Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Yanks Privacy App From the App Store

timothy posted more than 2 years ago | from the earwigs-in-the-glass-garden dept.

IOS 136

wiredmikey writes "Back in May of this year, Internet security firm Bitdefender launched 'Clueful,' an iOS App that helps identify potentially intrusive applications and show users what they do behind their back, and giving users an inside look at all the information app developers can gather about a user. Seems legit, right? Apple doesn't think so. Or at least they have an issue with something behind the App that sparked them to pull it from the App Store. After initially reviewing and approving the App that was released on May 22, Apple has had a change of heart and has just removed the App from the AppStore. It's unclear [why it was yanked], and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal. Interestingly, Bitdefender did share some data that they gathered based on Clueful's analysis of more than 65,000 iOS apps so far, including the fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them."

Sorry! There are no comments related to the filter you selected.

Apple is beside itself on this one. (4, Insightful)

sethstorm (512897) | more than 2 years ago | (#40704641)

Sounds like Apple wants to be on both sides of their 1984 commercial. Not only do they want to be on the side that "is different" while being on the side that hates freedom and privacy.

Re:Apple is beside itself on this one. (5, Insightful)

zeroryoko1974 (2634611) | more than 2 years ago | (#40704657)

They want to be on the side that makes them billions of dollars a year

Re:Apple is beside itself on this one. (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40704801)

Agreed... which if the average Joe valued his or her own privacy and freedom to control their own device, wouldn't be the side that makes billions of dollars a year. But unfortunately, Joe doesn't give a shit, so it is.

Re:Apple is beside itself on this one. (0)

Anonymous Coward | more than 2 years ago | (#40705227)

And the side that doesn't make billions of dollars of year is who exactly?

Re:Apple is beside itself on this one. (0)

Anonymous Coward | more than 2 years ago | (#40705553)

And the side that doesn't make billions of dollars of year is who exactly?

Well, at one point in the past there was Maemo whose apps generally didn't spy on you, and you had root access out of the box, and it was ahead of iOS on everything from cut and paste to multitasking.

But nobody bought it (*), so it didn't make those billions of dollars, so it went bust, while Android and iOS came along, sold out their users data to anyone who'd pay, locked down the devices, and made billions.

So there you go. The market spoke and it didn't want privacy or the ability to control the devices without JBing them.

(*) For an approximate value of "nobody"

Re:Apple is beside itself on this one. (0)

Anonymous Coward | more than 2 years ago | (#40705765)

nope Maemo was another bad attempt by the FOSS community to throw user unfriendly, only-geeks-apply software at the masses, and the masses never heard of it. Nokia seems to have this problem of producing cool hardware, and then screwing up at the software level.

Go read the wikipedia entry to see how unusable it is out of the box. The description reads like a nerd drooling.

Re:Apple is beside itself on this one. (1)

HarrySquatter (1698416) | more than 2 years ago | (#40705869)

Well, at one point in the past there was Maemo whose apps generally didn't spy on you, and you had root access out of the box, and it was ahead of iOS on everything from cut and paste to multitasking.

"Maemo" is not a company and it was produced by Nokia which is, you guessed it, a company that makes billions of dollars a year.

Re:Apple is beside itself on this one. (0)

Anonymous Coward | more than 2 years ago | (#40706105)

"a company that makes billions of dollars a year." ...but not from Maemo. That is now dead, so the parent post's point stands. And Nokia is in a death spiral now anyway, losing money and laying off tens of thousands, so it hardly makes the point you're trying to make.

Re:Apple is beside itself on this one. (0)

anomaly256 (1243020) | more than 2 years ago | (#40708133)

*loses* billions of dollars a year. There, fixed that for you.

Re:Apple is beside itself on this one. (0)

Anonymous Coward | more than 2 years ago | (#40706557)

"You will only install the apps that God-Emperor Jobs and his prophet Cook have decreed are holy, and you will fucking like it!"

Re:Apple is beside itself on this one. (4, Insightful)

tapspace (2368622) | more than 2 years ago | (#40706685)

Agreed... which if the average Joe valued his or her own privacy and freedom to control their own device, wouldn't be the side that makes billions of dollars a year. But unfortunately, Joe doesn't give a shit, so it is.

I seriously hope you're not referring to android here. Yeah, I want my phone to a direct feed into the servers of the world's largest targeted marketing multinational. I have an iPhone specifically because it lacks Google integration. If the average Joe valued his or her privacy as much as this, he or she wouldn't own a smartphone at all.

Re:Apple is beside itself on this one. (0)

Anonymous Coward | more than 2 years ago | (#40706705)

The new permissions in iOS5 and iOS 6; location services, photo library, contacts, are giving freedom and privacy to users.

