A few weeks ago I purchased an iPhone 3GS 32 MB smart phone. Although I’ve been a Treo user since they were invented, it was time to change. Although the battery life is totally unacceptable and requires an external battery (I use the outstanding mophie juice pack air), imagine my surprise while reading the News that a number of sites have alleged that some applications for the iPhone which Apple distributes, contain Spyware.
I flashed back to 2006 and all the great work that a talented and dedicated group of Geeks had done to expose Spyware on the Web and dramatically impact it’s distribution and insure that the regulators took appropriate action. Although I took a great deal of pride in helping to expose Dale Begg-Smith as a Spyware low life and with my help and that of others, his Olympic Gold medal was tarnished and the mainstream Media roasted him during and after his Gold Medal Ceremony.
The first article I found is a very detailed and technical piece titled: Pinchmedia: The Anatomy of a Spyware vendor Please insure that you read the entire article and all the comments.
Some extracts:
Once an iPhone application is pinchmedia enabled, on every execution of the application the following information is stored in a local SQLlite database:
- iPhone’s unique ID
- iPhone Model
- OS Version
- Application version (in this case, camera zoom 1.x)
- If the application is cracked/pirated
- If your iPhone is jailbroken
- time & date you start the application
- time & date you close the application
- your current latitude & longitude
- your gender (if facebook enabled)
- your birth month (if facebook enabled)
- your birth year (if facebook enabled)
Once the application has stored the data, it will attempt to send this information back to the pinchmedia servers. In most cases this is done every-time you open & close a pinchmedia enabled application.
Your data is continually tracked, pinchmedia applications do not take just one sample, they will record every use of the application for the life of that application on your phone. When finally you do have a connection, this information is sent automatically from the application.
Next, I visited the mainstream press for an article authored by Yobie Benjamin for the San Francisco Chronicle titled iBigBrother? iPhone privacy issues may interest FCC and FTC Please insure that you read the entire article and all the comments.
Some extracts :
The iPhone may have much bigger privacy issues and you might not be able do a damn thing about it – because Apple won’t let you or at least that’s the claim of some software vendors that build tools to allow iPhone app developers to track some (…or maybe all) of your iPhone activity.
For the most part, if you like your privacy – there is no opt-out feature unless you have a jailbroken/unlocked (more later on this) iPhone.
In the case of another iPhone application called Camera Zoom which is also PinchMedia-enabled, the app stores the following information in an SQLlite database (you get to provide PinchMedia a free database server on YOUR phone) in your iPhone:
- iPhone Model
- OS Version
- Application version (e.g. Camera Zoom 1.x)
- If the application is cracked/pirated – potentially a way to sue you for violations of the Digital Millennium Copyright Act
- If your iPhone is jailbroken
- time & date you start the application
- time & date you close the application
- your current latitude & longitude
- your gender (if facebook enabled)
- your birth month (if facebook enabled)
- your birth year (if facebook enabled)
First of all what the heck does your location, birthday and sex have to do with camera zooming? Camera Zoom does not even tell you anything on their web site. But I digress. A dozen or so rows of data are created in a mini database on your iPhone. How would you like it if someone decided to install a database on your personal computer without you knowing?
Conclusions and my promise to you: Something is fishy in Denmark. 
Having been deeply involved in Spyware research, some of the third party responses just don’t hold water with me. For the moment, I’m going to be polite and term the two well written articles as allegations BUT my sense of the issue is that in fact, Apple distributes Spyware enabled applications via their iTunes Apple store. I promise to personally investigate this issue, use all my contacts and resources to validate or disprove these devastating allegations.