It looks like Apple is using its rejection power for good this time — removing games built on the Unity engine which included private-API calls that could be used to steal private user information like your iPhone’s phone number.
Not all of the rejected/removed games were engaged in privacy violations (or even had the network capability to exploit it), but Apple isn’t taking any chances following the Storm8 lawsuit. Touch Arcade has the details:
The Unity engine currently uses the two private API calls that Storm8 allegedly exploited to steal user data, NSGetEnviron and excserver. Mantas Puida of Unity Technologies explains these two API’s utilized by the Unity engine serve the following functions:
_NSGetEnviron is used by Mono runtime to provide implementation of .NET core API method: Environment.GetEnvironmentVariable().
exc_server is also used by Mono runtime to provide graceful NULL reference exception handling.
The Unity engine, however, has been updated to remove the offending API calls, and the games are being recompiled and resubmitted to the App Store. Hopefully this will keep users’ data safe from unscrupulous developers, while the scrupulous ones continue to turn out great games.
[Touch Arcade via TUAW]
The Register is reporting that a lawsuit has been filed against an iPhone game developer for privacy violations:
The complaint claims best-selling games made by Storm8 contained secret code that bypassed safeguards built into the iPhone to prevent the unauthorized snooping of user information. [...] to access, collect, and transmit the wireless phone numbers of the iPhones on which its games are installed,” states the complaint, which was filed in US District Court in Northern California. “Storm8 does so or has done so in all of its games.” [...] [including] World War, iMobsters, Racing Live, Vampires Live, Kingdoms Live, Zombies Live, and Rockstars Live.
The complaint claims they’re violating the Computer Fraud and Abuse Act, and is seeking Class Action status. It’s not the first time we’ve heard about apps violating user privacy, hopefully Apple’s new iPhone security manager will first and foremost focus on these types of exploits. And, yeah, let the courts smite any abusive developers in the meantime…
[via Wabbit in the TiPb forums]
The iPhone Dev-Team take a break from the Jailbreak to throw some light on the issue of 3rd party iPhone apps tracking users’ location. Joey Hess and our friends over at PreCentral.net kicked up a bit of a ruckus last week detailing how the Palm Pre reports users’ location data back to Palm HQ. Well, says the Dev-Team:
Although we have yet to find an application by Apple that tracks your location, there are certainly a number of “free” applications in the official AppStore that are designed to do just that. Case in point: there’s this rather cute/gimicky app that lets you determine the tip for your waiter or waitress by tilting your phone as you pass it around the restaurant table. But if you dig a little deeper (like bushing did) you’ll find it uses a library by Pinch Media that is specifically designed to track your geographical location through time, then upload that data to Pinch Media. (Oh and it also show you an ad, as an extra bonus).
They point out that the iPhone will ask before any app is allowed to use location data, but also that it will keep asking to the extent that users might just agree to prevent being constantly annoyed with popups.
The Dev-Team goes so far as to describe these types of apps using the dreaded “s” word. That’s right — SPYWARE. However, in a web increasingly dominated by companies seeking to aggregate (hopefully anonymized?!) user data as a way to monetize (providing free or cheap apps in exchange for the shared data and tolerance for advertising), how broadly can that term now be applied? Many, especially tech-savvy, users are happy to let Google’s Gmail scan their email and serve ads in exchange for the service (and don’t even get us started on Chrome parsing all URLs a user enters through Google, or their purchase of DoubleClick…)
Should we be concerned more about small, 3rd party companies? About Apple, Palm, and Google-type companies? Or is it just the way of the world now?
How about this — Perhaps Apple could give us app-specific Location settings, much as we now have app-specific Notification settings? That way, there’d be a list of apps that use location, and we could individually turn off those with which we don’t want to share our location. How about it, Apple?
