer.

  • Reply 2 of 22
    just_mejust_me Posts: 590member
    mstone wrote: »
    Got to love the kerfuffle. Probably because apps are not supposed to be able to see other app's data, processing, activity etc. You know proper sandbox and all. Too bad really if they were actually looking out for the consumer.

    Sandbox fail. Remove app showcasing failure
  • Reply 3 of 22
    solipsismxsolipsismx Posts: 19,566member
    mstone wrote: »
    Got to love the kerfuffle. Probably because apps are not supposed to be able to see other app's data, processing, activity etc. You know proper sandbox and all. Too bad really if they were actually looking out for the consumer.

    It does sound like it's violating the rules but then why was in the first place? Apple needs to be more vigilant about their user's personal data. I don't think Apple will steal my data but if they are going to have a curated app store they need to make sure those apps are reasonably secure.
  • Reply 4 of 22
    just_mejust_me Posts: 590member
    solipsismx wrote: »
    It does sound like it's violating the rules but then why was in the first place? Apple needs to be more vigilant about their user's personal data. I don't think Apple will steal my data but if they are going to have a curated app store they need to make sure those apps are reasonably secure.

    It's not stealing when you give it to them to store. Apples iAd does use that data.
  • Reply 5 of 22
    jr_bjr_b Posts: 64member


    If Apple is allowing apps to be sold that access private information, what else are these apps capable of doing?  FAIL.

  • Reply 6 of 22
    hill60hill60 Posts: 6,989member
    I guess BitDefender shouldn't have been accessing people's private data.
  • Reply 7 of 22
    just_mejust_me Posts: 590member
    hill60 wrote: »
    I guess BitDefender shouldn't have been accessing people's private data.

    It did what the program was intended for. Show casing which programs broke policy by breaking policy itself but at least it was user initiated
  • Reply 8 of 22
    jkichlinejkichline Posts: 1,335member


    My memory on this app was that it can't access other processes and gather information. Rather, it detects what apps are on your device from a list of known apps, and then gives you a report based on research the company does. For instance, it sees if you have Facebook installed based on supported URL schemes and then looks up to see what Facebook sends and tells you.  There didn't seem to be anything snooping around and as far as I know, as a developer, unless they are using some kind of private framework (which can get you banned from the app store), then there is not way of obtaining that information.

  • Reply 9 of 22
    lightknightlightknight Posts: 2,312member

    Quote:

    Originally Posted by Just_Me View Post





    It did what the program was intended for. Show casing which programs broke policy by breaking policy itself but at least it was user initiated


     


    So basically, Apple has told users that they're not allowed to run code on their phone that gives them too much information, while demonstrating that (as everyone with a clue knew already) the "curation" process is filled with flaws, which ends up in evil code running on your phone. At least an Android phone is as secure as its user (which, obviously, doesn't mean much for Average Joe, but does mean something for Mr PowerUser).


     


    I hope Apple starts doing real curation someday, instead of the aphazard accept/refuse they currently do. AppStore has SO MANY evil/crap apps that I seldom open it, unless someone tells me "hey, check out that app". I'm sure I'm far from being the only one to do so.

  • Reply 10 of 22

    Quote:

    Originally Posted by hill60 View Post



    I guess BitDefender shouldn't have been accessing people's private data.


     


    it was more like @jkichline described. found this http://cl.ly/image/1Q0A2Q0c0L2u

  • Reply 11 of 22
    markbyrnmarkbyrn Posts: 608member


    And so when iOS 6 rolls out with increased privacy controls and requires user permission when an app attempts to access to contacts, calendar, etc. (making this removed app obsolete), the pundits will whine that the pop-up dialogs are a major annoyance.  

  • Reply 12 of 22
    gatorguygatorguy Posts: 20,582member

    Quote:

    Originally Posted by cheeseburger View Post


     


    it was more like @jkichline described. found this http://cl.ly/image/1Q0A2Q0c0L2u



    I'm pretty sure he already knew that. He was simply wanting to push the issue away from nefarious appStore apps and deflect to BitDefender instead.

  • Reply 13 of 22
    Nothing to say. Most probably above discussion make a good result.
  • Reply 14 of 22
    maestro64maestro64 Posts: 4,562member


    I said this before, I want a program like Little Snitch for IOS and program like Saft which you can use with Safar to block website from hitting with all kinds of ad and putting back user information. I use little snitch to keep programs from phoning home about how I using there products and such, none of their business as far as am concern. If you had a power to block apps from phoning home this would solve this problem.

  • Reply 15 of 22
    jowie74jowie74 Posts: 540member

    Quote:

    Originally Posted by mstone View Post


    Got to love the kerfuffle. Probably because apps are not supposed to be able to see other app's data, processing, activity etc. You know proper sandbox and all. Too bad really if they were actually looking out for the consumer.



     


    It doesn't track other apps. It merely pulls a list of apps that are on your device and pulls down information already gathered about what those apps do from their database to your phone. It's clever in that it's a simple idea... It's not really breaking the sandbox.


     


    Would be nice for Apple to actually build in information in the Settings app that told you all of this information, including how much data/CPU each one is using up... Then it'd be easier to know which apps are causing problems.


     


    Maybe they pulled it from the app store because it conflicts with future iOS updates...

  • Reply 16 of 22
    just_mejust_me Posts: 590member

    Quote:

    Originally Posted by jowie74 View Post


     


    It doesn't track other apps. It merely pulls a list of apps that are on your device and pulls down information already gathered about what those apps do from their database to your phone. It's clever in that it's a simple idea... It's not really breaking the sandbox.


     


    Would be nice for Apple to actually build in information in the Settings app that told you all of this information, including how much data/CPU each one is using up... Then it'd be easier to know which apps are causing problems.


     


    Maybe they pulled it from the app store because it conflicts with future iOS updates...



    Evil...I mean bbbaaaahhhhhh

  • Reply 17 of 22
    blah64blah64 Posts: 928member

    Quote:

    Originally Posted by Maestro64 View Post


    I said this before, I want a program like Little Snitch for IOS and program like Saft which you can use with Safar to block website from hitting with all kinds of ad and putting back user information. I use little snitch to keep programs from phoning home about how I using there products and such, none of their business as far as am concern. If you had a power to block apps from phoning home this would solve this problem.



     


    I've been saying the same thing for years.  I don't make much use of my iOS devices except in specific cases, precisely because we DON'T have something like this.

  • Reply 18 of 22
    charlitunacharlituna Posts: 7,215member

    Quote:

    Originally Posted by jowie74 View Post


     


    It doesn't track other apps. It merely pulls a list of apps that are on your device



     


    So how does it get that list. Sounds like something that is perhaps a private API which could be why Apple pulled it as we aren't allowed to use such things in our apps


     


    as opposed to say, building a database of the details and I put in what app I am curious about regardless of whether it is on my device or not

  • Reply 19 of 22


    Why on Earth do the AI editors or writers seem to choose random forums in which to post their threads? This is an iOS story. It doesn't belong in the Mac Software Forum. At least it wasn't posted in Genius Bar like so many of the other recent stories.

  • Reply 20 of 22
    gatorguygatorguy Posts: 20,582member

    Quote:

    Originally Posted by tonton View Post


    Why on Earth do the AI editors or writers seem to choose random forums in which to post their threads? This is an iOS story. It doesn't belong in the Mac Software Forum. At least it wasn't posted in Genius Bar like so many of the other recent stories.



    Agreed, altho after-the-fact the same Russian "hacker" now also offers a Mac app exploit that does the same thing.

Sign In or Register to comment.