Apple Yanks Privacy App From the App Store

wiredmikey writes "Back in May of this year, Internet security firm Bitdefender launched 'Clueful,' an iOS App that helps identify potentially intrusive applications and show users what they do behind their back, and giving users an inside look at all the information app developers can gather about a user. Seems legit, right? Apple doesn't think so. Or at least they have an issue with something behind the App that sparked them to pull it from the App Store. After initially reviewing and approving the App that was released on May 22, Apple has had a change of heart and has just removed the App from the AppStore. It's unclear [why it was yanked], and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal. Interestingly, Bitdefender did share some data that they gathered based on Clueful's analysis of more than 65,000 iOS apps so far, including the fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them."

Re:rotten

[viperidaenz]

Why can't it be all 3? It definitely requires a rotten Apple though as they are doing the dirty work

Re:NDA What?

[Anonymous Coward]

The Federal government routinely (anymore) uses National Security Letters to shred the entire Bill of Rights, and one of the provisions of NSLs is an NDA. After the Patriot Act was passed, anyone violating that NDA risked going to prison. Today, they can just disappear.

I small a rotten fish, not Apple, at the core of this particular "incident", a rotten fish wrapped in an old Washington Post newspaper, if you know what I mean.

Re:rotten

[dracocat]

This is probably nothing more than the app had to have broken out of its sandbox. There should not have been a way for the app to monitor what other apps were doing without doing something disallowed by Apple.

Not saying I don't want this app, or that some arrangement/exclusion shouldn't be reached by the two companies (perhaps with a code review to make sure everything they are doing outside of the sandbox is benign), but I don't think this is a big conspiracy.

Just simply Apple continuing in its tunnel vision of not allowing apps full freedom on its phone.

Would definitely install this app if it was brought back. Perhaps release code so we can install it ourselves?

Re:rotten

[MBCook]

That's kind of what I was wondering, unless the app is simply a searchable catalog of the apps they have previously studied.

I'm curious how apps get your location without your knowledge? The first time an app asks you're supposed to get the location services popup, and whenever your location is being accessed you're supposed to get the little location arrow in the status bar at the top of the phone.

As much as I love my iPhone, I'm glad to get Apple get embarrassed by some of this stuff. The fact that many games were taking your phonebook simply because they could and sending it to the developer's servers was insane.

Re:Sounds like scare-ware to me

[jmerlin]

It doesn't matter. Perhaps this tool doesn't go far enough. DTrace provides you direct insight into what's going on, and you have access to enough syscalls to actually figure out what's being done with information, too. I'd love a full DTrace on my iPhone and an app that's set up to periodically watch apps to see if they're doing anything weird. I audit software like this on my Linux and Windows systems ALL the time. I've even made basic binary instrumentation tools to automatically instrument binary libraries (imports/exports) to get more application-specific information. It's amazing to see what some applications do with your information. Unless we require software vendors to disclose every I/O action that a piece of software can possibly make (and what the purpose of such an action is) truthfully, which will never be a requirement, we need tools like this. The certainty is a non-factor. It simply shows you that an application accesses something.

For instance, if my instant messaging program is accessing my recent internet history from Internet Explorer or Chrome, I'm going to get really, REALLY skeptical that it has any business whatsoever looking at that. It doesn't matter if there's a legitimate reason for it.

Interesting

[wzinc]

"The fact that 41.4 percent of apps were shown to track a user's location unbeknownst to them."

...because iOS always asks on the first location look-up and it always shows the arrow/gps icon in the upper right. Also, you can shut off GPS app-by-app or for all in the prefs. If apps are somehow going around Apple's only way to access the GPS, they wouldn't be approved; this is impossible. Obviously, if BitDefender's app can tell that easily, Apple's screening process would detect a private API GPS call, and flag the app. A few falling through the cracks is one thing, but 41.1% is some type of sensationalism or scare-mongering (i.e. a lie). The only possibility of any truth is that "bad" apps send-out the wifi base station name or IP address and get a general location from that. They're not accessing the GPS without permission.