Recently while analysing Camera Zoom & Twitterfon, both pinchmedia enabled iPhone applications, I realised that it may not be as apparent to casual iPhone users how user tracking/metrics work.
Most of the iPhone applications that I test use pinchmedia to perform thier "user tracking", so I am going to focus on this in some depth and explain exactly how this works behind the scenes on your mobile.
Firstly, lets start with a definition of spyware from Wiki: "Spyware is a type of malware that is installed surreptitiously on personal computers to collect information about users, their computer or browsing habits without their informed consent."
With this definition in mind, lets look at how pinchmedia enabled applications handle your data.
An iPhone developer can simply drop pinchmedia into their application, from the developer's perspective this is quite easy and all that is required is they pass information about their application to the pinchmedia component, from there the pinchmedia component does the rest.
Once an iPhone application is pinchmedia enabled, on every execution of the application the following information is stored in a local SQLlite database:
- iPhone's unique ID
- iPhone Model
- OS Version
- Application version (in this case, camera zoom 1.x)
- If the application is cracked/pirated
- If your iPhone is jailbroken
- time & date you start the application
- time & date you close the application
- your current latitude & longitude
- your gender (if facebook enabled)
- your birth month (if facebook enabled)
- your birth year (if facebook enabled)
As some people seem to find it hard to visualise, I have extracted the SQL database from Camera Zoom stored on my iPhone, the database looks as follows (data was intentionally omitted):
+---------------------------------------------------------+
| Table: beacon |
+----+--------------+--------------+----------+-----------+
| id | time_started | time_stopped | latitude | longitude |
+----+--------------+--------------+----------+-----------+
+------------------------------------------------------------------+
| Table: sub_beacon |
+------+------------------+-------------------+---------+----------------------+-----------------------+
| id | beacon_id | is_session | name | time_started | time_stopped |
+------+------------------+-------------------+---------+----------------------+-----------------------+
+----------------------------------------+
| Table: user |
+----+--------+-------------+------------+
| id | gender | birth_month | birth_year |
+----+--------+-------------+------------+
In this particular database, there was about a dozen rows of data. It is not clear just how much data pinchmedia will store and attempt to send back to its servers however during analysis it was over half a dozen rows.
Once the application has stored the data, it will attempt to send this information back to the pinchmedia servers. In most cases this is done every-time you open & close a pinchmedia enabled application.
Your data is continually tracked, pinchmedia applications do not take just one sample, they will record every use of the application for the life of that application on your phone. When finally you do have a connection, this information is sent automatically from the application.
To clarify, at no point are you told what the pinchmedia enabled application is doing, at no time are you given an option to "opt-out", you have no control over when the data is sent and what data is sent.
When comparing how this pinchmedia applications work, against the definition of "spyware", is a pinchmedia iPhone application spyware?
Absolutely without no doubt, ANY pinchmedia iPhone application is spyware.
Some simple things you can do, to make a difference
Vote with your wallet
- refuse to purchase pinchmedia enabled applications
- return any purchased applications to Apple
Tell someone who cares
- education is key, spread the word about the issue
- the Internet is a small world, spread the word to your iPhone friends
Keep informed, check this blog!
- Cydia repo goes live soon! Keep up to date against spyware
- Check for new articles, we will continue to discuss this issue with iPhone developers
I would hope that this clears the issue about iPhone spyware, shortly I will be implementing a new easy to understand rating system for iPhone applications covered on this blog.
Till next time, spread the word and happy spyware-free iPhoning :)
Subscribe to:
Post Comments (Atom)
25 comments:
Great !!
This is SPYWARE FOR SURE !!.
If I bought and app I don't like to be tracked.
*** I didn't authorized to collect information from my iPhone !!!.
Is this in the Terms and Conditios ?
Actually, from my perspective its against Apple's EULA :) I have actually explained my point of view to one of the developers this and are waiting for a response.
If we have too, we will tackle one dev at a time!
As a developer who uses Pinchmedia analytics "Absolutely without no doubt, ANY pinchmedia iPhone application is spyware." pisses me off. I ask permission before recording ANY data. How is that spyware? How is it any more "spyware" than your average webpage that uses Google Analytics? Hrm?
Hi Patrick,
Sure let’s break it down a bit and look at it then :) Firstly, lets take the case of the Apple iPhone UID and compare it with Google analytics.
