Is Aurora Feint the iPhone’s first Spyware?
A bit liberal with user’s data?
Definitely.
Spyware?
I doubt it.
There has recently been a bit of a buzz on the internet surrounding the extremely popular iPhone/iPod touch game Aurora Feint. I am a big fan of Aurora Feint, so I was a bit shocked to hear that apparently some people who have gotten SSH running on their iPhones under the new firmware have discovered that Aurora Feint creates a copy of all the e-mail addresses and phone numbers in your contacts list, and stores them in a “secret” directory on your iPhone (of course, unless you’ve jailbroken your iPhone, pretty much all directories are secret). This in an of itself is a bit suspect, but alarm bells really began to go off when someone noticed that AF was sending that information (unencrypted) to the Aurora Feint servers as well.
Above: If you do this, you will be sending all your friend’s e-mail address and phone numbers to Aurora Feint. But do you care?
For clarification on this, I wrote to Danielle Cassley, one of Aurora Feint’s creators, who referred me to their new Privacy Policy link on their site which outlines what exactly is happening:
Hey everyone,
We’ve received some e-mails from people asking how their personal data is used in relation to the community feature.
The short answer: All personal data is used on ONLY an Opt In basis to support the community features of Aurora Feint. That’s it. Period. We never rent, sell, or otherwise do anything with that data that you would not want us to do.
The long answer: Personal data is only used for the Community Feature. We store the e-mail and phone number that you enter in the Community Tab on our web servers, IF you explicitly type it in, so that other people may find and compare their stats with your character.
Some people have noticed that on your iPhone’s hard drive we make a local copy of the email and phone numbers from your contact list. This data is sent to our web servers when you press “Refresh Your Friends” on the community page. It is used ONLY to find other players who you know that have opted in to the community feature of Aurora Feint. This data is NOT saved on our web server. It is saved locally on YOUR iPhone so the game can optimize fetching that friend’s data in the future.
Please be assured that we are only storing data that you directly type in to our game on the community page and not taking any personal info without your explicit knowledge. We are not using it for ANY other purpose.
Above: Aurora Feint’s homepage this morning (left), vs. this afternoon (right). Hey look! A “Privacy” page!
So basically, AF creates a list of all your Contact’s e-mails addresses and phone numbers, but only stores them locally. When you sign up for the AF Community, AF’s servers store only THAT info, not your friend’s info. Then, when you hit “refresh Friends”, AF checks the contacts you have stored locally against the community members info it has collected (with the voluntary consent of the players) and notifies you of matches, but it does not store your friend’s contact information on the severs after making the check.
While the privacy policy more or less convinced me of Aurora Feint’s noble (if somewhat clumsily implemented) intended use for the data collected, I still had some questions about what exactly was going on, so I spoke with Danielle Cassley once again via e-mail to get some clarification.
Macenstein: Does Aurora Feint create that list of contacts (phone, e-mail) when you play the game no matter what, or only if you sign up for the community feature? If so, why?
DC: That local list is created no matter what. The list is used to keep track of our internal account ids for friends whom are matched against the server. It speeds up future requests for your friend’s data. So, you could say, it’s an optimization.
Macenstein: When you say the information is stored on your servers only if the user explicitly enters it, does Aurora Feint tell you that, and tell you that it will be looking through your contacts?
DC: The text associated with the community features says “Supply your phone number and email to automatically locate your friends!”. We assumed people would guess that meant we used their contact list. We’ll add a more detailed disclosure in the next release with information on how the information is used and stored.
Macenstein: Is there a way for a user to remove that information that is sent to the servers if you decide you no longer wish to be part of the community?
DC: Currently no. However, this feature has already been implemented and will be available in our first update.
Macenstein: Is there a reason why simply signing up with a community forum screen name and leaving it up to the players to send that to their friends would not have worked? I understand the desire to make things easier for the end user in finding friends online, but obviously with privacy concerns running high these days, you can see how someone might be worried when a computer program sends their friend’s info out without their knowledge.
