Home

Aurora Feint App Collecting Contacts Info, Says It's For Community Features Only

Submitted by Edward Kirk on July 22, 2008 - 1:32pm.
in

We've already seen one app with apparent privacy issues that has fortunately been fixed, but now another one has come to our attention that has people wondering just how safe their contacts' information really is. Aurora Feint, a game available in the App Store, collects the information in their contacts and stores them locally in a file on the device.

Someone at Hwrms's Tech Blog has found that Aurora Feint collects the personal information stored in the contacts kept on the device. While the game is running, it goes through and collects contacts and stores them in a directory. He found this by downloading and running the software on a jailbroken phone, creating dummy contact information, and then running the game for a while again to see if it collected it.

Then, to check if it had indeed been collected, he used OpenSSH to access the iPhone directory and went to /private/var/mobile/Applications/*****(Randomly generated code with iMmo.app in it)/Documents and found a file named iMmoAccountData, which he downloaded to his computer and opened with a text editor. Shockingly, the very information he created was found in the text file.

Since then, the makers of Aurora Feint have posted a privacy statement (check it out here)on their page saying that this information is only stored in that file locally on your iPhone as part of a community feature:

This data is sent to our web servers when you press "Refresh Your Friends" on the community page. It is used ONLY to find other players who you know that have opted in to the community feature of Aurora Feint. This data is NOT saved on our web server. It is saved locally on YOUR iPhone so the game can optimize fetching that friend's data in the future.

They do note that if you explicitly enter your email and phone number in their community tab, then that information alone (not the file) is stored in their web servers to make it easier for other people to find your character and compare stats.

Whether this is true or not, the fact that they have the ability to abuse this information is extremely disconcerting. This is the second time we've heard about an iPhone app potentially abusing the privacy of the contacts stored on the device. With all the talk about the limitations of the iPhone SDK, I have to wonder why Apple didn't do something so obvious as to block off access to contacts for third party apps. My sincerest hope is that Apple will soon do so.

[via Hwrms' Tech Blog]

Submitted by Spacey on July 22, 2008 - 1:57pm.
That's a bunk answer. Why would they store something locally (that never gets to them) if it helps the "community"? That's a contradiction. Morons.

Submitted by Stephen007 on July 22, 2008 - 2:16pm.
Quote:
Originally Posted by Spacey View Post
That's a bunk answer. Why would they store something locally (that never gets to them) if it helps the "community"? That's a contradiction. Morons.
I too thought their answer could have been clearer. I took it as we only save the information that you type in on our server but we upload temporarily (my words, not theirs) all the info to help you look for contacts but then don't save it.

I am also a bit disconcerted that there isn't a restriction on the contact info. I could see that feature working exactly like the Location feature with the GPS where it asks you one time... "is this okay"?

No...

Submitted by fearcake (not verified) on July 22, 2008 - 2:56pm.
Quote:
Originally Posted by Spacey View Post
That's a bunk answer. Why would they store something locally (that never gets to them) if it helps the "community"? That's a contradiction. Morons.
Spacey you are the moron. read what was typed. it is STORED on your iphone and is sent to their website on an opt in basis only for thier community feature. The do NOT keep any of that information on their web servers. It is only on your device that the information is stored.

Submitted by fearcake (not verified) on July 22, 2008 - 2:58pm.
Quote:
Originally Posted by Stephen007 View Post
I too thought their answer could have been clearer. I took it as we only save the information that you type in on our server but we upload temporarily (my words, not theirs) all the info to help you look for contacts but then don't save it.

I am also a bit disconcerted that there isn't a restriction on the contact info. I could see that feature working exactly like the Location feature with the GPS where it asks you one time... "is this okay"?
Agreed ...they should ask if you want to use this info and if not then not create the file. It is very close to being over the line.

Submitted by Unregistered (not verified) on July 22, 2008 - 3:17pm.
Wow, disturbing. I am removing this app immediately and posting a bad review on the app store. This is rediculous!

Submitted by Spacey on July 22, 2008 - 3:39pm.
Quote:
Originally Posted by fearcake View Post
Spacey you are the moron. read what was typed. it is STORED on your iphone and is sent to their website on an opt in basis only for thier community feature. The do NOT keep any of that information on their web servers. It is only on your device that the information is stored.
Yeah, you're right, I'm a moron. My point was that they're sneaking something in and by clicking "refresh your friends" you're opting into something they should have told you about in the first place. They're already collecting that info on your phone and storing it. So if you accidentally press that button the get the data.

Submitted by Unregistered (not verified) on July 23, 2008 - 2:49am.
well I deleted the app then tried to find it in the app store to tell others via the reviews section to no avail apple has already taken it down

Submitted by Danielle Cassley (not verified) on July 23, 2008 - 4:19pm.
As one of the developers on Aurora Feint let me say that the community feature was built with innocent and pure intentions.

Please visit our privacy page (aurorafeint.com/privacy.html) for a full disclosure and explaination. As a brief summary we utilize contact data on an opt-in basis to connect users with the people that they know. We do not store contact data of relationships between people on our servers. The infamous file that is referred to caches data about your contacts as a client side optimization to us not storing the data remotely.

With this said we understand that the community feels some discomfort with the implementation. We are currently working with the community to rebuild this feature in such a way that the community feels comfortable. Please visit our forum to become involved in this discussion and help improve Aurora Feint. Also feel rest assured that we are taking this very seriously.

Thankyou
Danielle
aurorafeint.com