Oh, the irony.... App Pirates

lee.anderson

lee.anderson

macrumors regular
I recently took a visit to a well know App Store Pirate forum, and stumbled upon a thread about apps phoning home.

It turns out, quite a few apps now send personal information from the iPhone to the developer if it detects its been cracked.
People who buy the apps that phone home are totally safe, as the code probably won't execute unless the app is cracked and the device is jailbroken.

There are members who say they are writing to apple, saying its illegal :rolleyes:, and really angry that developers are stealing their info :D

Although I think that there could be some improvement in the app store, like trial periods, I fully support the developers for doing this.

What goes around, comes around.
 
And how do you know that these same Apps aren't phoning-home for legit users? Sounds very sketchy to me. I would likely want to avoid these Apps regardless.
 
lee.anderson said:
I recently took a visit to a well know App Store Pirate forum, and stumbled upon a thread about apps phoning home.

It turns out, quite a few apps now send personal information from the iPhone to the developer if it detects its been cracked.
People who buy the apps that phone home are totally safe, as the code won't execute unless the app is cracked and the device is jailbroken.

There are members who say they are writing to apple, saying its illegal :rolleyes:, and really angry that developers are stealing their info :D

Although I think that there could be some improvement in the app store, like trial periods, I fully support the developers for doing this.

What goes around, comes around.
Click to expand...

The premise sounds good, but you are too trusting. There is a potential for abuse. You are relying on the good coding practices of unknown third party developers form countries all over the world. First mistake.
Second is you are relying on Apple to ensure that every app doing this is doing it for a good reason. Haven’t Apps made it through the App store only to be yanked later? Second mistake.

I don’t want developers to lose money to hacked apps, but I don’t want Ivan from XXXcountry or Mintimba from XXXCountry creating an app that fools Apple and gets my personal information.
Of course my concerns could be farfetched, being I don’t know what the devs are using for the detection method for a JB, or the criteria for what’s cracked or not.

I had to XXXX out country names, don't want to offend :)
 
kas23 said:
And how do you know that these same Apps aren't phoning-home for legit users? Sounds very sketchy to me. I would likely want to avoid these Apps regardless.
Click to expand...

Exactly. This is a real slippery slope and I won't support devs that do this
 
kas23 said:
And how do you know that these same Apps aren't phoning-home for legit users? Sounds very sketchy to me. I would likely want to avoid these Apps regardless.
Click to expand...

Yeah, it could be a problem, but I would assume that because apps are developed in a sandbox, there are security measures that would stop the app gathering personal information outside of the app itself. As jailbreaking the iPhone and cracking the app would probably unlock the sandbox that the apps execute in, it could do it only then.

Apps know they are cracked when they check the SignerIdentity, so if you bought it you have nothing to worry about. Even if you are jailbroken I wouldn't be worried, only if you crack the apps.

I would think that apple would not let this happen on legit purchased apps, why do you think their review process is so long?

This is purely speculation though, My knowledge is limited at the moment (halfway through a long Obj-C book :D)
I can see your point though, if it does happen on legit apps then something needs to be changed.
 
lee.anderson said:
Yeah, it could be a problem, but I would assume that because apps are developed in a sandbox, there are security measures that would stop the app gathering personal information outside of the app itself. As jailbreaking the iPhone and cracking the app would probably unlock the sandbox that the apps execute in, it could do it only then.

This is purely speculation though, My knowledge is limited at the moment (halfway through a long Obj-C book :D)
Click to expand...

I'm jailbroken, but I dont pirate apps. I don't wanna my info to be shared just cuz i wanna theme my phone
 
kas23 said:
And how do you know that these same Apps aren't phoning-home for legit users? Sounds very sketchy to me. I would likely want to avoid these Apps regardless.
Click to expand...

Definitely. I always wonder this. That's a reason I'm real skeptical of the information I put in apps. Also check my logs when I'm on network and see where traffic is going when I open apps.
 
I dont think apple will allow apps that collect info, in their store.

My guess is that their telling people this to scare them.
 
