Page 1 of 2 12 LastLast
Results 1 to 20 of 22
  1.    #1  
    August 17, 2009
    Dear iPhone Users: Your Apps Are Spying on You
    By SARAH PEREZ of ReadWriteWeb
    Recently, Palm came under fire when programmer Joey Hess discovered the Pre's smartphone OS was sending users' GPS locations back to Palm on a daily basis. Although this information was disclosed in the company's privacy policy, the majority of the phone's owners were unaware. The incident raised questions about consumer privacy and the extent to which both handset makers and developers were gathering data on mobile users.

    If you think you aren't affected by these types of troubles because you don't own a Pre, think again. Multiple iPhone applications - yes, even the ones approved by Apple - are also busy tracking your personal data and "phoning home." Which applications? What data? As an end user, determining this information is difficult. But some iPhone developers have been digging into this issue and the results of their findings may surprise you.

    Is Pinch Media Spyware? One Developer Says "Yes"

    As far as we know right now, Apple itself is not performing any user tracking via its pre-installed applications. However that doesn't mean that you're not being tracked by someone, somewhere. There are a number of applications available now in the iTunes App Store which track your user data, including things like location, your iPhone's unique ID, the phone's model, whether it's "jailbroken," and possibly even your gender, birth month and year, if the application is Facebook-enabled.

    Specifically, a mobile analytics company called Pinch Media is being singled out for being more intrusive than others when it comes to this sort of tracking. Mobile analytics firms like Pinch allow developers to insert code into their application for the purpose of tracking and analyzing how their users interact with applications. In general, this type of tracking is relatively harmless for the end user and helpful for the developer. It reveals stats like: how long did the user play the game or use the app? Do users access this feature more than that one? What time of day are users launching the app? How long do they use the app? And so on. The results of this type of tracking allows developers to make their apps more usable and helps them redesign or tweak aspects of the apps that may not be working.

    However, in the Pinch Media's case, the user tracking goes a bit further according to one iPhone developer. He says applications using Pinch Media track the following information:


    iPhone's unique ID
    iPhone Model
    OS Version
    Application version (in this case, camera zoom 1.x)
    If the application is cracked/pirated
    If your iPhone is jailbroken
    Time & date you start the application
    Time & date you close the application
    Your current latitude & longitude
    Your gender (if Facebook enabled)
    Your birth month (if Facebook enabled)
    Your birth year (if Facebook enabled)

    What's worse is that you're often never told that the app will be performing this level of detailed tracking and you're often never given the opportunity to opt-out. The data recorded is continuously tracked every time you use the application. This violation of user privacy is so egregious that the developer even goes so far as to call Pinch Media "iPhone spyware."

    In addition, a recent post on the iPhone Dev Team blog, the site hosted by the developers who release the jailbreaking and unlocking applications for the iPhone, also calls out Pinch Media for tracking your location even when it's unnecessary to do so. In the example they cited, an tip calculator app was identified as tracking your geographical location through time and uploading that data to Pinch Media.

    It's Not Pinch Media That's to Blame, It's Developers

    However, in the comments of the blog post, one developer using Pinch Media analytics fights back, claiming that his applications do request permission before gathering statistics. He bristles at the suggestion that they should be called "spyware."

    Pinch Media is also frustrated by these accusations. They argue that "no location can be sent back without the user's explicit opt-in...Since you have to press a button that explicitly allows the application to access your location, how could this possibly be without the user's consent?" The company also claims that the blog posts by this 0th3lo person are "full of factual inaccuracies." (Although they didn't detail specifically which parts are inaccurate). They even hint that the blogger's motivations are less about exposing user privacy violations and more about retaliating against the company because Pinch Media recently launched tools which allow developers to identify pirated (aka stolen) applications. That would be something that this particular developer, an active member of he hackulo.us forums (a forum for pirated apps), would not be fond of.

    The company assures us that their product complies with all major privacy laws, saying that no personally-identifying information is stored and the user opts in through the Licensed Application EULA, which specifically permits the gathering of information and sending it to third parties. In fact, says a company spokesperson, the tracking done by their company is even less intrusive than web analytics, where information is gathered without anyone's consent or opt-in, pointing to ads on this very website as an example of that.

