iPhone spyware

It's almost impossible to find this out unless:
a) you jailbreak the phone and run monitoring applications in the background
b) you run a wifi internet traffic proxy that provides confirmation that the addresses have been targetted. This doesn't stop the application from waiting until the phone is connected to the mobile operator (IIRC there's a way of finding out which is in use).
 
Tested list of applications: http://i-phone-home.blogspot.com/

Ragdoll Blaster - spyware..

1 - Camera Genius - safe, good utility
2 - Alive 4-ever - safe, needs work
3 - Flight Control - safe, great game
4 - Convert - minor data-leak
5 - Doodle Jump - user tracking, reporting
6 - Moto X Mayhem - not bad, safe
7 - Bejeweled 2 - safe, good twist on a classic
8 - Knights Onrush - safe, not bad
9 - UNO - tracking, udid, etc
10 - Sheep Launcher - phones-home, minor data leaks but okay
11 - Ragdoll Blast - tracks usage, sends unique ID's
12 - Rope'n'Fly - safe, not bad
13 - Flick Fishing - tracks usage, stores unique ID, records if pirated & jailbroken
14 - Paper Toss: World Tour - tracks unique ID, iphone info
15 - The Game of Life - safe, not bad
16 - Oz Weather - user tracking, also monitors your in app usage
17 - The Moron Test - tracks usage, stores unique ID, records if pirated & jailbroken
18 - Solitaire - safe, pretty ordinary
19 - iFitness - safe, good app
20 - Aussie Rules LIVE - tracks usage, stores unique ID, records if pirated & jailbroken + your current latitude & longitude
21 - Luxor - tracking, killswitch?
22 - Pocket God - sends some identifiable data
23 - Worms - safe, fun, fun
24 - Spider: The Secret of Bryce Manor - tracks truck loads of data
25 - ColorSplash - loads news/alerts data
Click to expand...
 
I wouldn't mind if apple provided application use (ie when and how long but without UIDs) through the iPhoneOS and relayed the information anonymously through the developer App Store interface.

It's bad enough that safari pokes everything to Google Analytics.
 
Ragdoll Blaster !!! WTF I've got that on my phone

*goes to delete it*

I thought the iPhone was reasonably secure from this sort of crap. :(
 
feriso said:
I thought the iPhone was reasonably secure from this sort of crap. :(
Click to expand...

Basically Apple's response to emails from the blog writer was "we're not responsible for third party applications". However I think mobile operator pressure and the reduction in applications due to privacy concerns will concentrate Apple's mind.
 
It's interesting how Android tells you what the app will access on your phone when you go to install it, and asks you to confirm if you still want it, compared to the app store.
 
z0mbi3 said:
It's interesting how Android tells you what the app will access on your phone when you go to install it, and asks you to confirm if you still want it, compared to the app store.
Click to expand...

The easy way around this is simple - make the application require an initial registration to activate. It's then free to report whatever data it feels like without needing to prompt you. So it's really a false sense of security.
 
Well if you want to upgrade to OS 3.1:
(a) Diagnostic Data. You agree that Apple and its subsidiaries and agents may collect, maintain, process and use diagnostic, technical and related information, including but not limited to information about your iPhone, computer, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to you (if any) related to the iPhone Software, and to verify compliance with the terms of this License. Apple may use this information, as long as it is in a form that does not personally identify you, to improve our products or to provide services or technologies to you.
Click to expand...

Diagnostic- my behind.. "and related information" and basically any information about your iPhone, the computer it's attached to and any applications you're using.
In short an app could offload your bank details and Apple would point to this clause..
 
Last edited:
You don't need to upgrade to get that. iPhone OS 3.0 collects diagnostic data too - I've had several prompts from iTunes asking do I want to send it to Apple? Hell no! Wouldn't be surprised if the choice went away in iTunes9.

While I'd rather apps didn't collect stats unannounced, I'll tolerate it within reason as it's pretty much unavoidable now (at least in the case of Google Analytics). I draw the line at phone numbers however.
 
In the long run - Apple would never accept liability for the safeguard of data (they'd be nuts to) but they don't prevent applications through the threat of cancelling the application developer's account and barring them.

Applications are ment to be sandboxed, so the only source of personal information is either (a) apple through the OS API, or, (b) the individual entering the information into the application directly.
 
Last edited:
NickK said:
The easy way around this is simple - make the application require an initial registration to activate. It's then free to report whatever data it feels like without needing to prompt you. So it's really a false sense of security.
Click to expand...

It's a step in the right direction though surely? As opposed to just goign in completely blind.
 
NickK said:
Well if you want to upgrade to OS 3.1:


Diagnostic- my behind.. "and related information" and basically any information about your iPhone, the computer it's attached to and any applications you're using.
In short an app could offload your bank details and Apple would point to this clause..
Click to expand...

That's a lot of nonsense, put your tinfoil hat back on and reread that paragraph.
 
You must log in or register to reply here.
Back
Top Bottom