Re:Apple is beside itself on this one. (0)

cpu6502 (1960974) | more than 2 years ago | (#40705209)

>>>makes them billions of dollars

Doesn't Apple give-away lots of free apps? (Like how B&N and amazon give-away lots of free kindlebooks.)

Re:Apple is beside itself on this one. (0)

Anonymous Coward | more than 2 years ago | (#40706205)

What the fuck does this response have to do with what the GP post? It's entirely possible to make billions of dollars *and* give away free apps.

Re:Apple is beside itself on this one. (3, Insightful)

Anonymous Coward | more than 2 years ago | (#40704693)

doy

sell someone an image to buy into and they become your slave

Apple has been selling an image for a long time, hence all the "Religion of Steve" jokes

Re:Apple is beside itself on this one. (0)

Anonymous Coward | more than 2 years ago | (#40705695)

It's probably not what the linux zealots think. Apple prohibits "doing stuff to other apps" pretty much.

Although the information discovered is ultimately more useful to Apple itself than it is to the end user. What would be a more likely scenario is that Apple may update the iOS and the SDK's to prevent the very kind of security breeches that these apps permit. Particularly the "unencrypted over wifi" aspect and "can read your contacts"

If an app can read your contacts without permission, that means it's a bad app. If it's sending data unencrypted, then it's just a poorly programed app. It's not like you can't make a bad app with Flash CS5 or Corona compiled to iOS.

rotten (3, Informative)

harvey the nerd (582806) | more than 2 years ago | (#40704653)

Somebody doesn't like potential victims to watch back. Wonder if this is really a rotten Apple, a big teleco-ISP, or perhaps NSA.

Re:rotten (3, Interesting)

viperidaenz (2515578) | more than 2 years ago | (#40704703)

Why can't it be all 3? It definitely requires a rotten Apple though as they are doing the dirty work

Re:rotten (4, Insightful)

RLBrown (889443) | more than 2 years ago | (#40704831)

Dirty work? Do not be so sure. The article raises the possibility that Apple did not like the Clueful app because it discloses to users that some developers are in fact evil. But then this possibility is knocked down as not being likely. So we are left with a big question as to why the Clueful app was pulled. The most likely reason is that the app fell into a technical TOS violation, something that is prohibited but in this case would have in fact been okay. Perhaps because the app sends user data back to the developer? Even if that was done for benign and beneficial use, it could still be a TOS violation. Let's not conjure up headlines. I know a lot of developers do not like the walled garden, but after the "Find and Call" incident, maybe users view the wall in a different light.

Re:rotten (3, Insightful)

amicusNYCL (1538833) | more than 2 years ago | (#40705953)

The article raises the possibility that Apple did not like the Clueful app because it discloses to users that some developers are in fact evil.

Wouldn't that be a good way to weed out those developers? You're suggesting that Apple may prefer that people don't know which developers are the evil ones?

The most likely reason is that the app fell into a technical TOS violation

Why is that the most likely reason, as opposed to Apple just not liking the transparency that the app provides?

Perhaps because the app sends user data back to the developer?

Plenty of apps do that. Bitdefender says that 20% of apps they've studied send user data to the internet without notifying the user.

Let's not conjure up headlines.

What choice do we have? Apple put Bitdefender under a NDA regarding the removal, and Apple themselves won't justify why they did it unless they're basically forced to. We have no choice but to speculate.

Re:rotten (5, Insightful)

fustakrakich (1673220) | more than 2 years ago | (#40706037)

We have no choice but to speculate.

Yep, and we should always assume the worst until they come clean. It's the only way to get a response.

Re:rotten (0)

Anonymous Coward | more than 2 years ago | (#40704857)

The Feds don't play well with others, unless they are like-minded (fascistic). This especially holds true for their wonderful full spectrum national security surveillance police state that they have erected in the USA.

IIRC, Steve Jobs was at one point "under the gun" regarding the sale of some stock or stock options. That difficulty went away. The Feds use whatever leverage they can, by whatever means necessary. I mean, it's not as if Apple makes $8 - 10 Bn software sales to the Federal government like Microsoft has done, for Apple to jump into bed with the Feds.

Consumers need to be wary about any high-tech gear that they buy, because there are sure to be back-doors left open for Big Brother. Such has been the state of telecommunications in the USA since the late 1940's, when "No Such Agency" and "Corporate Intelligence Agency" were founded.

Re:rotten (0)

Anonymous Coward | more than 2 years ago | (#40706687)

No, consumers need to do the exact opposite: Embrace the Surveillance! Whenever the government cross-references their databases, if you only leave a few tracks, some of them possibly of an illicit nature, you are going to stand out from the rest of the sheeple if you are singular, likely furtive in their view.