Uniqueness
When I am at home, I search a web page with Google analytics and it records my home IP address, browser and other details. When I am at work, it records my work IP address, browser and other details. However at no time, is it possible for Google analytics to determine that I am the same user. Furthermore it is standard in my country for ISP’s to have a dynamic pool of IP address’s, over the course of a week my connection IP address will change 2-3 times and at work I may use a proxy. This further obfuscates my identity.
With a pinchmedia enabled application, that is not the case. Pinchmedia can always identify me as a unique user, not only across any internet/wifi/3g/edge connection but also across application boundaries (so many applications, can be tied back to the one user).
Data boundary
With Google analytics they are only privy to what information is available through a standard browser, furthermore these analytics must work across multiple browsers and platforms. So typically this is limited to information about my browser, the site I am visiting, etc.
With pinchmedia services, information is taken from inside your iPhone, it would be like installing and running Google analytics in your O/S. It is privy to much more detail and indeed non metric related information, such as if you have jail-broken your iPhone and if you pirate applications. Which is currently already reported back to Pinchmedia.
Privacy concerns
With many applications, pinchmedia can have access to your latitude, longitude and for Facebook connect enabled applications, your sex, gender and birth details. Sending this data back, unsecured to a 3rd party server. This is well beyond what a simple web tracker could accomplish, without actually exploiting a bug in the browser and executing on your local PC. Another noteworthy point is that unlike Google analytics, Pinchmedia data is continually stored in a local SQLlite database until the user finally makes an internet connection at which time all stored data is forwarded back to their server.
Accessibility
How easy is it to stop Google and many other of the popular tracking services from accessing your browser data? you simply drop in many of the freely available browser plug-ins and your done. I think it would be fair to say, even novice users can and do achieve this.
On the iPhone, only jail-broken devices can hope to have any security at all and this is achieved by adding a custom hosts file. This would be a very small minority that even know about this issue, let alone have protected their device.
EULA
Pinchmedia and similar services are actually against the Apple EULA, as specifically you must have an agreement with the 3rd party to solicit this data and the user does not. The user only has an indirect agreement with the application publisher and only “periodically to facilitate the provision of software updates, product support”.
If it quacks like a duck…
“Spyware is a type of malware that is installed surreptitiously on personal computers to collect information about users, their computer or browsing habits without their informed consent.”
It would take quite sometime to go through all the possible arguments against, in the end it is up to each iPhone user to decide for themselves what is best. Again, I have stated many times if there simply was a privacy/data collection policy or an opt-out most users would be reasonably satisfied.
As you mentioned, if you indeed ask permission then you are the first Pinchmedia dev, that I have heard of that does this and your application would not match the definition of spyware =) If that is the case, I would be very much interested to test it out.
Oth3lo,
Two versions of this comment:
1) Applications using Pinchmedia (or ANY similar service, including posting to their own servers) MUST ask permission first. As a developer and a user this is not negotiable. (I'm almost certain to say Yes, because I don't care - BUT, I must be asked.)
2) Longer...
While I appreciate your concerns, I'm still not prepared to accept the term "spyware". I've never heard the term used to describe applications that collect stats about themselves.
(iPhone apps, at least through the appstore and on non-jailbroken phones, can only run when in the foreground, preventing them from spying on you when not running... which I'm assuming you know based on the fact that you come across as fairly knowledgeable, but not all readers may be.)
Google Analytics is able to collect information such as: browser vendor, version, OS type, version (equiv. to iPhone OS version + device type), screen resolution, screen colour depth, geographic location (based on geoIP), and then metrics surrounding website usage (including timing and so on) across visits.
My application does not do this without requesting permission, which from my reading of the iPhone Developer Program agreements is absolutely required - the first time the app launches it asks. If you say No it never asks again - that's it, I don't collect any stats. (Not entirely true - Twitter tells me how many people have authorized the app that uses the twitter oauth APIs, but, er, blame twitter for that. Oh, and if you delete the app and load it again it'll ask again, of course.)
The statistics gathered are invaluable for me in determining both ongoing application usage (do I need to continue supporting this app?) and what's working and what's not? (Odd... lots of people are seeing failure messages in the app... do I need to fix something in the API code? that kind of thing.)
Also knowing what percentage of users have a jailbroken device is useful because the jailbreaking process has been known to replace/upgrade libraries (such as sqlite) which have then caused crashes. Knowing how many of my users could be exposed to this allows me to plan development resources and testing devices accordingly.
