Bitdefender’s Clueful iOS App Pulled From App Store

| News

iPhone with an eye peering through a keyhole on the screenThe Clueful app is no longer available on the App Store. Bitdefender’s app that scanned other installed iOS apps for their use of permissions and personal data had a brief two month run before being pulled off the virtual shelves.

Clueful was developed to address the issue of iOS apps using personal data in ways unbeknownst to the user. Between “locationgate” and the uploading of Address Book data, knowing what your apps are doing with your data seemed like a good idea. Bitdefender rose to the challenge and developed Clueful to analyze your apps and determine what data was being accessed and how it was being used.

In a statement Thursday, Bitdefender’s Chief Security Researcher Catalin Cosoi said, “While most app developers use this information for legitimate purposes, others might not. Clueful was the best way for iPhone owners to know the difference. While Clueful remains off the App Store, we are working hard toward understanding why our app was removed and to develop the app to improve its chances of staying there.”

The issue of data tracking seems to be something that Apple has recently taken to heart as reports have surfaced of the company developing its own tracking tool. UDID codes had been used by some developers in the past for tracking their own apps, but this is now frowned on by Apple and will get you rejected from the App Store.

Clueful hit the App Store after this UDID lockdown, so the change in rules likely doesn’t account for the change in Clueful’s status.

Before its takedown, Clueful managed to analyze over 60,000 apps. Bitdefender said that it found that 42.5% of them do not encrypt personal data, even when sent over public wi-fi, and 41.4% can track location, plus almost 20% can access your Address Book, including sending it unencrypted to the cloud.

Bitdefender did not specify the reasons given for the app’s rejection, but did say that it was looking into the situation and was hoping to get the app back on the App Store.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

1 Comments

webjprgm

My immediate thought was that if it was checking out all your other apps it must be using some back door that Apple found out about.  But their FAQ says this:

Clueful looks at what apps are on your iPhone and then fetches privacy details about them from the cloud (which is why it needs to have an Internet connection). Apps are analyzed at the Bitdefender Labs, not on your device. The results are made available in the Cloud, for every Clueful user to have instant access to the information.

That seems at odds with the statement from the article that

Before its takedown, Clueful managed to analyze over 60,000 apps.

So was Bitdefender sending back a list to itself and then manually inspecting the apps and updating a database, so that Clueful could then report info from the database to users?  Sounds like a lot of work for Bitdefender staff.  Unless they could automate the process of purchasing a new app from the app store and analyzing it.

Anyway, maybe the back door they used was something to get the list of the user’s apps.  That still sounds like breaking out of the sandbox.  Or maybe it is itself a privacy violation.

Log-in to comment