Slashdot Mirror
Apple Yanks Privacy App From the App Store
wiredmikey writes "Back in May of this year, Internet security firm Bitdefender launched 'Clueful,' an iOS App that helps identify potentially intrusive applications and show users what they do behind their back, and giving users an inside look at all the information app developers can gather about a user. Seems legit, right? Apple doesn't think so. Or at least they have an issue with something behind the App that sparked them to pull it from the App Store. After initially reviewing and approving the App that was released on May 22, Apple has had a change of heart and has just removed the App from the AppStore. It's unclear [why it was yanked], and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal. Interestingly, Bitdefender did share some data that they gathered based on Clueful's analysis of more than 65,000 iOS apps so far, including the fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them."
Sounds like Apple wants to be on both sides of their 1984 commercial. Not only do they want to be on the side that "is different" while being on the side that hates freedom and privacy.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
Somebody doesn't like potential victims to watch back. Wonder if this is really a rotten Apple, a big teleco-ISP, or perhaps NSA.
Damn, I wish I knew about that and installed it. All this surveillance, whether government or private, is really starting to creep me out. I don't want to live in a surveillance society. I will to live in place where people can live private lives free from scrutiny simply on the basis that it's none of their god-damned business.
That the ad library they embed is tracking the user location.
Of course, you understand this has nothing to do with privacy right? The app was pulled because it didn't conform to our freedom respecting terms & conditions.
That is, our freedom to collect all your data.
Hope to see it there soon.
Just check the box for an alternate app store, and install it from there
Oh, wait... never mind.
It's unclear [why it was yanked], and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal.
But we're the tech community, dammit! We're going to assume the worst! Argh! Hate! Mbxpz! Grrr! Woof! Howl!
What kind of NDA do they have that keeps them from saying why it was pulled? (or do they have a "fight club" NDA prohibiting them from talking about the NDA?)
Does Apple make every iOS developer sign an NDA, or only the security researchers.
Something doesn't add up here.
The problem with this sort of app is it is delivering information based on some probing and some guesses but has no idea what is being done with the information. Not knowing anything about Clueful I can only guess they are looking for API calls that would tend to indicate certain behaviors are present in an app.
The first caution therefore is that because an API call is present in an app there is nothing whatsoever to indicate when or how it is being used, if it is being used at all. Therefore we are talking about possibilities and potentialialities, not facts.
Some of the other "information" that is being dredged up seems questionable as well. How the heck does this outside app know what is being encrypted or not? API call search again? Examination of the data being sent to see if it "looks" encrypted? I don't know how you do that in an accurate and reliable manner. So again it is guesswork with perhaps some foundation to it but certainly not accurate.
Encryption of information on the device itself is again tough to determine accurately. If an app is storing a binary file in the Documents folder does that count as encrypted? What if it is a text file in the Cache folder that is data scraped from a public web site? Does that count as storing unencrypted information?
I can think of about 100 reasons why this app is misleading and simply some kind of scareware. It has some foundation for the information it is displaying but this information cannot be trusted to be reliable. With all the stuff in the Apple App Store I can imagine there are a few that have significant funding behind them with people that would be plenty pissed about Clueful misidentifying their app's behavior. And that is going to go right back to Apple in a big way. No doubt someone already called them on it and this is why it was pulled.
including the fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them.
Unless they're doing something shady with private APIs or the like, I don't see how this is possible considering an app has to ask permission to enable location tracking, and the user can both see which applications they've granted it to and which ones have used it in the last 24 hours by going to their general settings.
I think what they really mean is, "We have nothing to lose after having our app pulled, so let's burn bridges by pretending that user's don't explicitly give permission for location tracking and saying that every app that tracks location is doing it behind the user's backs."
Also, what's up with both links in the summary going to the same article?
It's unclear [why it was yanked], and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal.
Why is this allowed? Corporations shouldn't be allowed to violate freedom of speech. I think its high time the First Amendment was updated to reflect the realities of the modern world.
That's Clueful, he fights for the iUsers.
