Apple pulls iOS privacy-tracking app from App Store
Amid the kerfuffle surrounding the use of sensitive personal data stored on or transmitted from iOS devices, Apple has pulled a privacy-tracking app from the App Store two months after it was approved for sale.
Clueful, an app created by Bitdefender to "address the lack of insight into iOS app privacy," scanned other programs installed on a device for required permissions to effectively keep track of how a user's data was being handled, reports PC Mag. The software company failed to say why Apple pulled its app.
"iPhone owners need to know which apps they have installed may be using their personal data in ways that are not expected," Bitdefender said.
During the two months that Clueful was on iOS an analysis of over 65,000 apps yielded troubling results pertaining to encryption of personal data. For example, Bitdefender found that 42.5 percent of apps don't encrypt personal data when sending to off-site servers while 41.4 percent track users' locations without their knowledge or consent. Apple attempted to fix the latter by instituting an indicator on both the iOS home screen and in the settings menu that shows if location services are currently being used or have been used within the last 24 hours.
About 20 percent of apps surveilled had the ability access and upload the entire address book of an iOS device without user interaction. The harvesting and uploading of contact data, including purportedly anonymous systems, gained negative media attention in February when the popular social networking app Path was found to do so without first asking a user's permission. Apple CEO Tim Cook reportedly "grilled" Path co-founder Dave Morin over the alleged privacy breach though the issue was rectified in a later update to the app.
Apple on Wednesday reportedly began attaching unique identifiers to in-app purchase receipts sent to developers in an attempt to patch a purported hack which allowed free downloads of for-pay content.
It is unclear whether the newly-implemented identifiers contain unique device identifier (UDID) data, though Apple has taken steps to curb the use of such information by third-party app makers. Reports from March claimed the iPhone maker was rejecting app submissions that leveraged UDID data.
Mobile ad agencies have argued against the removal of UDID access, saying it would hurt business as the companies use the data to accurately track demographic metrics to monetize advertisements. Various consumer groups have come out in protest, however, and even high-powered government officials have voiced concern over the issue.
Clueful, an app created by Bitdefender to "address the lack of insight into iOS app privacy," scanned other programs installed on a device for required permissions to effectively keep track of how a user's data was being handled, reports PC Mag. The software company failed to say why Apple pulled its app.
"iPhone owners need to know which apps they have installed may be using their personal data in ways that are not expected," Bitdefender said.
During the two months that Clueful was on iOS an analysis of over 65,000 apps yielded troubling results pertaining to encryption of personal data. For example, Bitdefender found that 42.5 percent of apps don't encrypt personal data when sending to off-site servers while 41.4 percent track users' locations without their knowledge or consent. Apple attempted to fix the latter by instituting an indicator on both the iOS home screen and in the settings menu that shows if location services are currently being used or have been used within the last 24 hours.
About 20 percent of apps surveilled had the ability access and upload the entire address book of an iOS device without user interaction. The harvesting and uploading of contact data, including purportedly anonymous systems, gained negative media attention in February when the popular social networking app Path was found to do so without first asking a user's permission. Apple CEO Tim Cook reportedly "grilled" Path co-founder Dave Morin over the alleged privacy breach though the issue was rectified in a later update to the app.
Apple on Wednesday reportedly began attaching unique identifiers to in-app purchase receipts sent to developers in an attempt to patch a purported hack which allowed free downloads of for-pay content.
It is unclear whether the newly-implemented identifiers contain unique device identifier (UDID) data, though Apple has taken steps to curb the use of such information by third-party app makers. Reports from March claimed the iPhone maker was rejecting app submissions that leveraged UDID data.
Mobile ad agencies have argued against the removal of UDID access, saying it would hurt business as the companies use the data to accurately track demographic metrics to monetize advertisements. Various consumer groups have come out in protest, however, and even high-powered government officials have voiced concern over the issue.
Comments
Quote:
Originally Posted by AppleInsider
Amid the kerfuffle surrounding the use of sensitive personal data stored on or transmitted from iOS devices, Apple has pulled a privacy-tracking app from the App Store two months after it was approved for sale.
Clueful, an app created by Bitdefender to "address the lack of insight into iOS app privacy," scanned other programs installed on a device for required permissions to effectively keep track of how a user's data was being handled, reports PC Mag. The software company failed to say why Apple pulled its app.
Got to love the kerfuffle. Probably because apps are not supposed to be able to see other app's data, processing, activity etc. You know proper sandbox and all. Too bad really if they were actually looking out for the consumer.
Sandbox fail. Remove app showcasing failure
It does sound like it's violating the rules but then why was in the first place? Apple needs to be more vigilant about their user's personal data. I don't think Apple will steal my data but if they are going to have a curated app store they need to make sure those apps are reasonably secure.
It's not stealing when you give it to them to store. Apples iAd does use that data.
