LOL! Man, people really are up in arms about this. What exactly is the problem? Do you guys even know what you're mad about?
For me it's collection of data from a user's device without their permission. I don't care what it is he's collecting: He shouldn't be doing it without express user permission: According to the developer guidelines, you should not collect any information about a user without their express permission and a full disclosure at to what the data will be used for.
There is absolutely no operational reason for this data to be harvested, beyond the curiosity of the developer (and so he can drive visitors to his blog with these stories) and it shows a distinct lack of care for the users privacy. If he's collecting this data, how can he be trusted not to be harvesting e-mail addresses or even individual e-mails (containing photos and device locations), all of which go through his server
If people knew the passcode they use for this app was going to be sent back to the developer (he claims it to be anonymised, but again how can we trust that as he's already shown himself to be less than completely open about the app) then they'd probably use a different passcode for the app to that on their device. Without disclosure, many people will probably use the same one.