Apple Yanks Privacy App From the App Store

wiredmikey writes "Back in May of this year, Internet security firm Bitdefender launched 'Clueful,' an iOS App that helps identify potentially intrusive applications and show users what they do behind their back, and giving users an inside look at all the information app developers can gather about a user. Seems legit, right? Apple doesn't think so. Or at least they have an issue with something behind the App that sparked them to pull it from the App Store. After initially reviewing and approving the App that was released on May 22, Apple has had a change of heart and has just removed the App from the AppStore. It's unclear [why it was yanked], and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal. Interestingly, Bitdefender did share some data that they gathered based on Clueful's analysis of more than 65,000 iOS apps so far, including the fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them."

Apple is beside itself on this one.

[sethstorm]

Sounds like Apple wants to be on both sides of their 1984 commercial. Not only do they want to be on the side that "is different" while being on the side that hates freedom and privacy.

Re:Apple is beside itself on this one.

[zeroryoko1974]

They want to be on the side that makes them billions of dollars a year

Re:Apple is beside itself on this one.

[tapspace]

Agreed... which if the average Joe valued his or her own privacy and freedom to control their own device, wouldn't be the side that makes billions of dollars a year. But unfortunately, Joe doesn't give a shit, so it is.

I seriously hope you're not referring to android here. Yeah, I want my phone to a direct feed into the servers of the world's largest targeted marketing multinational. I have an iPhone specifically because it lacks Google integration. If the average Joe valued his or her privacy as much as this, he or she wouldn't own a smartphone at all.

Re:Apple is beside itself on this one.

[MrHanky]

You could, of course, use Android without the Google integration (quite possible) or simply Something Else Entirely, like Meego, Symbian, Bada, WebOS, Blackberry or whatever. Choosing the iPhone for your privacy is just plain moronic.

Most of the app developers probably don't know

That the ad library they embed is tracking the user location.

Sounds correct

[freeweaver]

Of course, you understand this has nothing to do with privacy right? The app was pulled because it didn't conform to our freedom respecting terms & conditions.

That is, our freedom to collect all your data.

Re:rotten

[RLBrown]

Dirty work? Do not be so sure. The article raises the possibility that Apple did not like the Clueful app because it discloses to users that some developers are in fact evil. But then this possibility is knocked down as not being likely. So we are left with a big question as to why the Clueful app was pulled. The most likely reason is that the app fell into a technical TOS violation, something that is prohibited but in this case would have in fact been okay. Perhaps because the app sends user data back to the developer? Even if that was done for benign and beneficial use, it could still be a TOS violation. Let's not conjure up headlines. I know a lot of developers do not like the walled garden, but after the "Find and Call" incident, maybe users view the wall in a different light.

NDA What?

[sir-gold]

What kind of NDA do they have that keeps them from saying why it was pulled? (or do they have a "fight club" NDA prohibiting them from talking about the NDA?)

Does Apple make every iOS developer sign an NDA, or only the security researchers.

Something doesn't add up here.

Who's that?

[Sponge+Bath]

That's Clueful, he fights for the iUsers.

Re:Sounds like scare-ware to me

The problem with this sort of app is it is delivering information based on some probing and some guesses but has no idea what is being done with the information. Not knowing anything about Clueful I can only guess they are looking for API calls that would tend to indicate certain behaviors are present in an app.

The first caution therefore is that because an API call is present in an app there is nothing whatsoever to indicate when or how it is being used, if it is being used at all. Therefore we are talking about possibilities and potentialialities, not facts.

Emphasis mine. There is no problem with this sort of application. This is exactly the reason the application exists, to inform you that you have no idea what is being done with the information.

Seems like you're either a shill, or completely missed the point that such applications and users of such applications have a desire to know more (than apparently 40% of the other applications aren't telling).

Re:Sounds like scare-ware to me

[Halo1]

The problem with this sort of app is it is delivering information based on some probing and some guesses but has no idea what is being done with the information. Not knowing anything about Clueful ...

Not knowing anything about Clueful, you spend 5 paragraphs criticising the developers of that application for presenting information that may not be 100% correct. You need to look up the definition of "irony" and do it fast, because I feel a new one is in the making.

Re:Not what I signed up for

Even without the app, after I JB-ed my device and started running PMP (Protect My Privacy), and Firewall IP, two apps available from Cydia, it was an eye-opener.

I ran a news app. It connected to an insane amount of ad, behaviorial targeting, monitoring, tracking, and other sites that had zilch to deal with news, and all to deal with obtaining what the user has. Eventually, I just allowed it to connect to its own sites and blacklisted everything else.

I fired up another app. It didn't just want contacts, it wanted in one's music collection, and connected to all kinds of sites, none relevant in any way to what it was doing.

Apple needs to revisit iOS's security model. Because Apple does a damn good job at stopping most stuff before it gets on the App Store, it has kept people safe for a while. However, iOS's security allows an app to do what it wants to except delete pictures once it gets installed on the device. The only time a user would get prompted is if the device was using the GPS or was going to use notifications. Other than that, it could slurp the contact list and use the phone as an outgoing spam machine.

Walled Garden

[Adrian+Lopez]

I'm not at all unsympathetic, but that's what you get when you develop for a "curated" platform.

Re:rotten

[dracocat]

This is probably nothing more than the app had to have broken out of its sandbox. There should not have been a way for the app to monitor what other apps were doing without doing something disallowed by Apple.

Not saying I don't want this app, or that some arrangement/exclusion shouldn't be reached by the two companies (perhaps with a code review to make sure everything they are doing outside of the sandbox is benign), but I don't think this is a big conspiracy.

Just simply Apple continuing in its tunnel vision of not allowing apps full freedom on its phone.

Would definitely install this app if it was brought back. Perhaps release code so we can install it ourselves?

Re:preface: I'm not an IOS programmer...

[Anubis+IV]

Yes, they have to ask. The prompt is generated automatically in response to their request for location data, as you suggested, and suppressing it would do no good, since apps are sandboxed, meaning that they have no other recourse if the user denies the prompt or never sees it in the first place. I'm not aware of any way around it, and I seriously doubt there's a way around that's in use by a double-digit percentage of apps but has not yet been discovered by Apple and eliminated.

Re:rotten

[fustakrakich]

We have no choice but to speculate.

Yep, and we should always assume the worst until they come clean. It's the only way to get a response.