I just read an interesting article by the Dev Team showing that some applications available in the App Store are spying on you, tracking your personal data and reporting this information “home”.

The apps in question are applications using Pinch Media, a mobile analytics company that aims at helping developers figure out how their users interact with their apps (ie. how long they spend on the app every day, is it accessed over 3G or wifi, etc…). Apparently, apps that use Pinch Media are doing much more than reporting your interactions with the app and go as far as tracking the following information:

  • iPhone’s unique ID
  • iPhone Model
  • OS Version
  • Application version (in this case, camera zoom 1.x)
  • If the application is cracked/pirated
  • If your iPhone is jailbroken
  • Time & date you start the application
  • Time & date you close the application
  • Your current latitude & longitude
  • Your gender (if Facebook enabled)
  • Your birth month (if Facebook enabled)
  • Your birth year (if Facebook enabled)

Pinch Media says the company is no spyware as it requires YOUR approval to track the data, but as the Dev Team explains:

Being an approved app, it must first ask you for permission to use your location. If you tap “Don’t Allow”, it will ask you again in about a minute, the next time its ad changes. So you either stop using this app (because it pesters you so much about the location question), or you finally submit and tap “OK”. From that point on, your location and path info (your actual physical path through your area each time you launch the app) belongs to Pinch Media, Inc. We think that’s a Pinch too much.

I don’t know how concerned you are about your privacy and I assume most people wouldn’t care about that. Although the data being recorded is anonymous, I am not necessarily excited about a company that doesn’t disclose what type of data is collected, and more importantly, how this data is used.

What do you think?

  • Bob

    How can I tell which apps use pinch media so I can delete them?

  • You can’t tell!

  • Carlos

    so basically any app that ask for location more than once 

  • magma9495

    i thinks it bull, they shouldnt be allowed to do any of it without the app asking us first, this is one of the reason cracked apps come in handy, want to track my info? fine i wont pay for the app. Simple as that

    • but they can even track if you have cracked the app 🙂

      • magma9495

        so? i didnt pay for it, so i screw them out of their money for wanting my info, thats the way i think of it :p

  • I did an interview with Greg Yardley from Pinch Media this past Monday. His company is one of the ones that provide analytics (some call spyware) for iPhone apps. You can listen to his side of the story and what he had to say to some of our questions at http://www.theappshow.com/2009-08-18-the-app-show-episode-36-are-your-iphone-apps-phoning-home/

  • DavidG

    Should this headline read “Pinch Media Is Spying on You” to not only reflect the true culprit but to ensure that, as the headline is replicated in various RSS feed consolidators, people become familiar with this name and learn to avoid its apps?

    • @DavidG – you’re right but most people don’t know what Pinch Media is and I don’t think it would attract as many readers. This way, I can captivate their attention and tell them all about it.

  • Polemicist

    What are the IP address’s and domain names of Pinch Media and other spying sites?

    Add them to the HOSTS file on your hacked iPhone and no more calling home. 🙂 (Please note that if you have installed Installous then the Hackulous security will have already put some entries in there).

    File you are looking for is /etc/hosts

    In it you might see things like this

    91.121.24.50 appulous.org

    and a lot more than that…

    This points your phone at the IP address when you try to goto the appulous.org website (those sites are fake pirate hating sites)

    All you need to do is look up all the names or the IP’s (or domain names) of the pinchmedia site and point it at your local IP like this –

    127.0.0.1 75.101.134.218
    127.0.0.1 75.101.153.25
    127.0.0.1 75.101.161.93
    127.0.0.1 75.101.161.94

    And then add any other IP or domain name you really hate … Then learn how to save that HOSTS file to your mobile correctly. I’m not gonna explain that just google it…

    Enjoy…

    • Polemicist

      Oh and Sebastien you can tell if you know how to use things like TCPDump and such. 🙂 It’s called being paranoid. You should see the size of my old hosts file. It was huge. I added every single domain of every single app I installed. It was fun. Don’t trust anyone (even the free appz – actually especially the free appz)

    • All this sounds like Chinese to me but if you feel like it, maybe you can write a detailed article on how to do this and I will post it on the blog, giving you all the credit for it of course.

      • Polemicist

        Why reinvent the wheel…

        http://www.xsellize.com/showthread.php?p=228784

        Dunno if the dudes from xsellize will like me linking to it but delete this comment if you feel it needs to be removed and reference their material. with appropriate permission etc. They posted this new version a day ago. 🙂

        Just don’t forget to copy the hosts file into the etc directory overwrite it and then log in using SSH (info on SSH is on front page of Cydia) and change the permissions to 0755 then REBOOT your mobile.

        Please note that it must have those permissions. I’d do up a complete walk through but it is 23:10 and I need to pass out. 🙂

        Enjoy…

      • Polemicist

        Opps not xsellize it is http://i-phone-home.blogspot.com/2008/01/compiled-application-list.html

        And people running SBSettings need to read the comments section…

      • Polemicist

        I take it all back… I just did this with only the SBSettings change and the SBSettings toggle and it worked PERFECTLY…

        http://xsellize.com/showthread.php?t=54181

        On my mac just used Terminal to do the Unix based stuff and PhoneView 2.2.1 to dump the files in the folders (it’s easier than using a shell)

        I’m blown away with the extensive list. If you want to read it yourself just open the HOSTS file that is shared in the link.

        To test if it works try going to one of those sites (after phone reboot) using Safari on your iPhone. It will pop an error up.

  • I think that with this new iphone, spying will be easier than it was before. locating your phone if it is stollen or hidden is a great idea ..

    • I agree with you. This new iphone spy application is really have the most advance and powerful spy features like GPS location tracking, videos and photos logging. its such a amazing spy apps.