No word yet on whether you get a pocket Hasselhoff to push it for you, but it sounds like Opera Mobile 9.7 is set to bring back the “Turbo” boost in an effort to take it to Mobile Safari (and, we presume, WebKit in general as found on the iPhone, Google Chrome lite for Android, Palm Pre, some Nokia devices, etc. etc…. etc…)
Ganging up on the “real internet” browser are our good friends Matt Miller from NokiaExperts.com and Phil Nickinson from WMExperts.com. Matt explains the concept behind Nokia’s blast from the past via his ZDNet blog:
Turbo mode that supplements the native Opera Mobile browser with the proxy functionality found in Opera Mini. So, with Opera Mobile 9.7 and Turbo mode enabled you get a fully functioning web browser with proxy/server side lifting going on to provide the FASTEST browsing experience currently available on a mobile phone.
TiPb vaguely remembers proxy and cache tricks from those old spamvertisements promising to quadruple our old dial-up modem speeds. Phil tries to pip us to the proxy post, however:
Read the rest of this entry »
Apple has past mastered using animation to aid both usability and fill transitions. An example of the latter is the “shrink” effect used when you hit the home button: whatever’s currently on diminishes to nothingness and the home screen icons fly back into place. To do this effect, however, the iPhone takes a quick screen shot, and then uses the built in CoreGraphics/Animation layers to rapidly scale it down.
See the problem? No? Wired does: once a screenshot is taken, even if the iPhone immediately deletes it, those bits hang around inside your device. Current recommendations to properly destroy data involve multiple, pseudo-random overwrites. Absent that, forensics experts can often retrieve so-called “deleted” files. Including the screen shots the iPhone uses for animation. Including, potentially, any confidential or classified documents you were viewing — or embarrassing Hello Kitty sites you were browsing –when you hit the home button.
Sure, this will likely never be a problem to most users. Passwords are obscured and not many of us have docs — or look at sites — that would be worth the significant forensic resources it would take to recover iPhone screenshot files.
But, a security/privacy concern is a security/privacy concern, and while this one doesn’t trouble me personally, not knowing about it — and making an informed decision based on knowing about it — would.
And hey, at least it’s not as tattly as Google Chrome…
A reporter over at one of those reputable, printing companies recently received a phone call from Steve Jobs and this was his opening line:
“This is Steve Jobs,” he began. “You think I’m an arrogant [expletive] who thinks he’s above the law, and I think you’re a slime bucket who gets most of his facts wrong.”
You gotta hand it to him, even if he is feeling a little down, Steve will still serve you a new one if he wants to. But there has been a lot of speculation lately on what’s affecting Steve Jobs’ health and it’s making investors worried.
The whole conversation with Steve Jobs was off the record so we still don’t know the nitty gritty details but according to the New York Times, it’s more than just a common bug but isn’t life threatening and it’s not cancer.
Some think his health should be a private matter, which makes sense because we should all have some level of privacy. Some think his health should be public knowledge if it is serious enough, which also makes sense because of Steve Jobs unique role in Apple and Apple being a public company.
We at TiPb just want him to get better and hopefully the rest will handle itself.
What do you think?
ReadVia
Remember when AT&T was selling refurbished iPhone 2G’s at (what was then) ridiculously low prices? Remember how it turned out some of those units still contained the personal information of their previous owners? Apple seems to remember, and has reportedly taken steps to prevent it from happening again.
As with a computer, when you simply delete a file, the file typically remains but is marked as deleted by the file system and will eventually be over-written. To delete something and make sure it’s deleted, you need to over-write it, and not just with a single binary bit (zero’ing out). You have to over-write it with (pseudo) random data, and over-write several times.
Apple does something like this on the desktop with “Secure Empty Trash”, and now they’re bringing the same concept to the iPhone. The catch? Time. The new dialog for “Erase iPhone” now warns that “This will take about an hour.”
And let’s face it: what’s a little time if it prevents that eBay buyer from getting all your personal details, right?
Check the read link for the Settings screen shots…
Read
Ever wish you could keep prying eyes away from your iPhone? Always paranoid that strangers can read all your sensitive e-mails, bank account information, and stock portfolios? Well here’s the solution: the Case-mate Universal Privacy Screen Pro for iPhone ($19.95). It prevents those snoopy people from peering over your shoulder and keeps your information private by offering a viewing angle of 45 degrees.
Read on for the rest of the review!
Read the rest of this entry »