Instead what you do is to get in as many databases as possible, creating as much 'noise' as possible, with a certain element of randomness. For instance, having multiple accounts, credit/checking/saving, doing odd numbers of transactions, in odd amounts, and randomizing which account is used where will not only confuse the government, but it will thoroughly confuse the marketers as well.

I do this with everything. Profession, level of profession, phone number, you get the idea. If you are interested in who has caused what to be sent to you online or off, use these with an encoded address (still readable by delivery service of choice, of course) to get a handle on who sold you, when. It also throws noise into the databases.

Due to my security clearance level, I am completely subject to monitoring anytime, any place, for life. And they can yank me right back if they want to with one signature. This is the only approach that actually makes sense now.

Now go out and kick some sand into the gears of government ;-).

Re:rotten (0)

Anonymous Coward | more than 2 years ago | (#40707273)

Damn. You have convinced me. 'm going to run right out and join the dark side, embrace the horror.

That beats the heck out of growing a beard, wearing a sack-cloth & sandals, and living in a cave.
With any luck, that $5.00 contribution I make to the Obama Committee to Re-Elect the President will turn into an all expenses-paid dinner in the White House with Barry Big Brother & family.

Thanks, comrade.

Re:rotten (0)

Anonymous Coward | more than 2 years ago | (#40704863)

If you like, I can search the web for a picture of a stallion.

Re:rotten (1)

lexsird (1208192) | more than 2 years ago | (#40704841)

Oh snap! Rotten Apple, that is their new name for me.

Re:rotten (1)

Tough Love (215404) | more than 2 years ago | (#40705311)

OK, I'll bite....

spit spit

Re:rotten (0)

Anonymous Coward | more than 2 years ago | (#40705279)

How did Clueful track its users? It would be ironic if the owner's information was being uploaded to a Romanian server for tracking.

Re:rotten (5, Interesting)

dracocat (554744) | more than 2 years ago | (#40705315)

This is probably nothing more than the app had to have broken out of its sandbox. There should not have been a way for the app to monitor what other apps were doing without doing something disallowed by Apple.

Not saying I don't want this app, or that some arrangement/exclusion shouldn't be reached by the two companies (perhaps with a code review to make sure everything they are doing outside of the sandbox is benign), but I don't think this is a big conspiracy.

Just simply Apple continuing in its tunnel vision of not allowing apps full freedom on its phone.

Would definitely install this app if it was brought back. Perhaps release code so we can install it ourselves?

Re:rotten (3, Interesting)

MBCook (132727) | more than 2 years ago | (#40705559)

That's kind of what I was wondering, unless the app is simply a searchable catalog of the apps they have previously studied.

I'm curious how apps get your location without your knowledge? The first time an app asks you're supposed to get the location services popup, and whenever your location is being accessed you're supposed to get the little location arrow in the status bar at the top of the phone.

As much as I love my iPhone, I'm glad to get Apple get embarrassed by some of this stuff. The fact that many games were taking your phonebook simply because they could and sending it to the developer's servers was insane.

Re:rotten (1)

Anonymous Coward | more than 2 years ago | (#40708159)

The app itself doesn't do anything to check on other apps, it only looks up the app name in a database. I think it doesn't even work without Internet (the DB is not in the app itself).

Re:rotten (0)

Anonymous Coward | more than 2 years ago | (#40708429)

I don't think you can even get the name of other apps installed without breaking out of the sandbox... but I could be wrong...

Re:rotten (1)

Anonymous Coward | more than 2 years ago | (#40706393)

I seriously doubt the NSA has anything to do with this.

This is more than likely developers complaining about their source of revenue drying up as people can no longer be marketed as products to the advertisers, and Apple saying okay okay we'll pull it.

If the NSA wanted, they could just turn on your cellphone mic remotely and eavesdrop [kde.org]
 

Re:rotten (0)

Anonymous Coward | more than 2 years ago | (#40707249)

NDA wasn't a typo - that's a non-disclosure agreement, nobody said the NSA disliked the app.

Re:rotten (1, Informative)

TheRecklessWanderer (929556) | more than 2 years ago | (#40706567)

YOU must all bow down to the mighty apple and do what we say. We are the mighty overlords and our word is as law. We will use the courts to crush the small or inconvenient until we are the All and then we will rule the world. Ahem...We mean...Buy Apple, we are nice and ethical.

Not what I signed up for (0)

Anonymous Coward | more than 2 years ago | (#40704669)

Damn, I wish I knew about that and installed it. All this surveillance, whether government or private, is really starting to creep me out. I don't want to live in a surveillance society. I will to live in place where people can live private lives free from scrutiny simply on the basis that it's none of their god-damned business.