DC: Yup! We wanted to make it really easy to discover your friends who are playing the game. We added this contact list integration because we thought users would be delighted to discover that their friends are playing the game. We spent a lot of time getting this community feature streamlined so its easy to use. The notion that this is spyware is really upsetting to us. We’re rather disappointed that our hard work is being cast in such a negative light. As an aside, the community feature has been disabled since Friday. We decided that enough people were using it that we wanted to make sure we spent a little more time making the data secure. In our next update you’ll see all the usual industry standard techniques for securing sensitive data. We didn’t include this in our initial release due to time constraints. It’s only the two of us coding our butts off to make a fun game for everyone!
Feel free to contact us if you have more questions.
Danielle
So, is Aurora Feint SpyWare?
Well, what is SpyWare? Is it anything that collects data without your permission/knowledge, or does it have to be used for evil? I happen to believe Aurora Feint when they say what the collected information is and is not being used for, but unfortunately we have no way to know for sure, and that’s where the problem lies. Even if you believe Danielle, as I do, this opens up a whole new issue we as iPhone users need to be aware of, namely, just because an app makes it to the iTunes store, don’t think it is 100% secure. It is very tempting when a great looking, addictive, and not to mention FREE app comes along to want to install it on your iPhone, but there are of course risks.
Three cheers for Jailbreaking
Given how much work it must be for Apple to sort through every submitted app to the iTunes store, one could certainly make the argument that Apple actually benefits from hackers cracking the iPhone’s firmware and jailbreaking the iPhone. As illustrated here, if it weren’t for the eagle-eyes of a few iPhone hackers, we may not have even known to be wary of iPhone apps transmitting our sensative info across the interweb to God only knows who, to be used for God knows what. And again, while I personally believe Aurora Feint’s developers acted in good faith, this certainly makes me think twice about downloading every free app I see on the iTunes App store, even if it does have Christopher Walken asking for More Cowbell.
The Anti-Spyware Coalition defines spyware as:
“Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:
* Material changes that affect their user experience, privacy, or system security;
* Use of their system resources, including what programs are installed on their computers; and/or
* Collection, use, and distribution of their personal or other sensitive information.”
The definition does not indicate that a developer must have malicious intent in order for his/her program to be considered “spyware.” Bullet 3 describes the collection, use, and distribution of personal or sensitive information. An individual’s iPhone contact list most certainly qualifies as personal or sensitive information regardless of whether the owner thinks so or not. The fact that AF collects and then transmits (or distributes to its own servers) this data unencrypted across the web compromises the security of this data. Therefore, its spyware.
The developers of AF should have delayed the community feature until they could ensure the security of their users’ private data. Sending contact lists unencrypted across the web is not cool.
Aww, they’re disappointed. How sad. How could we be so inconsiderate and complain about them not wanting to wait for people to opt in for being connected to their friends on a friend by friend basis to build those guys’ platform.
This way we will finally be connected to everybody you ever added to your address book, be it boss or client. Of course something they “assumed” being our intention.
So, what was the name for people who think they can take something without asking because they gave you something? And how to react to them?
“…how could we be so inconsiderate and complain about them not wanting to wait for people to opt in for being connected…”
For the record, it is, and has always been, an opt-in only feature. No personal information is ever sent to our web servers unless you use the community feature. We will be adding a more explicit disclosure on that page in our next update.
– Jason Citron
Spyware, baby I’ve used windows 95! I remember when the first spyware scanners came out like ad-aware. I scanned my PC and found like 18,000 files. That day I decided to look at less porn. It never really happened though… but now I wait monthly for my Mac porn!
Its sends the contacts to server so that it can match up friends…. i doubt that it is spyware..
This was a bad implementation in my opinion. And why require an email AND a phone number? And what happens if a friend has two emails, and they sign up with the one you DON’T have in your contacts? the system doesn’t see you as friends?
A much easier and less invasive way would have been to just create simple user accounts with a username/password. To add a friend, you just search for their unique username and click it. What is so hard with that model?
nothing just that it makes it much easier on people especially if they didn’t know that some of their friends were also playing that game.. but if you don’t like it, there is a reason they have a forum with a wishlist section…
i don’t know but i think your just being a bit paranoid.. heck there is a reason apple only allows apps to go through the AppStore and requires them all to be approved before release its is because they want to prevent things like spyware…
OMG,
1. E-Mail AND Phone Number aren’t required. E-Mail will do as long as its in your friends address book.
2. If youre pissin your pants cause this Feature, here is a simple Tip: DON’T USE IT!
“This way we will finally be connected to everybody you ever added to your address book, be it boss or client.”
