You can see it here at : http://i-phone-home.blogspot.com/

Further to this, I maintain a hosts entry, present a breakdown of each applications traffic and even run a Cydia repo which keeps you up to date and install’s a host file specifically to block this type of traffic.

If you are concerned, do take a minute to read the blog and spread the word. We have had some marginal success also, after some discussions with one of the Top25 iPhone App developers we were able to convince them to remove PinchMedia from their applications.

Cheers
0th3lo

A database should be created to showcase the apps that are using this disgusting technique. I had 2 apps on my iPhone with this garbage in it and I removed them.

Then I reinstalled one of them, and I’m hacking the sqlLite database to send up garbage information. Hell I’m considering making a JB application that garbage-fies the sqllite databases, skewing all the data to complete uselessness.

I despise companies like this.

(b) Apple may provide certain services through your iPhone that rely upon location information. To provide these services, Apple and its partners may transmit, collect, maintain, process
and use your location data, including the real-time geographic location of your iPhone. By using any location-based services on your iPhone, you agree and consent to Apple’s and
its partners’ transmission, collection, maintenance, processing and use of your location data to provide you with such services. The location data is collected in a form that does
not personally identify you. You may withdraw this consent at any time by not using the location-based features. Not using these features will not impact the functionality of your iPhone.

source : http://images.apple.com/legal/sla/docs/iphone.pdf

Your spyware is unacceptable. Your explanation fails for the following reasons:

1) Web site stats about a visitor is info a web server already knows about so it’s pointless trying to draw this analogy. The visitor IP, the pages they view, the browser they’re using, their resolution and so on is immediately available to the web server. Javascript is usually used if the stats software is running on a different server, but this is a behind the scenes convenience to save the site owner installing the stats on their own server. If they installed it themselves then Javascript isnt needed. The point is, this is info passed to the server by default.

2) If this is for aggregated info only, why is the lat/long sent precisely? Restricting it to the nearest 100m for example at the very least before it’s passed to your server is not hard to do. Many decent location aware social apps do this.

3) The device identifier is private info and you have no right storing this on your server without the user’s consent. An app developer using your service only need concern themselves about stats for their own app, not about others apps on the same device. Therefore you do not need a unified identifier for this and you don’t have to worry about the technicality of sharing the same ID between apps either. The only thing you have to identify is the app instance itself. For this, the first time the app is run, it sees it has no ID assigned so requests one from your server. This is all you need to do. There is no reason or excuse beyond this.

It shouldn’t take mass action to force you to fix these things. If you really cared about user privacy, which is absolutely key in a service like this, you’d have done it upfront.

Your spyware is unacceptable. Your explanation fails for the following reasons:

1) Web site stats about a visitor is info the server already knows about so it’s pointless trying to draw this analogy. The visitor IP, the pages they view, the browser they’re using, their resolution and so on is immediately available to the web server. Things like cookies passed via JS just help the server link stats together (with HTTP being a stateless protocol).

2) If this is for aggregated info only, why is the lat/long sent precisely? Restricting it to the nearest 100m for example at the very least before it’s passed to your server is not hard to do. Many decent location aware social apps do this.

3) The device identifier is private info and you have no right storing this on your server without the user’s consent. An app developer using your service only need concern themselves about stats for their own app, not about others apps on the same device. Therefore you do not need a unified identifier for this and you don’t have to worry about the technicality of sharing the same ID between apps either. The only thing you have to identify is the app instance itself. For this, the first time the app is run, it sees it has no ID assigned so requests one from your server. This is all you need to do. There is no reason or excuse beyond this.

It shouldn’t take mass action to force you to fix these things. If you really cared about user privacy, which is absolutely key in a service like this, you’d have done it upfront.

What about everything/everyone else?

-Do you guys always pay with cash instead of credit cards?
-Do you avoid using an ISP to get online?
-Do you avoid making calls on your cellphones?

Data is being created and retreived, whether you like it or not.

Most websites, regardless of you having an account there or even having a chance to read the TOS/Privacy Policy, are logging your IP Address and creating cookies to keep track of you. No one is complaining about that?

Is anyone writing to Google to notify them that they don’t like the idea of Google not providing an option to prevent their IP from being logged or a cookie being set? Sure, if you have an account, there is an option to disable the saving of your web history…but is there really? or is it more like an option to just prevent you from seeing it to give the sense that it is not being recorded?

The bottom line is you are pretty much always creating data somewhere nowadays, unless you live out in a cabin in the woods without electricity etc….heck even then google maps might spot you?

The internet is much like being in public, you can be watched, monitored and bla bla bla, you may not like it, but you can’t do much about it but there are simple things to do to prevent how easy that information is accessed.

My computer usage and iphone usage is a different matter, they are my private places, what I do on my computer is no one elses business, I don’t care what they think they can do, if I don’t want an app contacting anything, I wont let it.

Same thing on my iphone, its my private place, what I do and when I do it is no one elses business, let alone some third party AND without me knowing about it.

Shameful that this has happened, hopefully it’ll be stopped quickly.

I would love a way to know which apps are using this spyware so I can remove it and leave a rude review.

We need a list