This is old news in the developer circles, there are some good blogs on it. The apps are not sending personal info back, the send the device ID. This is required for apps with an online scoreboard etc, or basically any online interactions. Similar to spam blacklists, developers can now share the list of device id's that have run a cracked app and block them from recieving all features inside applications.

I have said several times before on here I use cracked apps on a semi-regularly basis (always different apps) for trial purposes on any apps over $1.50. This was great for testing Navigon/Sygic back to back. I think Apple introducing a 24/48 hour try before you buy period on full version apps would heavily reduce the use of cracked apps.
 
The only information a developer has access to is the UDID of the device. He cannot (following the SDK and the documented APIs) get the IMEI, phone number, name or whatever from the device. That information is off limits and Apple has done quite a bit to ensure that the info stays off limits.

I'd be more worried about apps from Cydia as they would have access to any info they wanted and there is no policing it.
 
There is one app that phones home every time it updates it's content and that is one called Police Scan. Every time the app starts up, it phones home in order to update the list of police broadcasts that it offers. It also checks to see of the app us cracked or not. Many apps are doing this now and as long as this is all it's checking, is there really a problem here? I don't think so. Developers just want to get paid for their apps.
 
lee.anderson said:
I recently took a visit to a well know App Store Pirate forum, and stumbled upon a thread about apps phoning home.

It turns out, quite a few apps now send personal information from the iPhone to the developer if it detects its been cracked.
People who buy the apps that phone home are totally safe, as the code probably won't execute unless the app is cracked and the device is jailbroken.

There are members who say they are writing to apple, saying its illegal :rolleyes:, and really angry that developers are stealing their info :D

Although I think that there could be some improvement in the app store, like trial periods, I fully support the developers for doing this.

What goes around, comes around.
Click to expand...

/sigh.. you know i'm really tired today.. so very tired, but here we go!

Firstly, the post this "leeanderson" is referring to is my post about my blog ref (http://i-phone-home.blogspot.com/) which is dedicated to privacy, security and network leaks in iPhone applications.

Personally, I myself buy every iPhone application that I use on a long term basis, further to this I use many applications which are of course free on the iPhone Appstore.

The blog and the issue "leeanderson" is referring to, has nothing to do with pirated software at all. In fact, everything discussed on the blog refers to applications paid or otherwise running on iPhone’s (all models) on firmware(s) from 2.2 to 3.01.

If you are seriously interested in forming an educated opinion, please review my article "http://i-phone-home.blogspot.com/2009/07/pinchmedia-anatomy-of-spyware-vendor.html" which will give you a reasonably complete overview of how these so called "user-metrics" push the boundary of what users should find acceptable.

Personally, I find his post uninformed and offensive as I spend countless hours analysing the network traffic of many, many iPhone applications to ensure there are no data-leaks or privacy concerns. On top if this I manage at personal cost a Cydia repository (which only contains my work) which automatically updates concerned users iPhones with a targeted host file replacement preventing the offending applications sending data out of your phone.

In fact, quite recently (and more discussion is in progress with other dev’s) we have had one developer of a top 25, iPhone application agree to remove the offending code from his application ref (http://i-phone-home.blogspot.com/2009/07/iphone-user-tracking-analytics.html).

Again, it saddens me that miss-information about what really is an issue that should be a serious concern to any iPhone user is miss-represented as such.

Kind regards
0th3lo
 
lee.anderson said:
What FUD have I been spreading may I ask?
Click to expand...

0th3lo said:
Firstly, the post this "leeanderson" is referring to is my post about my blog ref (http://i-phone-home.blogspot.com/) which is dedicated to privacy, security and network leaks in iPhone applications
...
Again, it saddens me that miss-information about what really is an issue that should be a serious concern to any iPhone user is miss-represented as such.
Click to expand...

Owned. The log out button is that way arrow-up-right.gif
 
0th3lo said:
/sigh.. you know i'm really tired today.. so very tired, but here we go!

Firstly, the post this "leeanderson" is referring to is my post about my blog ref (http://i-phone-home.blogspot.com/) which is dedicated to privacy, security and network leaks in iPhone applications.