Yeah, that’s the obvious problem here IMHO.
I think it is very bad.
it means that any app can just take your contactlist and do what they want with it.
That means the iphone apps are a danger to install and cannot be trusted even they when they are in the appstore. I demand a iphone firewall.
“Supply your phone number and email to automatically locate your friends!â€
I have to agree with DC that this clearly states “We are going to take your data and do some stuff with it!” which is why I didn’t sign up. To suddenly decide it’s spyware is ridiculous.
If you ignore the community options then the only issue is that AF has a duplicate list of your contacts on your phone. Which sits there doing nothing.
alf your demanding a firewall lol if you haven’t noticed the whole point of only allowing app through the appstore is so that apple can check and be the ones to approve every app for use, so that there would be no issues with spyware and shit like that. If you paranoid just until all apps and dont use them.. I am pretty sure apple made sure these developers were legit before releasing their apps..
But sure you could never resist the allure of more cowbell?!? Admit it, you have a fever and the only prescription is more cowbell.
This sounds like good intentions gone bad. I don’t want an app wasting precious space on my iPhone by making copies of my address book. If I do want the app to compare email addresses to those of other users, it should be done only when I expressly give permission to do it. I don’t care if it takes an extra few seconds.
There is no way that Apple is going to be able to check for all of these security issues. There are thousands of apps being written. They don’t have the resources to analyze the code in all of those apps. Whatever they are looking for, it’s obviously not something like this.
It looks like Steve was absolutely correct about wanting to preview the apps and to keep them inside a sandbox. There’s a lot of potential for trouble here and I do not want to have to worry about malignant apps on my iPhone.
You guys are all missing the point here. The security risk is that personal information is being sent unencrypted across the web. For any of you who don’t realize the security implications of that, stop wasting your time commenting and pick up a book or two and learn about it.
AF’s process for implementing community-based gaming is amateur at best. Even people who think they are “opting-in” have no idea what they are about to do in making this choice.
The article is about whether AF operates as spyware. Take a look at the definition of spyware mentioned in comment #1, look at how AF operates, and then draw your conclusion.
Unless you have a comprehension problem, I think you should all be aware when you enter information, the collectors are going to do something with it! Spyware is a virus that gives out information to hackers without your permission. Aurora Feint gives you the option to provide information, so I don’t know why so many of you entered in your phone numbers and emails with the notion that AF’s gonna delete it.
This is bullshit. What makes them think they have the right to do this? It’s a game, it has no business harvesting information from my contacts. This “game” is really incomplete and over-hyped anyway. It’s a crappy tetris clone is all it is. I’ll be deleting it pronto and will suggest my friends do the same. It’s really sad you have to be concerned about a damn game spying on you, as if Bush/Cheney wasn’t bad enough.
People bitching about this are idiots… I’m a dev myself… It’s obvious that they had good intentions and were trying to bring community into a free game offered to iPhone users… they have a privacy policy now that they realize they need one and if they did share your info you could sue for $x…
Shannon… you, specifially, are an idiot…
Danielle, a way to get around this would be to hash each of the contacts with one of their contact info items. Make as many hashes as there are combinations of name + phone, or name + email. This 128-bit number (for MD5) could be bandied about all over the web without a prayer of someone regenerating private data from it. You could have a unique hash for each ‘real’ user also, not just for their hashed contact methods.
In other words, if my friend ‘bob smith’ has three phone numbers and an email address, this algorithm would create 4 items. There would be no reason to tie these to ‘bob smith’ for any reason — just a salted MD5 that would match up later with an identically salted MD5 on the server, which was submitted by another user (maybe even Bob himself). Simple, and secure. There’s (almost ) no way you could every possibly hope to rebuild the name and phone number from an MD5 digest, but you can easily regenerate them using the same source data.
I love your game, and I wanted to help you out. Hope this helps.
damn! guys stop bitchin’!
i can see how this could be problematic… but then again, they had good intention…and i bet there would be people complaining, even if you had to create an account to then use the community feauture…
i don’t care and provided them with my info. i love the game and even if they did something in a way that wasn’t the best stop flaming them and delete the app. it’s as easy as it gets.
from my side: THANKS TO THE DEVELOPERS FOR THIS GAME!