Does this mean the difference between Android malware and iOS malware is you know what information the Android malware is stealing?
It's a bit harsh to call them that!
I'm not at all unsympathetic, but that's what you get when you develop for a "curated" platform.
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
Or the program controls the user
Just asking the obvious.
When all you have is a hammer, every problem starts to look like a thumb.
Just a reminder for anyone who's been on vacation the past few weeks:
Apple products are no longer cool. And increasingly, owning an Apple product makes you a big douchebag.
Be advised. You don't want to buy a new iPhone or iPad and then find out that everyone looks at you like a huge loser for supporting a company that doesn't want you to be able to find out what they are doing with your information.
You are welcome on my lawn.
... however, does an app HAVE to ask permission in order to enable that functionality? Up front, I would imagine that an attempt to access a feature via API call that the info box would automatically pop up to grant permission, but can this be suppressed? And further, if it can be suppressed, can the user input be mimicked or a bit set to say "the user is ok with this"?
This is just my tin-foil hat I-haven't-programmed-anything-since-my-old-Amiga rant, but it seems like it could be plausible.
Fifty watts per channel, baby cakes.
It's impossible to get geo information from CoreLocation without the user tapping the "Allow" button that's presented by iOS which asks them if the app wants to use it's location.
These are a ton of privacy issues with apps, but this assertion that users are having their location used without their knowledge is just sensational, inaccurate reporting.
[itunes.apple.com/us/app/dredging-toolbox/id458919054?mt=8]
While of questionable use to anyone not in the dredging community, my app does exactly what it says nothing more.
Really the App world needs to be opened to public code reviews and open source policy.
If it's a walled garden then apple should have been protecting us from these obvious malware attempts.
Has anyone considered that Apple might be pulling a Siri here and acquiring it?
There is an article on a nice individual that took the time to check this issue out.
all over again?
There's probably more one than write up in Slashdot, but I couldn't find the one I was looking for
“He’s not deformed, he’s just drunk!”
Apple don't typically allow you to snoop on what other applications are doing. Applications are supposed to be sandboxed to prevent this. I would assume that there's a far more mundane reason for banning this application - that it was doing things it wasn't supposed to be doing.
Bogtha Bogtha Bogtha
"The fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them."
...because iOS always asks on the first location look-up and it always shows the arrow/gps icon in the upper right. Also, you can shut off GPS app-by-app or for all in the prefs. If apps are somehow going around Apple's only way to access the GPS, they wouldn't be approved; this is impossible. Obviously, if BitDefender's app can tell that easily, Apple's screening process would detect a private API GPS call, and flag the app. A few falling through the cracks is one thing, but 41.1% is some type of sensationalism or scare-mongering (i.e. a lie). The only possibility of any truth is that "bad" apps send-out the wifi base station name or IP address and get a general location from that. They're not accessing the GPS without permission.
My Vampire friends ...........
I bought Clueful five minutes after reading about it, paying something like 28 SKR = 4 USD. It has not worked once, but instead crashed everytime on my IOS5, never tampered with, iPhone4S. Reinstalled 10+ times.
This was 1-2+ months ago and there have been no updates.
...to Cydia where sympathy for Apple's banhammer is found in the dictionary between shit and syphilis.
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
The only plausible explanation I see is that they were either hired by or are in negotiations with Apple. There is no other way Apple could force an NDA on them. The reason for pulling the app is probably the same as for pulling the original Siri app. Makes perfect sense for Apple to hire these people to help them screen apps, considering that they've both proven to be better at it than Apple themselves and that they're motivated.
I've been saying for years that I won't have anything to do with Apple. It started for me with iTunes and the restrictions that it imposed on access to my devices. Then there was the geo-tracking logs that were revealed on the iphone and the general way that Apple likes to restrict user access to it's hardware.
They are the worst offender when it comes to open systems and user tracking. Dump your iphone in the nearest trashcan and learn to live without it. While they have such a huge lock on the market, they have no reason to change, give them a reason.
Bad Apple, down boy.