An exec with the analytics firm that "pissed off" Steve Jobs so mightily that the Apple CEO banned all such data-gathering software has said that Apple's concerns were more about secrecy than privacy. "I think where we've gone afoul potentially is [about] just what Apple would prefer us to share and not [to] share with the …
The Fruity Führer will conquer all (and if he does i'm buying a Abacus factory)
I miss Bill Gates!
Errrmm, what about the *users*
The discussion seems to be only about what Apple wants to keep secret. And Flurry is talking about how they shouldn't have done what they did -- reveal information about devices inside of Apple.
No one in the story had the slightest concern about what information was being gathered about the users of the devices. Are they just the suckers ^W users?
Re: Ermmm, what about the *users*
You are right, Flurry seems to insist that the problem was precisely the release of secret information, but Apple made it clear that user consent is required for this sort of tracking.
I am interested to find out what is Apple's response to this. The CEO of Flurry seems to also have built himself up very high, as if to say "Apple needs us, so they'll comply." I'm not so sure about that. Especially if Mr. Jobs throws another tantrum.
what about the users?
The analytics that Flurry provide to software developers include things like, 90% of your application users are iPhone 3GS devices. or 20% are still running iPhone OS 2.x.
Now that there are significant hardware differences between the original iPhone and iPhone 4 (and those in between) and there are still users running very old versions of iPhone OS, it makes sense for software developers to be able to understand what features to include in you app, whether to continue support/testing for iPhone OS 2. Whether you can really rely on that 512MB of RAM that the iPhone 4 has, or whether you should really stick to the 128MB in the original iPhone, iPhone 3G, iPod Touch etc.
It isn't about tracking individual users, or spying on them, it's about understanding how your application is used etc so you can make it better for them. So actually, it's to benefit the users.
In the case of Apple, Flurry probably found some unusual device IDs coming up - something which (non-Jailbroken) users aren't able to modify themselves, suggesting that some new devices were being used. Combining it with the location information helped them to give some certainty to it being Apple who were doing it, not someone changing stuff on a Jailbroken phone.
That was probably wrong on their part - as they did provide identifying information - identifying the organisation, rather than the individual - to the public. But that actual intention of their analytics is to give developers the information they need to better target their applications to their users.
That may be what their customers see...
but I doubt they (Flurry) collect a lot more. Like you say yourself, combining device IDs with location data. How can I as a user see what data they collect? Can I review their source code? Can I opt out? Can I block it?
And what the h*** are they collecting the location data for? It's got nothing to do with making the apps better.
Location data could be anything from IP address, which can then be mapped geographically, to GPS data. I suspect it's the former.
Knowing where in the world your app is being used can help you determine whether you should localise it for those users - giving them messages in their native languages, or displaying currencies, or number layouts. Why bother adding Swahili to your app, unless there a large user base in locations which speak that language.
Technology SO advanced that the user has become totally irrelevant.
After all, what do users actually DO, anyway?
That strikes me as a little bit "chicken and egg". You need to know location data to decide which languages to localize for, but unless you've already localized for that language, the only users will be those who understand a language that's already supported.
OS version and (non-unique) device details are all fine and dandy, and very useful information to have as a developer. Anything uniquely identifiable (GPS coords + time, IP address + time) is out of bounds as far as I'm concerned because it *can* be used to ID an individual user.
Re: location data
>> "Location data could be anything from IP address, which can then be mapped geographically, to GPS data. I suspect it's the former."
Wrong. The problem is that the application requests access to location services for its functions, and the Flurry code uses this to send geo-location information along with the rest of the identifying information.
Like someone else said above, the user has no control on what data is collected, how it is collected, and for what purpose.
Why, they spend money
And we can help them to spend *even more* money if we have good aggregate statistics on our installed user base.
Ever hear of a private "test network"? It's one thing to do live fire testing on things that are in the final stages of beta testing, just before being released to the public. It's yet another to allow prototype devices (that may or may not see the light of day) to access the internet. That's either really poor policy or even shittier network security. And one would think that if THE manufacturer of said devices wanted to conduct live fire testing, they would at least consider tweaking certain values in the os or firmware, to disguise such a new device.
Sometimes I swear Apple is filled with some of the dumbest smart people I've ever known.
Please explain how one is meant to gauge performance across a range of public sites and net-connected applications by using a "test network"? You think Apple should be running an entire duplicate of the internet on 192.168.x.x?
Much as I love to slag off Apple
and that IS a lot, if they're bringing out a new device they're best off to, you know, test it properly. In its (potential) final configuration, as it'll be sold.
Though given the iPhone4 aerial thing it's apparent that Apple don't do MUCH testing.
.. it's called a proxy.
Big, big, secfail for thinking proxies are a solution.
Uh yeah .. it may surprise you to know that companies far smaller than Apple build test networks for precisely this purpose as part of their development process.
Scalability is harder than functionality. Ask phorm
Duplicate the entire internet? Proxies? Why does it have to be so difficult? Am I alone/wrong in wondering why they didn't just spoof the user agent string?
Nice job(s). You confirmed what we all knew already.
"It all boils down to Apple keeping secret the secrets Apple wants to keep secret."
As I asked in my post http://forums.theregister.co.uk/post/780503 ... who runs Apple's campus security? It's either Apple's marketing allowing it on purpose, or Apple's corporate security is shit. There are no other options.
Either way, I don't trust 'em.
No way, Jose
"...they're getting developers to put their software in their apps and their software is sending out information about the device and about its geolocation and other things back to [insert data pimping service of choice]."
Which pretty much sums up why I won't be going near an iPad or any other device with the same privacy busting stench for the foreseeable future. Apple may squeal now, but I suspect it's going to be running a nice little sideline in user metrics and probably doesn't appreciate the competition.
But the real kicker was an especially unpleasant image of Rupert Murdoch (in full 'avarice' mode) that accompanied an article quoting him on why he loved the ipad. The look on his face said it all; this distinctly closed device is going to be every data pimps wet dream on steroids. I would guess that not only can Rupe tell what pages you read in the Scum, but where you were, what colour your shirt was and whether you said dissed him at the same time.
I'm not usually a tinfoil hatter, but I've really had a gutload of being an unwilling/unwitting profit centre for some scented marketing tosser with an ego the size of a small planet and a conscience rather smaller than Stalin's.
Should have known better
So Farago 'finds out' that Apple are testing some new device 'on their Cupertino campus'. So that's essentially like peeking at something on a company's factory floor.
They work with Apple all the time so they know the score when it comes to releasing information on unannounced products i.e. it's verboten and it will royally piss of St Jobs. Never mind the (lack of?) security aspect, Farago really should have known better than to release this information to the press.
Unless of course, he wanted the publicity to promote his company... Surely not.
Subsitute 'Microsoft' for Apple and 'Bill Gates' for Jobs and I think you'd have exactly the same result (or A. N. Other company and CEO).
While I agree that software should ask the user before phoning home with information like that, it's not exactly a new thing. Any website using Google Analytics (or even just the server HTTP log) will collect information that potentially identifies things like my OS version, which has been used to piece together evidence for a new device before now. Every email that gets sent identifies the mail client and version number which can also be a pointer that something new is out in the wild.
All of this stuff is usually picked up by individual bloggers/rumour sites. What I think caused the explosion in Cupertino was the use of geolocation data and the idea of a commercial company collecting and passing information on in this way.
Hole Hotler !
I predict that if everyone starts reading the EULA's demand for Abacusses (Abaci ?) will rise dramatically.
Or Linux, which is basically the same but requires more maintenance !
It's in the EULA...
Normal business is beginning to stink.
So you have secret information about a company (that your business depends on in some way). You know that this company is very secretive (and petty), yet you go and publicise to the world this secret that you know about them.
And then you wonder why they are upset with you?
Say that again?
"...rely on Flurry to build better product..."
Yeah......right......... I'm guessing that it makes more sense if you: s/better/more lucrative/
I would say that His Steveiness has a point here in that there's no need for this sort of parastic siphoning off of one's data to be pored over by third parties so that they can annoy you more effectively. Since iAds is allegedly supposed to do pretty much the same thing however, he's just a two-faced git......
what a wanker
@AC re: jobs is a wanker
Better than being a coward. Interesting, though, one is based on hearsay, the other on direct observation.
Seems that Apple was Blind on this one. When a company surprises you the first question you should ask is 'can we buy them?' Apple needs its own Analytics system if it is going to push ads, so why not integrate and open the process, Why would anyone run a company collecting data the was freely available from Apple?
Haha! That Steve Jobs! He's such an egomaniac idiot! No wonder no body wants to buy any products he's involved in! It's that sort of carry on that has seen Apple failing so badly of late! Oh no, hang on...
This is astonishing really
And interesting, in the light of the recent report on what's on the Android marketplace, and the potential for security problems there. Google don't have the same control-freak ways as Apple and your article contrasted this with Apple's 'locked down' App store.
Yet that isn't true, and this case proves it. I believe I've read reports before where Apple have said they don't test every app for bugs, or to make sure it does what it says it does and no more. Do they even do much testing on whether it complies with their own licence agreement - see all those WiFi apps that used undocemented APIs but were allowed on for years? I'm wondering if all they do is check that the developer has filled in the forms saying they've complied, and run the app once for luck...
Here's a company with a system that phones home without asking user permission. It breaks Apple's developer agreement, it's tracking users' location as well as who knows what other personal data and it's in lots of developer's code. And Apple only spot it (or care about it) when it upsets their marketing plans. It's a shocking "Sod the customers so long as we're happy!" attitude.
This is a failure for so many reasons:
1. They didn't pick this code up when the programs that use it were submitted to the App Store.
2. Or they did, but didn't care.
3. If they didn't they failed to have enough of a clue about what was going on in their developer community to spot that a company was providing this service. I'm sure it wasn't kept secret.
So their testing fails, their security fails, their knowledge of their own developer community (now vital to the survival of the company) fails, and their management fails for not seeing the implications of any of the interconnected failure in this area - oh and for actng like petulant 4 year-olds rather than adult business people.
It's lucky for Apple that they're getting such a free ride from the media at the moment as this could have been the start of a huge PR disaster if anyone asked the right set of questions. They only need to look at Google for how fast media-darling can become media-hate-figure.