Jan 202010
 
Authors: Ryan Gibbons and Glen Pfeiffer

If you think of the current hot commodities out there on the market, you might think of Jonas Brothers tickets or some type of sandwich which Miley Cyrus may have endorsed.

We’re guessing “user data” is not one of the things that comes to mind, but companies want it badly. And it’s really rather valuable, like a platypus that can use a divining rod.

Plenty of people out there harvest some of your user data with a passion, with Google being one of the primary offenders. Google saves everything about you it can, down to every search you make, which tied to your computer’s IP address and your physical location.

Luckily for us, Google has been a good boy and only ever released this information when faced with a court order.
Meanwhile, jokes abound about Google using its vast database of information to take over the world.
Now, before you get too mad, you should know that collecting all this information is generally used to make your Internet experience better. Web sites can cater it’s content by location (you’ve seen the ads for sexy singles in Fort Collins).

Google can make its ads better by looking at search patterns. And it can make for some really pretty demographic charts. We may or may not have a fetish for these types of charts.

We Binary Boys recently did some investigating into possible illegal data harvesting targeting iPhone owners.
Forrest Heller, who we have mentioned before in our column as an iPhone app developer, informed us that he had figured out that it was possible to program iPhone apps to secretly send information from the phone owner’s phone back to the developer.

Such information includes the names, phone numbers and e-mail addresses of everyone in the owner’s contact list.
This practice would, of course, be illegal if it were happening. Knowing it is possible to steal this data easily, we realized that the developers of some free iPhone apps might not be getting as astoundingly rich due to advertising revenue only, as appearances would suggest.

They could be illegally harvesting your data to sell.

We decided the probability of some developers to be engaging in this type of nefarious scheme was high enough to be worth looking into. Our friend Forrest devised a clever way to monitor all the data that was being sent from an app on one’s iPhone back to the developer.

In the simplest terms we can explain it, we ran a version of the Linux operating system on Ryan’s computer normally used for testing the security of a system.

Forrest performed what is called a “Man In The Middle” attack, where we were “in the middle” between the iPhone and Internet, monitoring all the data that was being transferred between the phone’s WiFi connection and the Network Interface Card of Ryan’s computer.

We were able to see exactly what information was being sent by an app that we opened for the first time on the phone back to the developer.

We tested a variety of free apps and found that most information being sent back, such as the location of the phone and what buttons within the app were pressed after it was opened, was relatively harmless. This type of data can be used to improve the app.

It’s not as dramatic an ending as uncovering a large black market in iPhone user data, but we feel the developers of these apps deserve praise for not falling prey to this easy scam.

Of course we were only able to test a few dozen developers, and maybe there is a bad egg or two out there. But we were happy to discover nothing to be afraid of.

So three cheers to iPhone app developers for leaving our data alone.

Columnists Ryan Gibbons and Glen Pfeiffer are looking forward to Apple’s Jan. 27th event. What will they release? Send letters and feedback to verve@collegian.com

 Posted by at 6:07 pm

Sorry, the comment form is closed at this time.