Forgot your password?
typodupeerror
IOS Iphone Privacy Apple Your Rights Online

Apple Yanks Privacy App From the App Store 136

Posted by timothy
from the earwigs-in-the-glass-garden dept.
wiredmikey writes "Back in May of this year, Internet security firm Bitdefender launched 'Clueful,' an iOS App that helps identify potentially intrusive applications and show users what they do behind their back, and giving users an inside look at all the information app developers can gather about a user. Seems legit, right? Apple doesn't think so. Or at least they have an issue with something behind the App that sparked them to pull it from the App Store. After initially reviewing and approving the App that was released on May 22, Apple has had a change of heart and has just removed the App from the AppStore. It's unclear [why it was yanked], and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal. Interestingly, Bitdefender did share some data that they gathered based on Clueful's analysis of more than 65,000 iOS apps so far, including the fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them."
This discussion has been archived. No new comments can be posted.

Apple Yanks Privacy App From the App Store

Comments Filter:
  • by sethstorm (512897) on Thursday July 19, 2012 @05:44PM (#40704641) Homepage

    Sounds like Apple wants to be on both sides of their 1984 commercial. Not only do they want to be on the side that "is different" while being on the side that hates freedom and privacy.

    • by zeroryoko1974 (2634611) on Thursday July 19, 2012 @05:45PM (#40704657)
      They want to be on the side that makes them billions of dollars a year
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Agreed... which if the average Joe valued his or her own privacy and freedom to control their own device, wouldn't be the side that makes billions of dollars a year. But unfortunately, Joe doesn't give a shit, so it is.

        • by tapspace (2368622) on Thursday July 19, 2012 @09:37PM (#40706685)

          Agreed... which if the average Joe valued his or her own privacy and freedom to control their own device, wouldn't be the side that makes billions of dollars a year. But unfortunately, Joe doesn't give a shit, so it is.

          I seriously hope you're not referring to android here. Yeah, I want my phone to a direct feed into the servers of the world's largest targeted marketing multinational. I have an iPhone specifically because it lacks Google integration. If the average Joe valued his or her privacy as much as this, he or she wouldn't own a smartphone at all.

          • by eWarz (610883)
            because you know, apple is waaay less profitable than google and doesn't use your information for nefarious means. Nevermind the fact that they are the most profitable company in the USA....
            • by Deorus (811828)

              because you know, apple is waaay less profitable than google and doesn't use your information for nefarious means. Nevermind the fact that they are the most profitable company in the USA....

              I'd be surprised if they used my information for "nefarious means", not only because they actually show me everything that's sent back to them, but also because that's not their business model.

          • by MrHanky (141717) on Friday July 20, 2012 @06:45AM (#40709417) Homepage Journal

            You could, of course, use Android without the Google integration (quite possible) or simply Something Else Entirely, like Meego, Symbian, Bada, WebOS, Blackberry or whatever. Choosing the iPhone for your privacy is just plain moronic.

            • by tapspace (2368622)

              You could, of course, use Android without the Google integration (quite possible) or simply Something Else Entirely, like Meego, Symbian, Bada, WebOS, Blackberry or whatever. Choosing the iPhone for your privacy is just plain moronic.

              Modded up without citation because you take the anti-Apple position. Look, smart phones are tracking you. Period. To pretend that somehow the iPhone is terrible and all those others aren't is just naive. Locking down the iPhone is at least as easy as locking down an Android phone. I would guess easier. Jailbreaking is not a difficult process, and from there, you can install nice things like Firewall iP. I would guess that this is FAR easier than getting a nicely working Android image without all goog

              • by MrHanky (141717)

                Hm, I guess you are a moron, and an Apple fanboi to boot, getting all defensive about Android, since it was one of six examples. Honest with yourself? No.

              • by dwightk (415372)

                " ...you pretty much have to forgo a smartphone."

                should be

                "...you have to forgo a cellphone."

