

Forget Epsilon, Fear the Angry Bird - TheloniusPhunk
http://threatpost.com/en_us/blogs/forget-epsilon-fear-angry-bird-042611

======
robinhouston
If you read the details on the WSJ site, it doesn't sound nearly as nefarious
as the author of this article seems to think. For example, Angry Birds
(<http://blogs.wsj.com/wtk-mobile/2010/12/17/angry-birds/>):

“User allowed the app to transmit a username/password for the Crystal game
network to Crystal; allowed app to see location; and allowed app to search
contacts for friends.”

It doesn’t sound as though any of this is happening without the explicit
permission of the user.

~~~
gyardley
Analytics packages generally rely on either the application's terms of service
or the platform's overarching terms of service, so I wouldn't say 'explicit
permission' in all cases. The user likely 'agreed' without reading it.

That said, there's a complete difference between what's actually done with
this sort of data and what this guy (or the WSJ) thinks is being done with the
data.

In the case of analytics software, things like the phone's location and
language settings are used to produce an aggregated breakdown of usage by
country, useful for localizing your content and staffing customer support. The
phone ID, after being run through a one-way hashing function, is used to
provide an aggregated unique user number - since the correlation between
downloads and actual active users is pretty weak. There's no user-level
records and best practices around data retention are followed.

Oh, the horror.

~~~
TheloniusPhunk
Agreed. There is also a difference between security conscious people like us
giving "explicit permission" and common user (who greatly outnumber us)
handing out permissions like they're going out of style.

------
lawnchair_larry
I installed the firewall app from the Cydia store on my jailbroken iPhone. It
is pretty impressive just how many apps want to contact various parties to
report would-be irrelevant info on your phone. Assault on privacy indeed.

I did notice that Angry Birds, and offline game, sure wanted to send a lot of
data out for no apparent reason.

It seems like there is a new business model reflected by a subset of the app
store catalog that just intends to serve as a cheap/free distraction for the
user, with the real goal of raiding as much data as possible.

~~~
dspillett

        It seems like there is a new business model reflected by a subset of the app store catalog that just intends to serve as a cheap/free distraction for the user, with the real goal of raiding as much data as possible.
    

Otherwise known as the facebook app business model.