    Is This Really an Issue?

    At the end of the day, is this sort of tracking all that invasive? Well, tracking a unique identifier such as the iPhone's UUID is not exactly comparable to the type of tracking you see on the web today. It's not anonymous data - it's an exact ID that's unique to each physical device Apple manufactures. And Pinch Media is not the only analytics company to track this information. Also, when tracking your location data on the iPhone (0th3lo says Pinch Media calculates this to 8 decimal points), that can be far more exact and accurate than any sort of geographically-based IP address lookup on the web. Instead of getting a general location, location data on a GPS-enabled mobile can identify your precise latitude and longitude.

    But should you be concerned? Perhaps. Although Apple requires applications ask if they can use your location upon launch, there aren't necessarily requirements for app developers to disclose what data they're tracking beyond location data, how often it's tracked, and what they're doing with that data when it's received. They also don't require that developers ask for your consent before this sort of detailed monitoring tacks place.

    Still, not all applications using analytics on the back-end are to be feared. For the most part, the data being recorded is anonymous and helps the developers make better apps. The problem is that, as of today, there's no way to know which apps are the safe ones.


    Want more? Thanks to @0th3lo, here's an ongoing list of applications that "phone-home" and what data is being tracked. Some examples on this list include: AroundMe, Aussie Rules LIVE, Camera Zoom, Discover, Flick Fishing, iiQuota, Mummy's Revenge, Police Scanner, Stickwars, The Moron Test, TouchGrind, Touch KO, TwiterFon, FaceFighter, Grunts, SmackTalk, Postman, vDrummer, Wobble, iFarty, iAppUSA, Lonely Planet Guide


    Copyright 2009 ReadWriteWeb. All Rights Reserved.
    Please Support Research into Fibromyalgia, Chronic Pain and Spinal Injuries. If You Suffer from These, Consider Joining or Better Yet Forming a Support Group. No One Should Suffer from the Burden of Chronic Pain, Jay M. S. Founder, Leesburg Fibromyalgia/Resources Group
  2. lamboh's Avatar
    Posts
    186 Posts
    Global Posts
    196 Global Posts
    #2  
    BIG BROTHER !!!!!!!!!!!!!!maybe george orwell was right.......
  3. #3  
    Quote Originally Posted by ilovedessert View Post
    Copyright 2009 ReadWriteWeb. All Rights Reserved.
    Heh.
    * Stuck patches? Partial erase worked for me.
    * Stuck virtual keyboard? Partial erase AND folder deletion worked for me.
  4. #4  
    Thats a lot of information to be tracking. It would be interesting to see all the results.
  5. #5  
    gf
    Last edited by PalmPre1337; 09/15/2012 at 03:49 PM.
  6. #6  
    At least the manufacturer of the iPhone isn't the guilty party here, unlike the Pre. The question I have for all of these "spyware" developers: Are they going to help you pay for the (not actually unlimited) data they steal from you?
  7. #7  
    ...
    Last edited by PalmPre1337; 09/15/2012 at 03:49 PM.
  8. Adjei's Avatar
    Posts
    277 Posts
    Global Posts
    708 Global Posts
    #8  
    Whatever helps you sleep at night Pre users.
  9. #9  
    1) The phone company's always know your approximate location (otherwise you wouldn't be able to receive a phone call.)

    2) If you don't want your exact location always known then don't get a phone with a GPS chip in it.

    3) If you want neither known, don't use a cell phone (unless its an anonymous pre-paid one.)
  10. #10  
    ...
    Last edited by PalmPre1337; 09/15/2012 at 03:49 PM.
  11. #11  
    Honestly, I don't care about all of this. Big deal, they know where I am. It's not like there's one employee tracking me at Palm or Apple. That's just absurd. If you want to know I'm at 6th and MindYourOwnBusiness Street, fine with me. I'm just getting my haircut. Want my autograph?
  12. #12  
    Remember when everyone was FREAKING out about how Google has the ability to post ads on google.com based on what you search for? There was a firestorm of things like "OMG, invasion of privacy, etc, etc". Now it's expected that ads are similar to what you are currently looking at on ANY web site.

