Oh, the irony.... App Pirates

Discussion in 'iPhone' started by lee.anderson, Aug 12, 2009.

  1. lee.anderson macrumors regular


    Aug 28, 2006
    I recently took a visit to a well know App Store Pirate forum, and stumbled upon a thread about apps phoning home.

    It turns out, quite a few apps now send personal information from the iPhone to the developer if it detects its been cracked.
    People who buy the apps that phone home are totally safe, as the code probably won't execute unless the app is cracked and the device is jailbroken.

    There are members who say they are writing to apple, saying its illegal :rolleyes:, and really angry that developers are stealing their info :D

    Although I think that there could be some improvement in the app store, like trial periods, I fully support the developers for doing this.

    What goes around, comes around.
  2. kas23 macrumors 603


    Oct 28, 2007
    And how do you know that these same Apps aren't phoning-home for legit users? Sounds very sketchy to me. I would likely want to avoid these Apps regardless.
  3. sinsin07 macrumors 68040

    Mar 28, 2009
    The premise sounds good, but you are too trusting. There is a potential for abuse. You are relying on the good coding practices of unknown third party developers form countries all over the world. First mistake.
    Second is you are relying on Apple to ensure that every app doing this is doing it for a good reason. Haven’t Apps made it through the App store only to be yanked later? Second mistake.

    I don’t want developers to lose money to hacked apps, but I don’t want Ivan from XXXcountry or Mintimba from XXXCountry creating an app that fools Apple and gets my personal information.
    Of course my concerns could be farfetched, being I don’t know what the devs are using for the detection method for a JB, or the criteria for what’s cracked or not.

    I had to XXXX out country names, don't want to offend :)
  4. iUser4Lyfe macrumors 6502

    Jun 15, 2009
    Exactly. This is a real slippery slope and I won't support devs that do this
  5. lee.anderson thread starter macrumors regular


    Aug 28, 2006
    Yeah, it could be a problem, but I would assume that because apps are developed in a sandbox, there are security measures that would stop the app gathering personal information outside of the app itself. As jailbreaking the iPhone and cracking the app would probably unlock the sandbox that the apps execute in, it could do it only then.

    Apps know they are cracked when they check the SignerIdentity, so if you bought it you have nothing to worry about. Even if you are jailbroken I wouldn't be worried, only if you crack the apps.

    I would think that apple would not let this happen on legit purchased apps, why do you think their review process is so long?

    This is purely speculation though, My knowledge is limited at the moment (halfway through a long Obj-C book :D)
    I can see your point though, if it does happen on legit apps then something needs to be changed.
  6. mackmgg macrumors 65816


    Nov 2, 2007
    I'm jailbroken, but I dont pirate apps. I don't wanna my info to be shared just cuz i wanna theme my phone
  7. Rusalka macrumors regular


    Dec 8, 2008
    Northern Virginia
    I like how your attempt to spread FUD just backfired.

  8. OneMike macrumors 603


    Oct 19, 2005
    Definitely. I always wonder this. That's a reason I'm real skeptical of the information I put in apps. Also check my logs when I'm on network and see where traffic is going when I open apps.
  9. lee.anderson thread starter macrumors regular


    Aug 28, 2006
    Talking to me?

    What FUD have I been spreading may I ask?
  10. TSX macrumors 68030


    Oct 1, 2008
    I dont think apple will allow apps that collect info, in their store.

    My guess is that their telling people this to scare them.
  11. Warbrain macrumors 603


    Jun 28, 2004
    Chicago, IL
    Nope, don't like this one bit. Any app that phones home will not be on my iPhone.
  12. BNZ1 macrumors regular

    Nov 11, 2008
    This is old news in the developer circles, there are some good blogs on it. The apps are not sending personal info back, the send the device ID. This is required for apps with an online scoreboard etc, or basically any online interactions. Similar to spam blacklists, developers can now share the list of device id's that have run a cracked app and block them from recieving all features inside applications.

    I have said several times before on here I use cracked apps on a semi-regularly basis (always different apps) for trial purposes on any apps over $1.50. This was great for testing Navigon/Sygic back to back. I think Apple introducing a 24/48 hour try before you buy period on full version apps would heavily reduce the use of cracked apps.
  13. petermcphee macrumors 6502a


    Aug 20, 2008
    This thread probably just spawned the need for "Little Snitch: iPhone edition." Lulz.
  14. netslacker macrumors 6502

    Jan 21, 2008
    The only information a developer has access to is the UDID of the device. He cannot (following the SDK and the documented APIs) get the IMEI, phone number, name or whatever from the device. That information is off limits and Apple has done quite a bit to ensure that the info stays off limits.

    I'd be more worried about apps from Cydia as they would have access to any info they wanted and there is no policing it.
  15. SpaceKitty macrumors 68040


    Nov 9, 2008
    Fort Collins Colorado
    There is one app that phones home every time it updates it's content and that is one called Police Scan. Every time the app starts up, it phones home in order to update the list of police broadcasts that it offers. It also checks to see of the app us cracked or not. Many apps are doing this now and as long as this is all it's checking, is there really a problem here? I don't think so. Developers just want to get paid for their apps.
  16. SpaceKitty macrumors 68040


    Nov 9, 2008
    Fort Collins Colorado
    How will you know which ones they are?
  17. 0th3lo macrumors newbie


    Aug 12, 2009
    /sigh.. you know i'm really tired today.. so very tired, but here we go!

