A federal grand jury has subpoenaed online radio service Pandora for documents related to the privacy of smartphone apps it offers for Apple's iPhone and Google's Android operating system. The document demand, which was made earlier this year, was part of a larger set of subpoenas issued on an industry-wide basis to publishers …
Try this yourself
Grab a copy of Fiddler (http://www.fiddler2.com/) and install it. In your iPhone edit your wireless network and add the IP of your Fiddler installation and port 8888. Now all your iPhone's network traffic can be monitored in real time. Start up an app and see what you get.
For example start up Angry Birds. Notice how it sends an http request to http://data.flurry.com/aap.do. Flurry is an analytics company. The request includes the version of Angry Birds, your phone's unique ID (UDID), which levels you've been playing, how many birds you used, which options you tapped on, which promos you've looked at and so on. It includes some encoded data strings which could be capturing anything.
So far that's just a device. Now look at the free Bloomberg app. It also uses Flurry and also sends the same kind of data to the same URL. It includes the phone's UDID, which stocks you looked at, which screen options you tapped on and so on. Lots of apps use Flurry, and that's just one analytics company which happened to stand out in the analysis. I'm not picking on them and they no doubt provide a valuable service. I'm just concerned to know where I fit into it, after all it's my data they're building up.
I've not got an Android phone so if someone wants to try it and report back it would be useful, I expect the same apps send the same data regardless of platform.
If you want to monitor any secure traffic switch on https decryption (Tools / Fiddler Options / HTTPS / Decrypt HTTPS traffic). This makes Fiddler act as a man in the middle proxy, so you will get certificate errors but can see all the data in the tunnel.
One more thing
I forgot about a setting you need in order to enable remote access for the iPhone:
Tools / Fiddler Options / Connections / Allow remote computers to connect
the article forgets to mention the harvesting of contact lists on iPhones by applications like Fring. No prompt, nothing. With other apps you may get prompted, but the warning comes from the application itself if the dev was kind enough to implement it. There's no protection at device/OS level whatsoever.
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs
- Episode 4 BOFH: Oh DO tell us what you think. *CLICK*