Re:Not what I signed up for (5, Informative)

Anonymous Coward | more than 2 years ago | (#40705061)

Even without the app, after I JB-ed my device and started running PMP (Protect My Privacy), and Firewall IP, two apps available from Cydia, it was an eye-opener.

I ran a news app. It connected to an insane amount of ad, behaviorial targeting, monitoring, tracking, and other sites that had zilch to deal with news, and all to deal with obtaining what the user has. Eventually, I just allowed it to connect to its own sites and blacklisted everything else.

I fired up another app. It didn't just want contacts, it wanted in one's music collection, and connected to all kinds of sites, none relevant in any way to what it was doing.

Apple needs to revisit iOS's security model. Because Apple does a damn good job at stopping most stuff before it gets on the App Store, it has kept people safe for a while. However, iOS's security allows an app to do what it wants to except delete pictures once it gets installed on the device. The only time a user would get prompted is if the device was using the GPS or was going to use notifications. Other than that, it could slurp the contact list and use the phone as an outgoing spam machine.

Re:Not what I signed up for (3, Informative)

Kalriath (849904) | more than 2 years ago | (#40705753)

Access to contacts actually requires explicit authorisation too now. In the next software release anyway.

Re:Not what I signed up for (0)

Anonymous Coward | more than 2 years ago | (#40708399)

I see, so am I supposed to be happy to find out that Apple is fixing this minor oversight that persisted in versions 1-5, after they sold the privilege of collecting my personal data to anyone who 'registered' as a developer?

If the good folks at Apple didn't understand that this is a fundamental breach of trust, then AT&T certainly should have... Wait, they're the ones responsible for colluding with the CIA for all those years between the end of WWII and the assassination of Martin Luther King, Jr that resulted in the passage of the FISA laws?

Oh, wait... that was the original AT&T, this is really Cingular.

Whew! I was confused there for a moment. Cingular are the good guys. The ones who are really 3 of the 7 Regional Bell Operating Companies that were broken out of the DOJ's antitrust lawsuit against AT&T.

They must have been the good ones or they wouldn't have been able to reconstitute themselves, buy Ameritech and decide that they could partner with Apple to bring us all the goodness in that shiny flashy new Gorilla Glassed case full of wide open (for a price) intrusion into every aspect of your day-to-day telecommunications.

*pauses to answer a knock at the door*

I'm sorry, I'll have to continue this later. ATM I'm being asked to come quietly and answer a few questions, at an undisclosed location.

Most of the app developers probably don't know (4, Insightful)

Anonymous Coward | more than 2 years ago | (#40704721)

That the ad library they embed is tracking the user location.

Re:Most of the app developers probably don't know (0)

Anonymous Coward | more than 2 years ago | (#40705003)

(posting AC to preserve mod points given) I have an iPhone myself, and while I know that I have very little control over what information gets shared with, well, whoever, I thought that the location info was still one of the few things that still needed to be explicitly requested before it could be tracked. At least with the apps themselves, that is the case. Are you saying that even among apps that don't ask for location info, it can still be used without my permission if they include the default iDevice ad libraries?

This is a very scary thought.

Re:Most of the app developers probably don't know (3, Informative)

Kalriath (849904) | more than 2 years ago | (#40705787)

If you embed iAds, it actually doesn't require your permission - as the setting controlling whether iAds is allowed your location is actually buried under Location Services > System Services (yes, the advertising is a system service). Third party advertising kits (AdMob, etc) do require your permission.

Re:Most of the app developers probably don't know (0)

Anonymous Coward | more than 2 years ago | (#40707259)

The important detail you're leaving out is that this location data isn't going to the developer.

Re:Most of the app developers probably don't know (1)

Kalriath (849904) | more than 2 years ago | (#40707531)

I figured it was implied. But yes, that's right. Presumably the BitDefender app only detected that location data was sent somewhere without considering where it went.

Sounds correct (4, Insightful)

freeweaver (2548146) | more than 2 years ago | (#40704725)

Of course, you understand this has nothing to do with privacy right? The app was pulled because it didn't conform to our freedom respecting terms & conditions.

That is, our freedom to collect all your data.

Re:Sounds correct (-1)

Anonymous Coward | more than 2 years ago | (#40705399)

You seem to be confusing Apple with Google. Apple doesn't get 99% of its revenue from tracking users. The ad revenue is peanuts to Apple.

Cydia (2)

Kernel Kurtz (182424) | more than 2 years ago | (#40704739)

Hope to see it there soon.

no problem... (0)

Anonymous Coward | more than 2 years ago | (#40704741)

Just check the box for an alternate app store, and install it from there

Oh, wait... never mind.

Yargh! (1)

Quiet_Desperation (858215) | more than 2 years ago | (#40704813)

It's unclear [why it was yanked], and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal.