    Firstly, the post this "leeanderson" is referring to is my post about my blog ref (http://i-phone-home.blogspot.com/) which is dedicated to privacy, security and network leaks in iPhone applications.

    Personally, I myself buy every iPhone application that I use on a long term basis, further to this I use many applications which are of course free on the iPhone Appstore.

    The blog and the issue "leeanderson" is referring to, has nothing to do with pirated software at all. In fact, everything discussed on the blog refers to applications paid or otherwise running on iPhone’s (all models) on firmware(s) from 2.2 to 3.01.

    If you are seriously interested in forming an educated opinion, please review my article "http://i-phone-home.blogspot.com/2009/07/pinchmedia-anatomy-of-spyware-vendor.html" which will give you a reasonably complete overview of how these so called "user-metrics" push the boundary of what users should find acceptable.

    Personally, I find his post uninformed and offensive as I spend countless hours analysing the network traffic of many, many iPhone applications to ensure there are no data-leaks or privacy concerns. On top if this I manage at personal cost a Cydia repository (which only contains my work) which automatically updates concerned users iPhones with a targeted host file replacement preventing the offending applications sending data out of your phone.

    In fact, quite recently (and more discussion is in progress with other dev’s) we have had one developer of a top 25, iPhone application agree to remove the offending code from his application ref (http://i-phone-home.blogspot.com/2009/07/iphone-user-tracking-analytics.html).

    Again, it saddens me that miss-information about what really is an issue that should be a serious concern to any iPhone user is miss-represented as such.

    Kind regards
  18. Eso macrumors 68000


    Aug 14, 2008
    Owned. The log out button is that way arrow-up-right.gif
  19. jayenh macrumors 6502a

    Nov 13, 2008
    so are you saying apps are getting and sending home personal information, or simply the device id. if its just the device id what exactly is the concern?

    [edit] nevermind, took the time to click a link. i still don't see what the fuss is about. so they know someone in london or new york bought an app. what's the big deal? the second they take an email address, phone number, other apps installed, or activities in other apps (like browsing habits) and pass it on i'll be seriously annoyed, but at the moment i'm not sure what the fuss is, other than them no telling us.
  20. 0th3lo macrumors newbie


    Aug 12, 2009
    Hiya jayenh,

    In the end it really comes down to what each individual user is comfortable with, if you have no issues with (as an example):

    - iPhone's unique ID
    - iPhone Model
    - OS Version
    - Application version
    - If the application is cracked/pirated
    - If your iPhone is jailbroken
    - time & date you start the application
    - time & date you close the application
    - your current latitude & longitude
    - your gender (if facebook enabled)
    - your birth month (if facebook enabled)
    - your birth year (if facebook enabled)

    The above being sent to third parties, then it is not really a concern for you. Many users however are quite alarmed by such actions.

    Remember that this is a 3rd party, there is no agreement or privacy policy between you and this third party, furthermore thanks to the UDID this 3rd party can identify you across applications.

    Of course much more detail and information is included in the blog (http://i-phone-home.blogspot.com/)

    Personally i think it is better to be informed and have options =)

  21. jayenh macrumors 6502a

    Nov 13, 2008
    hey. i agree we should be informed, and i agree that apple letting this stuff happen is a "slippery slope"... at what point do they say "thats too much info"? and what are they doing about it. are they planning any changes?

    personally i don't mind them knowing when i open/close an app etc (though i'd still like them to say "we will be gathering this info" somewhere), however, the above is worrying. are you saying any app can grab this info from the facebook app?
  22. 0th3lo macrumors newbie


    Aug 12, 2009
    Hello jayenh =)

    To answer your query, any pinchmedia enabled application with facebook functions can access this information.

    So while they can't use just use any facebook iPhone app, they can use any pinchmedia enabled iPhone application.

    I guess another concern is, where does it stop? While the facebook functions are rather new, what is next?

    For me personally, the whole project started simply because of the network/data traffic & the inconvenience of the applications using my then slow edge connection (since upgraded to the 3GS and love it!).

  23. alFR macrumors 68020

    Aug 10, 2006
  24. kas23 macrumors 603


    Oct 28, 2007
    Yeah, too bad it won't be able to run in the background and be of any use. :(
  25. krayziekray macrumors 6502

    Sep 24, 2008
    I wonder how true this really is ....

    My first question is, if indeed this is true, how does Apple regulate and ensure that peoples personal information is not falling into the wrong hands so to speak?
    Second question is why else, apart from blocking access to features within the app, would the developer ever need the iPhone users age, gender, DOB???
    Finally, is obtaining personal information from the iPhone even possible using the standard SDK???

    :apple: KrayzieKray :apple:

Share This Page