    Like things that are "new" (and this isn't really new), people will get use to it and get over it. If you think the government or a company is constantly monitoring you and watching your every single step, then you need to go into a hospital - the mental kind.
  13. #13  
    Quote Originally Posted by chiliu78 View Post
    Remember when everyone was FREAKING out about how Google has the ability to post ads on google.com based on what you search for? There was a firestorm of things like "OMG, invasion of privacy, etc, etc". Now it's expected that ads are similar to what you are currently looking at on ANY web site.

    Like things that are "new" (and this isn't really new), people will get use to it and get over it. If you think the government or a company is constantly monitoring you and watching your every single step, then you need to go into a hospital - the mental kind.
    That's just scanning webpages though, it's not getting any personal info on you and it won't store your history unless you let it, and even then it's only if you have a Google account.
  14. #14  
    You have a link for the article?

    Need to rub it in someones face....
  15. #15  
    ...
    Last edited by PalmPre1337; 09/15/2012 at 03:49 PM.
  16. #16  
    The idea that a user gives "consent" by clicking on the EULA is bogus. All these developers know that their EULAs are so complex and long that no one ever reads them. If they really thought users didn't care, and were up-front about their monitoring, they'd have a separate agreement that says: "By the way, this app will track the following personal data about you, and upload it to our servers 48 times a day. You cool wit' dat?" The fact that they all bury it in the EULA is proof they don't really want buyers to think about it.

    For those who say they don't care, how about an app your company installs that let's them track when you're in your office and when you're not, and then uses it to challenge your timesheet?

    What if the government subpeona's the developers records, to try to track down people who visitied a particular crime scene on a particular day?

    What if a hacker gets access to the developers servers, and figures out you visitied a brothel, and splashes that info on the 'net?

    Now are you starting to think privacy might matter?
    Bob Meyer
    I'm out of my mind. But feel free to leave a message.
  17. #17  
    Quote Originally Posted by meyerweb View Post
    The idea that a user gives "consent" by clicking on the EULA is bogus. All these developers know that their EULAs are so complex and long that no one ever reads them. If they really thought users didn't care, and were up-front about their monitoring, they'd have a separate agreement that says: "By the way, this app will track the following personal data about you, and upload it to our servers 48 times a day. You cool wit' dat?" The fact that they all bury it in the EULA is proof they don't really want buyers to think about it.

    For those who say they don't care, how about an app your company installs that let's them track when you're in your office and when you're not, and then uses it to challenge your timesheet?

    What if the government subpeona's the developers records, to try to track down people who visitied a particular crime scene on a particular day?

    What if a hacker gets access to the developers servers, and figures out you visitied a brothel, and splashes that info on the 'net?

    Now are you starting to think privacy might matter?
    um then turn off location services and synergy. Have fun with your phone then.

    Or...i dunno...ready for this? DON'T BUY A SMART PHONE.

    Christ. To some people, the information they use (which has only been used for data/statics collection and synergy purposes) really isn't that serious. Its the conspiracy theorist who get all antsy about it.

    (btw, your job has all right if they provide you a work phone to track where you are on said phone....esp. if you are stealing money from the company misreporting your time sheet).
  18. #18  
    I think the bottom line here is, if you're being tracked you should be told about it. I believe Palm did disclose their activities in the agreement. With Apple, it's the software developers that are doing this (which I believe is more worrisome). But if they are indeed disclosing this in their agreements, then it's user beware.
    Sony Clie --> Tungsten t2 --> iPhone3g --> Palm Pre --> Droid
  19. #19  
    Quote Originally Posted by Kupe View Post
    At least the manufacturer of the iPhone isn't the guilty party here, unlike the Pre. The question I have for all of these "spyware" developers: Are they going to help you pay for the (not actually unlimited) data they steal from you?
    No one is "stealing" information. If a user clicks on "OK" without bothering to read what they're agreeing to, the user is the "guilty party".
  20. atlanta's Avatar
    Posts
    324 Posts
    Global Posts
    337 Global Posts
    #20  
    DAMN the iphone records more info than the PRE.
Page 1 of 2 12 LastLast

Posting Permissions