Thursday, 23 October 2014

Private Apps Are Watching You

Jonathan Zdziarski, a leading security expert with significant expertise in the Apple eco system, wrote his observations after taking a quick look at the Whisper app for the iPhone. By now you probably know that Whisper, an app meant to fill the niche for secretive social media, is the exact opposite. What I found interesting is how the app accomplishes this, as revealed by Zdziarski.
First, note how the app creates a unique ID for the user's device. Unlike anything else so far that may have been used to identify you on the Internet, such as an IP address, there is no plausible deniability here. This identification pinpoints the exact device, regardless of whether you are trying to use VPN or TOR to obscure your identity. Nothing that we can access through a web browser has the ability to achieve this without inflicting severe malware; this is, therefore, a significant “achievement” for apps. 
Second, note the casual way in which the app demands to know your exact location, even though nothing it can offer really needs anything finer than rough. Let us recall that an IP address alone is enough to identify one’s location already. This spells contempt for the user on many grounds, starting from disrespect for battery life and moving on to disrespect for their privacy. All for unnecessary reasons.

OK, you may not have heard of Whisper before and may definitely not be interested in using the app. Fine; I’m not interested in it, either. That does not mean other apps you are interested in do not pull the same tricks. I already noticed certain freemium games, such as Godus, having the uncanny ability to remember where we got to in the game despite device resets, restorations and iOS upgrades. We already know Rovio collects such information about its Angry Birds users, so much so that the mighty NSA had decided to tap into their databases.
The lack of attention society pays to such abuses of privacy mean app developers feel as if they have the mandate to push further through. I suspect that by the time we wake up it will already be too late.

Image by Tim@SW2008, Creative Commons (CC BY-NC-ND 2.0) licence

No comments: