[Infowarrior] - Apple Yanks Privacy App From The App Store

Richard Forno rforno at infowarrior.org
Fri Jul 20 08:23:51 CDT 2012


Apple Yanks Privacy App From The App Store

By Mike Lennon on July 19, 2012

http://www.securityweek.com/apple-yanks-privacy-app-app-store

Back in May of this year, Internet security firm Bitdefender launched an App and service designed to help iOS users get a grip on what the apps installed on their mobile devices may be up to.

Dubbed “Clueful” by Bucharest, Romania-based Bitdefender, the App tells owners of iOS devices which applications may be accessing more information than they need, and identifies potentially “misbehaving” apps, giving users an inside look at all the information app developers can gather about a user. In simple terms, Clueful identifies potentially intrusive applications and shows users what they do behind their back.

Seems legit, right? Apple doesn’t think so. Or at least they have an issue with something behind the App that sparked them to pull it from the App Store this week.

After initially reviewing and approving the App that was released on May 22, and has been available in the App store for months, Apple has had a change of heart and has removed the App from the AppStore.

“Apple informed Bitdefender's product development team of the removal -- for reasons the company is studying -- after initial approval and sale in the App Store,” the company said in a statement Wednesday.

So why would Apple pull such an App from the App store? It’s unclear, and Bitdefender told SecurityWeek that the company is under NDA as far as explanations for the removal.

"App developers can ask for, and receive, access to your precise location, your contact list and more information about you when you install their products on your iPhone," Catalin Cosoi, chief security researcher at Bitdefender said in a statement when the App was originally released. "Your iPhone is probably the most personal device you own, holding vast amounts of information about what you do, who you are and where you go."

"While most app developers use this information for legitimate purposes, others might not," Cosoi said. "Clueful was the best way for iPhone owners to know what data apps are actually accessing.”

It’s unclear why Apple would remove such an app from the App store, but perhaps the tech titan didn’t like the fact that the folks at Bitdefender were coughing up details on thousands of iOS apps and potentially scaring users away from purchasing Apps and dipping into sales. But that seems a bit far-fetched, as given Apple’s massive revenues, any App of the sort is not likely to materially affect sales of other apps. Perhaps Apple was able to call-out the company on a technicality that violates its terms of service. We don't know.

SecurityWeek has reached out to Apple for comment, but we’re not holding our breath, as the tight-lipped company rarely responds to media inquiries.

Interestingly, Bitdefender did share some data that they gathered based on Clueful's analysis of more than 65,000 popular iOS apps so far:

•	42.5 percent of apps do not encrypt users' personal data, even when accessed via public Wi-Fi

•	41.4 percent of apps were shown to track a user's location unbeknownst to them

•	Almost one in five of the apps analyzed can access a user's entire Address Book, with some even sending user information to the cloud without notification

“iPhone owners need to know which apps they have installed may be using their personal data in ways that are not expected,” the company said. “The Clueful team is committed to raising awareness about app privacy on the iOS platform and will continue to develop Clueful for resubmission.”

“While Clueful remains off the App Store, we are working toward building data privacy awareness and will continue to develop products that help consumers remain secure regardless of platform,” Cosoi said.

Users who have already downloaded Clueful may continue to use it.

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.



More information about the Infowarrior mailing list