3rd-party ad APIs from China illegally collected data from hundreds of App Store titles

13»

Comments

  • Reply 41 of 45
    cpsrocpsro Posts: 2,988member
    Quote:

    Originally Posted by BeltsBear View Post

     

    Yea, when I saw 1 million downloads total I was surprised it was so few.    That is very few downloads per app as well. 


    So that's up to 1 million users whose privacy has been compromised. Not too shabby, considering this is just the apps we/Apple know about that have circumvented iOS sandboxing.

  • Reply 42 of 45
    Quote:

    Originally Posted by FReDcc View Post

     



     its 1.7 million apps not billion




    True. But it is still 0.002%.

  • Reply 43 of 45
    Quote:

    Originally Posted by SpamSandwich View Post



    "Illegal"? No. Against Apple's rules? Yes.

     

    Appstore transactions abide to local laws and regulations. I certainly do not know the specific laws about personal data privacy in the US but I do know that it is ilegal (plain and simple) to collect personal data of users without notification or/and their consent.

    So it is ilegal in many countries (and if it is not the case in the US I would be quite surprised).

  • Reply 44 of 45
    foggyhillfoggyhill Posts: 4,767member
    Quote:

    Originally Posted by WonkoTheSane View Post



    Is it really that hard to check what data is being collected by an app? I'd envision a test setup where the app runs on a simulated iPhone which monitors any access to phone data and triggers upon any funny stuff. Then you lets that simulator run for some time and add typical user interaction, or some subset of the state-space. Hm. Maybe too conplex?

    Alternatively, don't allow acces to such data unless it's going through approved APIs.



    I agree that one major, and maybe most significant advantage and differentiating criteria is that you could trust blindly any app from their store. Not more than other competitors stores, not 98%. 100%. That's what built the Eco system.

     

    If its delayed, how would you test that. That code might be created and executed at runtime. They should look if apps are trying to use these kind of constructs though, but that would need a closer exam of the code logic.

     

    Dev already bitch that approval time is too long.

  • Reply 45 of 45
    jlanddjlandd Posts: 873member
    Quote:

    Originally Posted by Cpsro View Post

     
    Quote:
    Originally Posted by BeltsBear View Post

     

    Yea, when I saw 1 million downloads total I was surprised it was so few.    That is very few downloads per app as well. 


    So that's up to 1 million users whose privacy has been compromised. Not too shabby, considering this is just the apps we/Apple know about that have circumvented iOS sandboxing.


     

    That's the whole point.  It's completely meaningless that it's such a small percentage of the total, or such a small total amount.  

     

    When identity thieves work under other circumstances, if they work 10 hours a day, 5 days a week for three months and only succeed five times out of hundreds of times getting past the first stage it's considered a good score for three months.  Similarly, in the malware world, as far as whether a system is secure or not, it doesn't matter if there were a million attempts and 20 succeeded or a thousand and 10 did.  You can have a 99.5% winning average against exploits and get ruined by the remainder.   

     

    You can't apply ratios that sound good in other contexts to this as if proof of its trivial nature.  A million isn't a little.  It's a lot.  Holding it up against a huge total figure instead of a small total does nothing to diminish that.

Sign In or Register to comment.