If Apple is allowing apps to be sold that access private information, what else are these apps capable of doing? FAIL.
It did what the program was intended for. Show casing which programs broke policy by breaking policy itself but at least it was user initiated
My memory on this app was that it can't access other processes and gather information. Rather, it detects what apps are on your device from a list of known apps, and then gives you a report based on research the company does. For instance, it sees if you have Facebook installed based on supported URL schemes and then looks up to see what Facebook sends and tells you. There didn't seem to be anything snooping around and as far as I know, as a developer, unless they are using some kind of private framework (which can get you banned from the app store), then there is not way of obtaining that information.
Quote:
Originally Posted by Just_Me
It did what the program was intended for. Show casing which programs broke policy by breaking policy itself but at least it was user initiated
So basically, Apple has told users that they're not allowed to run code on their phone that gives them too much information, while demonstrating that (as everyone with a clue knew already) the "curation" process is filled with flaws, which ends up in evil code running on your phone. At least an Android phone is as secure as its user (which, obviously, doesn't mean much for Average Joe, but does mean something for Mr PowerUser).
I hope Apple starts doing real curation someday, instead of the aphazard accept/refuse they currently do. AppStore has SO MANY evil/crap apps that I seldom open it, unless someone tells me "hey, check out that app". I'm sure I'm far from being the only one to do so.
Quote:
Originally Posted by hill60
I guess BitDefender shouldn't have been accessing people's private data.
it was more like @jkichline described. found this http://cl.ly/image/1Q0A2Q0c0L2u
And so when iOS 6 rolls out with increased privacy controls and requires user permission when an app attempts to access to contacts, calendar, etc. (making this removed app obsolete), the pundits will whine that the pop-up dialogs are a major annoyance.
Quote:
Originally Posted by cheeseburger
it was more like @jkichline described. found this http://cl.ly/image/1Q0A2Q0c0L2u
I'm pretty sure he already knew that. He was simply wanting to push the issue away from nefarious appStore apps and deflect to BitDefender instead.
I said this before, I want a program like Little Snitch for IOS and program like Saft which you can use with Safar to block website from hitting with all kinds of ad and putting back user information. I use little snitch to keep programs from phoning home about how I using there products and such, none of their business as far as am concern. If you had a power to block apps from phoning home this would solve this problem.
Quote:
Originally Posted by mstone
Got to love the kerfuffle. Probably because apps are not supposed to be able to see other app's data, processing, activity etc. You know proper sandbox and all. Too bad really if they were actually looking out for the consumer.
It doesn't track other apps. It merely pulls a list of apps that are on your device and pulls down information already gathered about what those apps do from their database to your phone. It's clever in that it's a simple idea... It's not really breaking the sandbox.
Would be nice for Apple to actually build in information in the Settings app that told you all of this information, including how much data/CPU each one is using up... Then it'd be easier to know which apps are causing problems.
Maybe they pulled it from the app store because it conflicts with future iOS updates...
Quote:
Originally Posted by jowie74
It doesn't track other apps. It merely pulls a list of apps that are on your device and pulls down information already gathered about what those apps do from their database to your phone. It's clever in that it's a simple idea... It's not really breaking the sandbox.
Would be nice for Apple to actually build in information in the Settings app that told you all of this information, including how much data/CPU each one is using up... Then it'd be easier to know which apps are causing problems.
Maybe they pulled it from the app store because it conflicts with future iOS updates...
Evil...I mean bbbaaaahhhhhh
Quote:
Originally Posted by Maestro64
I said this before, I want a program like Little Snitch for IOS and program like Saft which you can use with Safar to block website from hitting with all kinds of ad and putting back user information. I use little snitch to keep programs from phoning home about how I using there products and such, none of their business as far as am concern. If you had a power to block apps from phoning home this would solve this problem.
I've been saying the same thing for years. I don't make much use of my iOS devices except in specific cases, precisely because we DON'T have something like this.
Quote:
Originally Posted by jowie74
It doesn't track other apps. It merely pulls a list of apps that are on your device
So how does it get that list. Sounds like something that is perhaps a private API which could be why Apple pulled it as we aren't allowed to use such things in our apps
as opposed to say, building a database of the details and I put in what app I am curious about regardless of whether it is on my device or not
Why on Earth do the AI editors or writers seem to choose random forums in which to post their threads? This is an iOS story. It doesn't belong in the Mac Software Forum. At least it wasn't posted in Genius Bar like so many of the other recent stories.
Quote:
Originally Posted by tonton
Why on Earth do the AI editors or writers seem to choose random forums in which to post their threads? This is an iOS story. It doesn't belong in the Mac Software Forum. At least it wasn't posted in Genius Bar like so many of the other recent stories.
Agreed, altho after-the-fact the same Russian "hacker" now also offers a Mac app exploit that does the same thing.