      • by cpu6502 (1960974)

        >>>makes them billions of dollars

        Doesn't Apple give-away lots of free apps? (Like how B&N and amazon give-away lots of free kindlebooks.)

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      doy

      sell someone an image to buy into and they become your slave

      Apple has been selling an image for a long time, hence all the "Religion of Steve" jokes

  • rotten (Score:4, Informative)

    by harvey the nerd (582806) on Thursday July 19, 2012 @05:45PM (#40704653)
    Somebody doesn't like potential victims to watch back. Wonder if this is really a rotten Apple, a big teleco-ISP, or perhaps NSA.
    • Re:rotten (Score:4, Interesting)

      by viperidaenz (2515578) on Thursday July 19, 2012 @05:49PM (#40704703)
      Why can't it be all 3? It definitely requires a rotten Apple though as they are doing the dirty work
      • Re:rotten (Score:4, Insightful)

        by RLBrown (889443) on Thursday July 19, 2012 @06:01PM (#40704831) Homepage
        Dirty work? Do not be so sure. The article raises the possibility that Apple did not like the Clueful app because it discloses to users that some developers are in fact evil. But then this possibility is knocked down as not being likely. So we are left with a big question as to why the Clueful app was pulled. The most likely reason is that the app fell into a technical TOS violation, something that is prohibited but in this case would have in fact been okay. Perhaps because the app sends user data back to the developer? Even if that was done for benign and beneficial use, it could still be a TOS violation. Let's not conjure up headlines. I know a lot of developers do not like the walled garden, but after the "Find and Call" incident, maybe users view the wall in a different light.
        • Re:rotten (Score:4, Insightful)

          by amicusNYCL (1538833) on Thursday July 19, 2012 @07:54PM (#40705953)

          The article raises the possibility that Apple did not like the Clueful app because it discloses to users that some developers are in fact evil.

          Wouldn't that be a good way to weed out those developers? You're suggesting that Apple may prefer that people don't know which developers are the evil ones?

          The most likely reason is that the app fell into a technical TOS violation

          Why is that the most likely reason, as opposed to Apple just not liking the transparency that the app provides?

          Perhaps because the app sends user data back to the developer?

          Plenty of apps do that. Bitdefender says that 20% of apps they've studied send user data to the internet without notifying the user.

          Let's not conjure up headlines.

          What choice do we have? Apple put Bitdefender under a NDA regarding the removal, and Apple themselves won't justify why they did it unless they're basically forced to. We have no choice but to speculate.

          • Re:rotten (Score:5, Insightful)

            by fustakrakich (1673220) on Thursday July 19, 2012 @08:04PM (#40706037) Journal

            We have no choice but to speculate.

            Yep, and we should always assume the worst until they come clean. It's the only way to get a response.

            • by sirlark (1676276)
              +1 Agree Wholeheartedly
            • by camperslo (704715)

              We have no choice but to speculate.

              Adding the NDA really fuels the Streisand effect behind that too. It suggests that the app does something, or comes too close to doing something, too powerful... They don't want an app out there that could sniff in-app purchase transaction data. The apps really ought to be totally fire-walled from each other, especially if whatever it monitored can be mirrored to a 3rd party remote location as well as reported to the user. It didn't say whether it just detected system calls or read actual data. I'm as

        • by Fnord666 (889225)

          The most likely reason is that the app fell into a technical TOS violation,

          I disagree. The fact that the details behind the removal was covered by an NDA somehow seems to indicate something deeper. Many apps are rejected and a few have been removed for TOS violations. I don't recall an NDA covering them. I'm interested in how Apple was somehow able to force an NDA over something like this. Do developers have to agree to something like this before submitting an app to the app store, or did Apple "suggest" that future submissions would not get approved if they talked about thi

    • by lexsird (1208192)

      Oh snap! Rotten Apple, that is their new name for me.

    • Re:rotten (Score:5, Interesting)

      by dracocat (554744) on Thursday July 19, 2012 @06:56PM (#40705315)

      This is probably nothing more than the app had to have broken out of its sandbox. There should not have been a way for the app to monitor what other apps were doing without doing something disallowed by Apple.