But we're the tech community, dammit! We're going to assume the worst! Argh! Hate! Mbxpz! Grrr! Woof! Howl!

Re:Yargh! (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40705031)

So you think I should assume that Apple had my best interested at heart, and were protecting me from knowing too much?

Thanks! Glad I don't have to worry! Back to FOOTBALL!!!

NDA What? (4, Insightful)

sir-gold (949031) | more than 2 years ago | (#40704835)

What kind of NDA do they have that keeps them from saying why it was pulled? (or do they have a "fight club" NDA prohibiting them from talking about the NDA?)

Does Apple make every iOS developer sign an NDA, or only the security researchers.

Something doesn't add up here.

Re:NDA What? (3, Interesting)

Anonymous Coward | more than 2 years ago | (#40704919)

The Federal government routinely (anymore) uses National Security Letters to shred the entire Bill of Rights, and one of the provisions of NSLs is an NDA. After the Patriot Act was passed, anyone violating that NDA risked going to prison. Today, they can just disappear.

I small a rotten fish, not Apple, at the core of this particular "incident", a rotten fish wrapped in an old Washington Post newspaper, if you know what I mean.

Re:NDA What? (2)

Raenex (947668) | more than 2 years ago | (#40705853)

The Federal government routinely (anymore) uses National Security Letters to shred the entire Bill of Rights, and one of the provisions of NSLs is an NDA.

Before anybody gets too excited about this theory, from the second sentence in the article: "Dubbed 'Clueful' by Bucharest, Romania-based Bitdefender [..]"

Re:NDA What? (0)

Anonymous Coward | more than 2 years ago | (#40705959)

And if I recall correctly, Romania is in line to join both NATO and the EU.

So, there wouldn't be any bit of USA official presence in Romania (like the FBI), nor the available political pressure to coerce a Romanian-based company into compliance with Big Brother's wishes. Nor would there be any pressure that could be applied to this firm, say for instance, regarding arresting their in-country corporate presence or freezing their bank accounts. /snark

Re:NDA What? (1)

hvm2hvm (1208954) | more than 2 years ago | (#40708221)

We *are* in NATO and in the EU already. And yeah, they do whatever they want to us. There are US military bases and EU regulations that don't take into account the way people live around here. E.g. they make sheperds transport sheep in cramped up trucks because moving by foot for a few days would be too "traumatizing" for the poor critters.

Re:NDA What? (0)

Anonymous Coward | more than 2 years ago | (#40707721)

So? (Probably more than) half the governments of the ex-Soviet-Union and Arabic states are under US control. Or did you miss that whole "orange revolution" scandal? (Yes, the other half is probably under Russian control.)

Also, with things like secret US gulags in Poland, it's really meaningless where it is made to originate from.

Re:NDA What? (0)

Anonymous Coward | more than 2 years ago | (#40705203)

All iOS developers sign an NDA, this is common knowledge, why is it modded up.

Re:NDA What? (0)

Anonymous Coward | more than 2 years ago | (#40706181)

All iOS developers sign an NDA, this is common knowledge

The first rule in the NDA is that you don't talk about the NDA. So no, it isn't common knowledge, or at least wasn't until you broke the NDA. Expect some fruity lawyers on your doorstep first thing in the morning.

Re:NDA What? (1)

amicusNYCL (1538833) | more than 2 years ago | (#40705985)

What kind of NDA do they have that keeps them from saying why it was pulled?

Probably the kind of NDA that keeps them from saying why it was pulled. As in, "we're pulling your app, if you want to know why sign here."

Re:NDA What? (3, Informative)

stephanruby (542433) | more than 2 years ago | (#40706489)

Well technically, the NDA has been dropped, but...

Relenting to pressure from the developer community, Apple has dropped the NDAs that developers were required to agree to when they submitted their applications for consideration on the iPhone App Store.

In a statement on its Web site, Apple states, "The NDA has created too much of a burden on developers, authors and others interested in helping further the iPhone's success, so we are dropping it for released software."

The previous version of the NDA [pcmag.com] required that a developer not discuss the reasons that its app may have been declined, and restricted developers from publicly rebutting Apple's refusal or dissecting the denial notification that Apple sent them. The revised NDA allows developers to publicly comment on the reasons their app was accepted or declined, and it allows developers to state that they've submitted an app for consideration--but unreleased software currently under review is still covered by the NDA, and Apple has asked developers not to comment on applications currently being considered for the App Store.

http://www.pcmag.com/article2/0,2817,2331498,00.asp [pcmag.com]

...but as the New York Times knows already (and every news outlet knows as well). There does not need to be an NDA in place for Apple to place you permanently in their penalty box [dailytech.com] .

