Aurora Feint App Collecting Contacts Info, Says It’s For Community Features Only
We’ve already seen one app with apparent privacy issues that has fortunately been fixed, but now another one has come to our attention that has people wondering just how safe their contacts’ information really is. Aurora Feint, a game available in the App Store, collects the information in their contacts and stores them locally in a file on the device.
Someone at Hwrms’s Tech Blog has found that Aurora Feint collects the personal information stored in the contacts kept on the device. While the game is running, it goes through and collects contacts and stores them in a directory. He found this by downloading and running the software on a jailbroken phone, creating dummy contact information, and then running the game for a while again to see if it collected it.
Then, to check if it had indeed been collected, he used OpenSSH to access the iPhone directory and went to /private/var/mobile/Applications/*****(Randomly generated code with iMmo.app in it)/Documents and found a file named iMmoAccountData, which he downloaded to his computer and opened with a text editor. Shockingly, the very information he created was found in the text file.
Since then, the makers of Aurora Feint have posted a privacy statement (check it out here)on their page saying that this information is only stored in that file locally on your iPhone as part of a community feature:
This data is sent to our web servers when you press “Refresh Your Friends” on the community page. It is used ONLY to find other players who you know that have opted in to the community feature of Aurora Feint. This data is NOT saved on our web server. It is saved locally on YOUR iPhone so the game can optimize fetching that friend’s data in the future.
They do note that if you explicitly enter your email and phone number in their community tab, then that information alone (not the file) is stored in their web servers to make it easier for other people to find your character and compare stats.
Whether this is true or not, the fact that they have the ability to abuse this information is extremely disconcerting. This is the second time we’ve heard about an iPhone app potentially abusing the privacy of the contacts stored on the device. With all the talk about the limitations of the iPhone SDK, I have to wonder why Apple didn’t do something so obvious as to block off access to contacts for third party apps. My sincerest hope is that Apple will soon do so.
[via Hwrms' Tech Blog]