      Not saying I don't want this app, or that some arrangement/exclusion shouldn't be reached by the two companies (perhaps with a code review to make sure everything they are doing outside of the sandbox is benign), but I don't think this is a big conspiracy.

      Just simply Apple continuing in its tunnel vision of not allowing apps full freedom on its phone.

      Would definitely install this app if it was brought back. Perhaps release code so we can install it ourselves?

      • Re:rotten (Score:4, Interesting)

        by MBCook (132727) <foobarsoft@foobarsoft.com> on Thursday July 19, 2012 @07:17PM (#40705559) Homepage

        That's kind of what I was wondering, unless the app is simply a searchable catalog of the apps they have previously studied.

        I'm curious how apps get your location without your knowledge? The first time an app asks you're supposed to get the location services popup, and whenever your location is being accessed you're supposed to get the little location arrow in the status bar at the top of the phone.

        As much as I love my iPhone, I'm glad to get Apple get embarrassed by some of this stuff. The fact that many games were taking your phonebook simply because they could and sending it to the developer's servers was insane.

        • by Anonymous Coward
          The app itself doesn't do anything to check on other apps, it only looks up the app name in a database. I think it doesn't even work without Internet (the DB is not in the app itself).
    • by Anonymous Coward

      I seriously doubt the NSA has anything to do with this.

      This is more than likely developers complaining about their source of revenue drying up as people can no longer be marketed as products to the advertisers, and Apple saying okay okay we'll pull it.

      If the NSA wanted, they could just turn on your cellphone mic remotely and eavesdrop [kde.org]
       

    • Re: (Score:2, Informative)

      YOU must all bow down to the mighty apple and do what we say. We are the mighty overlords and our word is as law. We will use the courts to crush the small or inconvenient until we are the All and then we will rule the world. Ahem...We mean...Buy Apple, we are nice and ethical.
  • by Anonymous Coward on Thursday July 19, 2012 @05:51PM (#40704721)

    That the ad library they embed is tracking the user location.

  • Sounds correct (Score:4, Insightful)

    by freeweaver (2548146) on Thursday July 19, 2012 @05:51PM (#40704725)

    Of course, you understand this has nothing to do with privacy right? The app was pulled because it didn't conform to our freedom respecting terms & conditions.

    That is, our freedom to collect all your data.

  • by Kernel Kurtz (182424) on Thursday July 19, 2012 @05:53PM (#40704739) Homepage
    Hope to see it there soon.
  • It's unclear [why it was yanked], and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal.

    But we're the tech community, dammit! We're going to assume the worst! Argh! Hate! Mbxpz! Grrr! Woof! Howl!

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      So you think I should assume that Apple had my best interested at heart, and were protecting me from knowing too much?

      Thanks! Glad I don't have to worry! Back to FOOTBALL!!!

    • by mcgrew (92797) *

      Apple needs to explain, otherwise assuming the worst is warranted. And your insult to nerds was a bit flamebaitish, Mr. Fanboi.

      • Ooo! Good catch. Forgot that one, too. Fanboi labels for all who dare not agree!

        And your insult to nerds

        Oh, please. The geekverse has become an intellectual cesspit.

  • NDA What? (Score:5, Insightful)

    by sir-gold (949031) on Thursday July 19, 2012 @06:02PM (#40704835)

    What kind of NDA do they have that keeps them from saying why it was pulled? (or do they have a "fight club" NDA prohibiting them from talking about the NDA?)

    Does Apple make every iOS developer sign an NDA, or only the security researchers.

    Something doesn't add up here.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      The Federal government routinely (anymore) uses National Security Letters to shred the entire Bill of Rights, and one of the provisions of NSLs is an NDA. After the Patriot Act was passed, anyone violating that NDA risked going to prison. Today, they can just disappear.

      I small a rotten fish, not Apple, at the core of this particular "incident", a rotten fish wrapped in an old Washington Post newspaper, if you know what I mean.