So I'd say the Bitdefender company definitely made the right call on this one, especially if it intends to have continued special access to the Apple ecosystem. The huge beast is quick-tempered and bears long grudges. It's best to say nothing that could potentially upset it.

Sounds like scare-ware to me (-1, Troll)

cdrguru (88047) | more than 2 years ago | (#40704843)

The problem with this sort of app is it is delivering information based on some probing and some guesses but has no idea what is being done with the information. Not knowing anything about Clueful I can only guess they are looking for API calls that would tend to indicate certain behaviors are present in an app.

The first caution therefore is that because an API call is present in an app there is nothing whatsoever to indicate when or how it is being used, if it is being used at all. Therefore we are talking about possibilities and potentialialities, not facts.

Some of the other "information" that is being dredged up seems questionable as well. How the heck does this outside app know what is being encrypted or not? API call search again? Examination of the data being sent to see if it "looks" encrypted? I don't know how you do that in an accurate and reliable manner. So again it is guesswork with perhaps some foundation to it but certainly not accurate.

Encryption of information on the device itself is again tough to determine accurately. If an app is storing a binary file in the Documents folder does that count as encrypted? What if it is a text file in the Cache folder that is data scraped from a public web site? Does that count as storing unencrypted information?

I can think of about 100 reasons why this app is misleading and simply some kind of scareware. It has some foundation for the information it is displaying but this information cannot be trusted to be reliable. With all the stuff in the Apple App Store I can imagine there are a few that have significant funding behind them with people that would be plenty pissed about Clueful misidentifying their app's behavior. And that is going to go right back to Apple in a big way. No doubt someone already called them on it and this is why it was pulled.

Re:Sounds like scare-ware to me (5, Insightful)

Anonymous Coward | more than 2 years ago | (#40704917)

The problem with this sort of app is it is delivering information based on some probing and some guesses but has no idea what is being done with the information. Not knowing anything about Clueful I can only guess they are looking for API calls that would tend to indicate certain behaviors are present in an app.

The first caution therefore is that because an API call is present in an app there is nothing whatsoever to indicate when or how it is being used, if it is being used at all. Therefore we are talking about possibilities and potentialialities, not facts.

Emphasis mine. There is no problem with this sort of application. This is exactly the reason the application exists, to inform you that you have no idea what is being done with the information.

Seems like you're either a shill, or completely missed the point that such applications and users of such applications have a desire to know more (than apparently 40% of the other applications aren't telling).

Re:Sounds like scare-ware to me (5, Insightful)

Halo1 (136547) | more than 2 years ago | (#40704993)

The problem with this sort of app is it is delivering information based on some probing and some guesses but has no idea what is being done with the information. Not knowing anything about Clueful ...

Not knowing anything about Clueful, you spend 5 paragraphs criticising the developers of that application for presenting information that may not be 100% correct. You need to look up the definition of "irony" and do it fast, because I feel a new one is in the making.

Re:Sounds like scare-ware to me (1)

Tough Love (215404) | more than 2 years ago | (#40705343)

But immediately gets modded to the max. See "rotten apple" above.

Re:Sounds like scare-ware to me (2)

jxander (2605655) | more than 2 years ago | (#40705345)

Ignorance is no excuse for sloppy programming. If you're an App Developer, it's your responsibility to make a solid and secure app.

If you cannot make your app solid and secure (i.e. by eliminating random location checks) then the users deserve to know of your incompetence.

Re:Sounds like scare-ware to me (1)

CCarrot (1562079) | more than 2 years ago | (#40705365)

The first caution therefore is that because an API call is present in an app there is nothing whatsoever to indicate when or how it is being used, if it is being used at all. Therefore we are talking about possibilities and potentialialities, not facts.

Indeed. That is why this app is a good thing. If there are API calls in there that don't have any apparent relation to the app's purported function, then the developer had better be prepared to explain exactly why that call is in there, and what it is doing with the information. If they aren't doing anything with it, then they'd still better have an extremely good reason for pulling it, not "well, we might need it for future planned features". If they need the info in the future, then they adjust their permissions requests with the user's consent before pulling the info.

Transparency, it's not just for Saran Wrap anymore. (was going to say 'windows', but the irony in that statement just almost knocked me over...)

Re:Sounds like scare-ware to me (3, Interesting)

jmerlin (1010641) | more than 2 years ago | (#40705633)

It doesn't matter. Perhaps this tool doesn't go far enough. DTrace provides you direct insight into what's going on, and you have access to enough syscalls to actually figure out what's being done with information, too. I'd love a full DTrace on my iPhone and an app that's set up to periodically watch apps to see if they're doing anything weird. I audit software like this on my Linux and Windows systems ALL the time. I've even made basic binary instrumentation tools to automatically instrument binary libraries (imports/exports) to get more application-specific information. It's amazing to see what some applications do with your information. Unless we require software vendors to disclose every I/O action that a piece of software can possibly make (and what the purpose of such an action is) truthfully, which will never be a requirement, we need tools like this. The certainty is a non-factor. It simply shows you that an application accesses something.