Important to note:
a) The applications I have on the appstore also have no reason to use CoreLocation, and as such I do not have this turned on for Pinch Analytics (you'd be prompted by the iPhone OS for this anyway). They also don't use Facebook connect, so again this is not enabled.
b) Pinchmedia provides the information to developers (such as myself) only in aggregate form. Pinchmedia provides no way for me to see individual users, or information about them across multiple applications.
c) Google Analytics uses cookies to track your browser even if it's network connectivity (WiFi at work/ethernet at home/3G in a cafe) changes.
d) The use of a sqlite database as a local cache for the information it submits is perfectly reasonable from my point of view. Google could do the exact same thing with HTML5 database/google gears to allow webapps such as Gmail Offline/Google Reader Offline to continue to collect stats while running without an internet connection. Pinchmedia does this so it can abide by Apple's recommendations around using cell data, which amounts to "use it as infrequently as possible to maximize battery life".
Hi Patrick,
The issue here and it is key to the "Spyware" flag, is user consent.
If you made a pinchmedia enabled application and it indeed did ask if it could collect information, assuming the data was related to that application then it would not be deemed as "Spyware" but just another normal app.
As it stands, right now I have not seen a single pinchmedia app which does this. I hope yours is the first.
There is a vast degree of difference in what can be achieved through the application layer, to a client running in a sandbox such as a web-browser.
Again back to the uniqueness, this cannot be achieved by Google, they do not have access to anything outside the browser.
It is a noteworthy point, that I know of no established 1st tier dev teams that use similar services to pinchmedia.
And finally, all-in-all it is really up to the user to decide, does it fit the "Spyware" description?
If you have made a pinchmedia app, and it does actually notify the user I would love to test it.
Then I can go back to my pinchmedia article and say "Almost every pinchmedia iPhone application is spyware" =)
P.S Who said google analytics wasn't spyware anyway =p
I haven't seen one application that asks for permission and I haven't seen one application that stated in the iTunes description that it would be using pinchmedia to track stats.
Patrick, can you tell us what app you are the developer for? I'd be interested in using it as an example case for other developers using pinchmedia.
I haven't seen one either that ask for permission to verify my GeoLocation or check my facebook.
Patrick even if your app don't do that there's apps that do this.
-Does google verify if my computer have a "Jailbreak" version of my OS/Mac OS/Linux/ etc ?
-Does google send the serial number of my computer?
-Does google verify if I have a Pirated version of Linux? (Linux is free but as an example).
-Does google connects to my facebook to veify my age/gender/etc??
Please let me know if google do something like this. Seems like you know google analytic very well maybe you can enlight me those differences between pinchmedia and google.
Repeat: i'm not saying that your app do that (I don't know your app) but there's apps that do this and this is very personal.
I'm not here to promote my apps, but if you type my name in to iTunes you will see the two I publish under my name.
thegoodboy66: The browser (for good or bad!) doesn't have a concept of being jailbroken, but the closest is having something like google gears installed, in which case yes, I'm sure Google does get that!
As best I can tell the stats do not get the device serial number, just the UUID. Again, pinchmedia do not expose this to the developers, presumably it is _only_ used to track uniqueness (like the google analytics cookies).
Presumably you are equating Pirated with Jailbroken. I do not. Jailbreaking changes software on the device, sometimes in ways that cause problems. It is very useful to know what % of your userbase is likely to see this issue.
The comparison to analytics is not exact, obviously, but I think it's fair to say it's in the same ballpark. The concept of collecting statistics about the use of your app is not new. It's done on the web, it's done in products like Microsoft Office (with a request for permission first, of course!) and Mac apps, such as the ones made by Omni Focus. (see http://update.omnigroup.com/)
Hi Guys,
Just some general comments and to re-iterate a couple of key points, which while previously raised remain valid.
- Without consent, it is spyware
- UUID is far too unique and cannot be compared against tracking through a web browser. Pinchmedia have visibility across all Pinchmedia applications & tracking is consistent regardless of your location or connection, it is not anonymous tracking
- GeoIP on the web is only roughly accurate, at best sometimes it can get your rough city or suburb. Pinchmedia reports your location to 8 decimal places, do they need to know what side of the bed you sleep on?
- Pinchmedia runs at the application layer, the same layer that a web-browser runs already Pinchmedia stats involve information which has nothing to do with user metrics or usage, expect this to continue to be increasingly invasive
- Nobody said Google analytic's or similar services aren’t spyware =) I don’t see the comparison of Vendor A does something bad VS Vendor B does something bad being relevant.
Lastly, when referring to applications as Spyware I am using this commonly accepted definition: “Spyware is a type of malware that is installed surreptitiously on personal computers to collect information about users, their computer or browsing habits without their informed consent.”