      • by Raenex (947668)

        The Federal government routinely (anymore) uses National Security Letters to shred the entire Bill of Rights, and one of the provisions of NSLs is an NDA.

        Before anybody gets too excited about this theory, from the second sentence in the article: "Dubbed 'Clueful' by Bucharest, Romania-based Bitdefender [..]"

    • What kind of NDA do they have that keeps them from saying why it was pulled?

      Probably the kind of NDA that keeps them from saying why it was pulled. As in, "we're pulling your app, if you want to know why sign here."

    • Re:NDA What? (Score:4, Informative)

      by stephanruby (542433) on Thursday July 19, 2012 @09:03PM (#40706489)

      Well technically, the NDA has been dropped, but...

      Relenting to pressure from the developer community, Apple has dropped the NDAs that developers were required to agree to when they submitted their applications for consideration on the iPhone App Store.

      In a statement on its Web site, Apple states, "The NDA has created too much of a burden on developers, authors and others interested in helping further the iPhone's success, so we are dropping it for released software."

      The previous version of the NDA [pcmag.com] required that a developer not discuss the reasons that its app may have been declined, and restricted developers from publicly rebutting Apple's refusal or dissecting the denial notification that Apple sent them. The revised NDA allows developers to publicly comment on the reasons their app was accepted or declined, and it allows developers to state that they've submitted an app for consideration--but unreleased software currently under review is still covered by the NDA, and Apple has asked developers not to comment on applications currently being considered for the App Store.

      http://www.pcmag.com/article2/0,2817,2331498,00.asp [pcmag.com]

      ...but as the New York Times knows already (and every news outlet knows as well). There does not need to be an NDA in place for Apple to place you permanently in their penalty box [dailytech.com].

      So I'd say the Bitdefender company definitely made the right call on this one, especially if it intends to have continued special access to the Apple ecosystem. The huge beast is quick-tempered and bears long grudges. It's best to say nothing that could potentially upset it.

    • by watice (1347709)
      "If your app is rejected, we have a Review Board that you can appeal to. If you run to the press and trash us, it never helps." http://stadium.weblogsinc.com/engadget/files/app-store-guidelines.pdf [weblogsinc.com]
  • Uunbeknownst? (Score:4, Informative)

    by Anubis IV (1279820) on Thursday July 19, 2012 @06:06PM (#40704871)

    including the fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them.

    Unless they're doing something shady with private APIs or the like, I don't see how this is possible considering an app has to ask permission to enable location tracking, and the user can both see which applications they've granted it to and which ones have used it in the last 24 hours by going to their general settings.

    I think what they really mean is, "We have nothing to lose after having our app pulled, so let's burn bridges by pretending that user's don't explicitly give permission for location tracking and saying that every app that tracks location is doing it behind the user's backs."

    Also, what's up with both links in the summary going to the same article?

    • ... however, does an app HAVE to ask permission in order to enable that functionality? Up front, I would imagine that an attempt to access a feature via API call that the info box would automatically pop up to grant permission, but can this be suppressed? And further, if it can be suppressed, can the user input be mimicked or a bit set to say "the user is ok with this"?

      This is just my tin-foil hat I-haven't-programmed-anything-since-my-old-Amiga rant, but it seems like it could be plausible.

      • by Anubis IV (1279820) on Thursday July 19, 2012 @07:08PM (#40705441)

        Yes, they have to ask. The prompt is generated automatically in response to their request for location data, as you suggested, and suppressing it would do no good, since apps are sandboxed, meaning that they have no other recourse if the user denies the prompt or never sees it in the first place. I'm not aware of any way around it, and I seriously doubt there's a way around that's in use by a double-digit percentage of apps but has not yet been discovered by Apple and eliminated.

        • by Kalriath (849904) on Thursday July 19, 2012 @07:40PM (#40705823)

          The exception is if they have iAds embedded, as iAds has location services enabled for it specifically. He was probably seeing the results of the iAds system pulling location details so it can get location-based adverts.