For instance, if my instant messaging program is accessing my recent internet history from Internet Explorer or Chrome, I'm going to get really, REALLY skeptical that it has any business whatsoever looking at that. It doesn't matter if there's a legitimate reason for it.

Uunbeknownst? (3, Informative)

Anubis IV (1279820) | more than 2 years ago | (#40704871)

including the fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them.

Unless they're doing something shady with private APIs or the like, I don't see how this is possible considering an app has to ask permission to enable location tracking, and the user can both see which applications they've granted it to and which ones have used it in the last 24 hours by going to their general settings.

I think what they really mean is, "We have nothing to lose after having our app pulled, so let's burn bridges by pretending that user's don't explicitly give permission for location tracking and saying that every app that tracks location is doing it behind the user's backs."

Also, what's up with both links in the summary going to the same article?

preface: I'm not an IOS programmer... (1)

logicassasin (318009) | more than 2 years ago | (#40705309)

... however, does an app HAVE to ask permission in order to enable that functionality? Up front, I would imagine that an attempt to access a feature via API call that the info box would automatically pop up to grant permission, but can this be suppressed? And further, if it can be suppressed, can the user input be mimicked or a bit set to say "the user is ok with this"?

This is just my tin-foil hat I-haven't-programmed-anything-since-my-old-Amiga rant, but it seems like it could be plausible.

Re:preface: I'm not an IOS programmer... (4, Informative)

Anubis IV (1279820) | more than 2 years ago | (#40705441)

Yes, they have to ask. The prompt is generated automatically in response to their request for location data, as you suggested, and suppressing it would do no good, since apps are sandboxed, meaning that they have no other recourse if the user denies the prompt or never sees it in the first place. I'm not aware of any way around it, and I seriously doubt there's a way around that's in use by a double-digit percentage of apps but has not yet been discovered by Apple and eliminated.

Re:preface: I'm not an IOS programmer... (3, Insightful)

Kalriath (849904) | more than 2 years ago | (#40705823)

The exception is if they have iAds embedded, as iAds has location services enabled for it specifically. He was probably seeing the results of the iAds system pulling location details so it can get location-based adverts.

Re:preface: I'm not an IOS programmer... (1)

R3d M3rcury (871886) | more than 2 years ago | (#40706451)

The prompt is generated automatically in response to their request for location data, as you suggested [...]

Can you talk to the hardware?

I remember seeing iPhone apps way back when that appeared to do this in order to query information from the GPS like what satellites it was using, etc. It was awhile ago and maybe these were jailbroken apps...

Re:preface: I'm not an IOS programmer... (1)

jxander (2605655) | more than 2 years ago | (#40706171)

Yes, an app MUST ask for permission ... but how many users read those popups?

"This app would like.." yes yes whatever, just shutup and let me fling birds at pigs!

Question (0)

Anonymous Coward | more than 2 years ago | (#40704881)

It's unclear [why it was yanked], and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal.

Why is this allowed? Corporations shouldn't be allowed to violate freedom of speech. I think its high time the First Amendment was updated to reflect the realities of the modern world.

Who's that? (5, Funny)

Sponge Bath (413667) | more than 2 years ago | (#40704907)

That's Clueful, he fights for the iUsers.

Re:Who's that? (1)

Nyder (754090) | more than 2 years ago | (#40705609)

That's Clueful, he fights for the iUsers.

and to be out of mod points, damn you MCP!!!!

In the know... (2)

ras (84108) | more than 2 years ago | (#40704969)

Does this mean the difference between Android malware and iOS malware is you know what information the Android malware is stealing?

Re:In the know... (1)

Anonymous Coward | more than 2 years ago | (#40705089)

Yeah but you don't even have the illusion that you can do anything about it. At the very least, iDevices give you the illusion of being able to disable location tracking on a per-app basis, and at best, they actually let you do that.

Re:In the know... (0)

Anonymous Coward | more than 2 years ago | (#40705197)

Disable location in the settings. The apps that use it will prompt. If this isn't the case, 90% of the apps I've checked out prompt for location info. Does that mean the rest use it but don't prompt for it? Along the same lines of thought, why do so many single player games and file-handling apps use locations?

Apple Yanks? (1)

dohzer (867770) | more than 2 years ago | (#40705237)

It's a bit harsh to call them that!

Walled Garden (4, Insightful)

Adrian Lopez (2615) | more than 2 years ago | (#40705241)

I'm not at all unsympathetic, but that's what you get when you develop for a "curated" platform.