Which as far as I can see, suits pinchmedia applications perfectly =)
Patrick-
Your point is invalid. You're saying that if Everything is done per code, then the application is not spyware.
I don't think there is one person that disagrees with you on that matter. However, on the matter of whether an application can be considered spyware if it does not give any indication that it hold the Pinchmedia library, and does not ask for specific permission to collect personal information -- Can you argue that that isn't spyware?
You can dismiss the claim that your app is spyware if you are given consent. Most people aren't given a chance to give consent, though.
Take it as you will.
The only permissions I've ever been asked on apps is to use location services. I did not expect it to send my details to a central server (name, birthdate etc.), details that I have not given express consent to send. Is there a list of apps that use pinchmedia available anywhere so that I can one, make sure I delete them if I have purchased them and two, make sure I never purchase them even if tempted.
Might I just add one comment too, and I would encourage each user to make up their own mind and do their own research on this topic.
But what do they do with the data? I'm a registered Apple dev, I have the Pinchmedia SDK, it is free to use, so their business model is?...
It is the reselling of this information to 3'rd parties that really get's me going. And no, this is not fear-mongering. I encourage you all to form your own educated opinions.
0th3lo
Like others said, who said standard practice of other apps isn't spyware too, isn't bad practice?
It seems that programmers don't seem to care whose privacy they violate so long as they have some perceived need to do so.
One reason I refuse to use an iPhone or any advanced cell phone. I carry a boost mobile phone and keep it off as much as possible.
I'm not so worried by the app-makers trying to exploit the data, but the fact that Pinchmedia is sitting on a whole lot of very specific data about individuals.
While I don't think the app-makers have any malicious intent, I would like a list of all apps that use the Pinch SDK, so I can delete them off my iphone (or think really hard about whether it is worth keeping them).
@Paul that's sadly the price of these wonderful "smart phones". Again anyone who is really concerned my recommendation is simply don't use apps while connected to any network.
@Tom Sure lets face it, their not Aliens planning to take over the world.. or.. nah =p But they do have allot of data across allot of applications and there is no disclosure what they do with it.... hmmm
Or just add the hosts file Tom, or DM me for the repo :) that will stop them "phoning-home".
Every web site you visit tracks these things too:
EVEN THIS ONE CAN TRACK:
- unique ID (cookie)
- CPU Architecture
- IP address
- ISP Name
- OS Version
- Browser Version
- time & date you opened the web site
- time & date you closed the web site
- your current latitude & longitude (roughly using IP geolocation)
- your gender (if facebook connect enabled)
- your birth month (if facebook connect enabled)
- your birth year (if facebook connect enabled)
AND EVEN MORE WHEN YOU POST AND USE ID SHARING....
Hi Nine,
Actually not really =)But I do appreciate your enthusiasm. If you re-read the comments above, you will see a pretty in depth discussion on the difference between say Google analytics and pinchmedia.
Happy iPhoning!
Device hardware and software information I can understand as necessary for application development, provided that consent is given from the user when an application is installed.
What bothers me is that applications can sift through my facebook account and profile me as a person. Who decides that they stop at gender and age? Do they have access to the rest of my information? Who knows how targeted that information is and how it will be used? At the end of the day it's the fact that they have access to it that makes me uneasy, irrespective of what they do with it.
If an application openly discloses the type of information that it will be transmitting back to pinchmedia for analysis, then I think you'll find a lot of people won't be consenting.
I'd also be interested to see what their business model is. If the application is free, then where do they make their money? I'm going to guess it's by selling off that bulk information.
Hi Tom,
Very good points and you touched on a couple of key points.
- Where is the user consent?
- I can't remember the last app with a privacy policy?
- What do they do with my data?
Hmmm good food for thought...
Hi Adam,
Well there is not really obvious way to tell prior. You could of course simply contact the developer, chances are they will get back to you with an accurate answer.
On this site, you can see a list of all the applications I have tested here on the "Compiled Application List" http://i-phone-home.blogspot.com/2008/01/compiled-application-list.html
In general I recommend to take precautions, use PrivaCy + the compiled hosts or just plain shut off your connections.
0th3lo
Gah Adam, sorry I think I deleted your comment when I revised mine! please feel free to re-post.
0th3lo
http://www.pinchmedia.com/blog/improved-opt-out-methods-for-pinch-analytics/
@cworkman29729 Pinchmedia would like to think that =) Fortunately that has been well discussed many times, a quick review of the site will find the answers & rebuttal to that press release.
This Pinchmedia sounds interesting, might give it a look see with my iPhone later today to find out what it's all about, thanks!
Post a Comment