        • The prompt is generated automatically in response to their request for location data, as you suggested [...]

          Can you talk to the hardware?

          I remember seeing iPhone apps way back when that appeared to do this in order to query information from the GPS like what satellites it was using, etc. It was awhile ago and maybe these were jailbroken apps...

      • by jxander (2605655)

        Yes, an app MUST ask for permission ... but how many users read those popups?

        "This app would like.." yes yes whatever, just shutup and let me fling birds at pigs!

  • Who's that? (Score:5, Funny)

    by Sponge Bath (413667) on Thursday July 19, 2012 @06:12PM (#40704907)
    That's Clueful, he fights for the iUsers.
    • by Nyder (754090)

      That's Clueful, he fights for the iUsers.

      and to be out of mod points, damn you MCP!!!!

  • by ras (84108) <russell-slashdot@s t u a r t.id.au> on Thursday July 19, 2012 @06:20PM (#40704969) Homepage

    Does this mean the difference between Android malware and iOS malware is you know what information the Android malware is stealing?

    • by Anonymous Coward

      Yeah but you don't even have the illusion that you can do anything about it. At the very least, iDevices give you the illusion of being able to disable location tracking on a per-app basis, and at best, they actually let you do that.

  • It's a bit harsh to call them that!
  • Walled Garden (Score:5, Insightful)

    by Adrian Lopez (2615) on Thursday July 19, 2012 @06:50PM (#40705241) Homepage

    I'm not at all unsympathetic, but that's what you get when you develop for a "curated" platform.

  • Just asking the obvious.

  • Has anyone considered that Apple might be pulling a Siri here and acquiring it?
    • Apple adding a feature to their phone that makes the actions and transgressions of other apps much more transparent? No, I don't think anyone has seriously considered that.

      • by LiroXIV (2362610)
        Well, this appears to be quite similar to the type of permission stuff we see in Android, except more. If Apple is always trying to one-up them, this is a logical progression
  • all over again? [wifinetnews.com]

    There's probably more one than write up in Slashdot, but I couldn't find the one I was looking for

  • by Bogtha (906264) on Thursday July 19, 2012 @08:42PM (#40706337)

    an iOS App that helps identify potentially intrusive applications and show users what they do behind their back

    Apple don't typically allow you to snoop on what other applications are doing. Applications are supposed to be sandboxed to prevent this. I would assume that there's a far more mundane reason for banning this application - that it was doing things it wasn't supposed to be doing.

    • So let me get this straight: This app managed to break through the sandbox and present that information? And, back in May, somebody approved this!?

      Gee, I wonder what other apps that aren't so blatant about breaking through the sandbox got approved...

  • Interesting (Score:4, Interesting)

    by wzinc (612701) on Thursday July 19, 2012 @08:45PM (#40706371)
    "The fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them."

    ...because iOS always asks on the first location look-up and it always shows the arrow/gps icon in the upper right. Also, you can shut off GPS app-by-app or for all in the prefs. If apps are somehow going around Apple's only way to access the GPS, they wouldn't be approved; this is impossible. Obviously, if BitDefender's app can tell that easily, Apple's screening process would detect a private API GPS call, and flag the app. A few falling through the cracks is one thing, but 41.1% is some type of sensationalism or scare-mongering (i.e. a lie). The only possibility of any truth is that "bad" apps send-out the wifi base station name or IP address and get a general location from that. They're not accessing the GPS without permission.
    • by Anonymous Coward

      A large portion of the 41.4 percent must relate to iAds?

  • ...to Cydia where sympathy for Apple's banhammer is found in the dictionary between shit and syphilis.
  • The only plausible explanation I see is that they were either hired by or are in negotiations with Apple. There is no other way Apple could force an NDA on them. The reason for pulling the app is probably the same as for pulling the original Siri app. Makes perfect sense for Apple to hire these people to help them screen apps, considering that they've both proven to be better at it than Apple themselves and that they're motivated.

The first version always gets thrown away.

Working...