This appears to be an appropriate time for me to mention the tinfoil hats I have for sale on ebay.
*puts on tinfoil hat*
This was a bonehead move on the developers part #1,
#2 … asking for a PHONE NUMBER? Who are these people, Radio Shack? That’s too much info in a time where privacy is on its way out. I enjoyed playing the game the 2 times I have played it, now I’m enjoying deleting it!
“Shannon… you, specifially, are an idiot…”
Bravo, my friend, bravo.
Yeah, the game is incomplete and a bit sketchy, but I’m glad to hear in this article talk of updates…like when I make a new peice of equipment….letting me scroll and actually see what it does.
I do agree that sending my contacts across the net unencrypted is not cool…but come on people…this is a FREE game two people obviously spent a long time coding…its better than 90% of the games on the iPhone, and when they fix the bugs it’ll be the best by far. They screwed up a bit, but at least they realize that and they’re taking the necessary steps to fix the problem. If you don’t like it, delete the app and shut the hell up.
I swear to god…if they’d made you search for your friends’ usernames, people would be in here complaining about how much they had to type. Idiots.
The game has been delisted from the iTunes app store.
“The game has been delisted from the iTunes app store”
Ahem… if only we knew of a good source of cheap but good quality tinfoil hats….
Tai Da’s solution of hashing, in a general sense, is exactly what is needed here. It’s a perfect use of that technique, actually. But, to the programmers, if you’re reading this, please consider using something other than MD5. It’s had a number of vulnerabilities exposed (most of which are prevented by correct use of salting), but there are better choices out there, including the later versions of SHA.
Since the phone has ‘limited’ (and EXPENSIVE) memory, storing another copy of this data is bad enough without the spyware issues. Plus, if they can do it (copy your contact list) so can any app which may not have the pure heart and upright moral stance that AF apparently enjoys. Sounds like they have exposed a shortcoming in Apple’s security??
@Jason Citron
There’s a difference between opting in to share my own personal info and sharing that of all of my contacts. And no, users don’t have to think how your app might work inside to accomplish that “sharing”
This whole thing just looks like you people wanted to look cool without thinking twice and/or without caring about the intentions of your users. Might be narrow mind of young developers in their early stage, then again, with the app store you are publishers too and should live up to the expected responsibility. And it still might be worse, and you just wanted the data on your servers.
This all looks really bad the way you handled it. And it would have been cool to just accept your mistake, if it was one, instead of fighting the well-founded complains of your users.
So much “for the record”.
All of the people that think this activity is ok, please come to my house, and connect via my wifi.
Do not mind me over in the corner with a wireshark/ethereal/tcpdump, and a few IRC windows open dumping all these valid email addresses and valid phone numbers into files to sell to the highest bidder. I will make a fortune in no time!
BTW, this can also be done at any wifi hot spot. Or by the developer by simply lying to you and hoarding the data.
Its unencrypted, potentially MY contact information, being sent over a potentially open network. Thanks!
Note the Sarcasm, but also note the facts, or potential facts.
There is no reason why the iPhone can’t pop up a dialog box that asks if an app is allowed to look at your contacts list, just like the GPS feature. Apps simply should not be able to get at such datat without the user having an opportunity to know about it and deny or approve it. Simple.
Here is the other bottom line.
Of all the people on my contact list… I’m the only one with an iphone… Let alone play games with it.
Has the problem been solved?
Read the reviews in the apps store and don’t know how recent they are but…
I’m glad I read the reviews before I decided to download the game onto my iphone. I have a lot of clients on my phone that are considered sensitive and DO NOT want that info shared in any way period. Especially on an unencrypted server. Like Riparian, I am the only person I know with an iphone. I could careless about searching for friends and comparing my scores with theirs “within the community”. Maybe the developers honestly wanted to make a great game for the iphone for free, but why is such an attractive, well thought out polished game, FREE, in the first place? I mean Thanks for the app and making it free, but it seems like an app like this would take a while to develop and would be worth a little bit of your time to develop. I’ll wait for the update, if its still free and I know my info and contacts info isn’t being sent over an unencrypted server.