Re:Walled Garden (0)

Anonymous Coward | more than 2 years ago | (#40706689)

So these developers galled the warden, eh?

Either the user controls the program (0)

Anonymous Coward | more than 2 years ago | (#40705245)

Or the program controls the user

Has Apple got something to hide? (1)

Tough Love (215404) | more than 2 years ago | (#40705289)

Just asking the obvious.

Public Service Announcement (0, Troll)

PopeRatzo (965947) | more than 2 years ago | (#40705303)

Just a reminder for anyone who's been on vacation the past few weeks:

Apple products are no longer cool. And increasingly, owning an Apple product makes you a big douchebag.

Be advised. You don't want to buy a new iPhone or iPad and then find out that everyone looks at you like a huge loser for supporting a company that doesn't want you to be able to find out what they are doing with your information.

unbeknownst to them? (0)

Anonymous Coward | more than 2 years ago | (#40705317)

It's impossible to get geo information from CoreLocation without the user tapping the "Allow" button that's presented by iOS which asks them if the app wants to use it's location.

These are a ton of privacy issues with apps, but this assertion that users are having their location used without their knowledge is just sensational, inaccurate reporting.

Re:unbeknownst to them? (3, Informative)

Kalriath (849904) | more than 2 years ago | (#40705945)

Not entirely. iAds can get your location without permission because it has a completely separate pre-approved entry under System Services to do it. So if the app uses iAds, it will appear to get your location without asking for it (even though only iAds has access to it).

my app doesn't (0)

Anonymous Coward | more than 2 years ago | (#40705491)

[itunes.apple.com/us/app/dredging-toolbox/id458919054?mt=8]
While of questionable use to anyone not in the dredging community, my app does exactly what it says nothing more.

Really the App world needs to be opened to public code reviews and open source policy.
If it's a walled garden then apple should have been protecting us from these obvious malware attempts.

Re:my app doesn't (0)

Anonymous Coward | more than 2 years ago | (#40705525)

way to suck at links AC

Just a random thought (1)

LiroXIV (2362610) | more than 2 years ago | (#40705791)

Has anyone considered that Apple might be pulling a Siri here and acquiring it?

Re:Just a random thought (1)

amicusNYCL (1538833) | more than 2 years ago | (#40706023)

Apple adding a feature to their phone that makes the actions and transgressions of other apps much more transparent? No, I don't think anyone has seriously considered that.

Re:Just a random thought (1)

LiroXIV (2362610) | more than 2 years ago | (#40707659)

Well, this appears to be quite similar to the type of permission stuff we see in Android, except more. If Apple is always trying to one-up them, this is a logical progression

Get more info on the 2600 magazine summer 2012 (0)

Anonymous Coward | more than 2 years ago | (#40706041)

There is an article on a nice individual that took the time to check this issue out.

Deja vu (2)

fustakrakich (1673220) | more than 2 years ago | (#40706285)

all over again? [wifinetnews.com]

There's probably more one than write up in Slashdot, but I couldn't find the one I was looking for

Other reason for it being pulled (2)

Bogtha (906264) | more than 2 years ago | (#40706337)

an iOS App that helps identify potentially intrusive applications and show users what they do behind their back

Apple don't typically allow you to snoop on what other applications are doing. Applications are supposed to be sandboxed to prevent this. I would assume that there's a far more mundane reason for banning this application - that it was doing things it wasn't supposed to be doing.

Re:Other reason for it being pulled (1)

R3d M3rcury (871886) | more than 2 years ago | (#40706485)

So let me get this straight: This app managed to break through the sandbox and present that information? And, back in May, somebody approved this!?

Gee, I wonder what other apps that aren't so blatant about breaking through the sandbox got approved...

Interesting (3, Interesting)

wzinc (612701) | more than 2 years ago | (#40706371)

"The fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them."

...because iOS always asks on the first location look-up and it always shows the arrow/gps icon in the upper right. Also, you can shut off GPS app-by-app or for all in the prefs. If apps are somehow going around Apple's only way to access the GPS, they wouldn't be approved; this is impossible. Obviously, if BitDefender's app can tell that easily, Apple's screening process would detect a private API GPS call, and flag the app. A few falling through the cracks is one thing, but 41.1% is some type of sensationalism or scare-mongering (i.e. a lie). The only possibility of any truth is that "bad" apps send-out the wifi base station name or IP address and get a general location from that. They're not accessing the GPS without permission.

Re:Interesting (1)

Anonymous Coward | more than 2 years ago | (#40707617)

A large portion of the 41.4 percent must relate to iAds?

LOL (0)

Anonymous Coward | more than 2 years ago | (#40706669)

My Vampire friends ...........

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?