Personally, I myself buy every iPhone application that I use on a long term basis, further to this I use many applications which are of course free on the iPhone Appstore.

The blog and the issue "leeanderson" is referring to, has nothing to do with pirated software at all. In fact, everything discussed on the blog refers to applications paid or otherwise running on iPhone’s (all models) on firmware(s) from 2.2 to 3.01.

If you are seriously interested in forming an educated opinion, please review my article "http://i-phone-home.blogspot.com/2009/07/pinchmedia-anatomy-of-spyware-vendor.html" which will give you a reasonably complete overview of how these so called "user-metrics" push the boundary of what users should find acceptable.

Personally, I find his post uninformed and offensive as I spend countless hours analysing the network traffic of many, many iPhone applications to ensure there are no data-leaks or privacy concerns. On top if this I manage at personal cost a Cydia repository (which only contains my work) which automatically updates concerned users iPhones with a targeted host file replacement preventing the offending applications sending data out of your phone.

In fact, quite recently (and more discussion is in progress with other dev’s) we have had one developer of a top 25, iPhone application agree to remove the offending code from his application ref (http://i-phone-home.blogspot.com/2009/07/iphone-user-tracking-analytics.html).

Again, it saddens me that miss-information about what really is an issue that should be a serious concern to any iPhone user is miss-represented as such.

Kind regards
0th3lo
Click to expand...

so are you saying apps are getting and sending home personal information, or simply the device id. if its just the device id what exactly is the concern?


[edit] nevermind, took the time to click a link. i still don't see what the fuss is about. so they know someone in london or new york bought an app. what's the big deal? the second they take an email address, phone number, other apps installed, or activities in other apps (like browsing habits) and pass it on i'll be seriously annoyed, but at the moment i'm not sure what the fuss is, other than them no telling us.
 
Hiya jayenh,

In the end it really comes down to what each individual user is comfortable with, if you have no issues with (as an example):

- iPhone's unique ID
- iPhone Model
- OS Version
- Application version
- If the application is cracked/pirated
- If your iPhone is jailbroken
- time & date you start the application
- time & date you close the application
- your current latitude & longitude
- your gender (if facebook enabled)
- your birth month (if facebook enabled)
- your birth year (if facebook enabled)

The above being sent to third parties, then it is not really a concern for you. Many users however are quite alarmed by such actions.

Remember that this is a 3rd party, there is no agreement or privacy policy between you and this third party, furthermore thanks to the UDID this 3rd party can identify you across applications.

Of course much more detail and information is included in the blog (http://i-phone-home.blogspot.com/)

Personally i think it is better to be informed and have options =)

0th3lo
 
0th3lo said:
- your gender (if facebook enabled)
- your birth month (if facebook enabled)
- your birth year (if facebook enabled)
Click to expand...

hey. i agree we should be informed, and i agree that apple letting this stuff happen is a "slippery slope"... at what point do they say "thats too much info"? and what are they doing about it. are they planning any changes?

personally i don't mind them knowing when i open/close an app etc (though i'd still like them to say "we will be gathering this info" somewhere), however, the above is worrying. are you saying any app can grab this info from the facebook app?
 
Hello jayenh =)

To answer your query, any pinchmedia enabled application with facebook functions can access this information.

So while they can't use just use any facebook iPhone app, they can use any pinchmedia enabled iPhone application.

I guess another concern is, where does it stop? While the facebook functions are rather new, what is next?

For me personally, the whole project started simply because of the network/data traffic & the inconvenience of the applications using my then slow edge connection (since upgraded to the 3GS and love it!).

0th3lo
 
I wonder how true this really is ....

My first question is, if indeed this is true, how does Apple regulate and ensure that peoples personal information is not falling into the wrong hands so to speak?
Second question is why else, apart from blocking access to features within the app, would the developer ever need the iPhone users age, gender, DOB???
Finally, is obtaining personal information from the iPhone even possible using the standard SDK???

:apple: KrayzieKray :apple:
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Back
Top