Passcode-stealing iPhone app banned by Apple

By on Jun 15, 2011 at 9:45 AM
Software June 15, 2011

In a move that should surprise no one, Apple has banned the “Big Brother Camera Security” app that developer Daniel Amity used to swipe his customers’ passcodes. BGR reported on Tuesday about an application that attempted to trick users into setting a passcode identical to the pin used to lock their iPhones. The app then transmitted the PIN numbers in the background to the developer — albeit anonymously — who used them to publish a report covering the most commonly used iPhone passcodes. While the developer’s intentions hardly seemed malicious, there was no way Apple was going to sit back and watch while a developer published data about private PINs, even if they could not be directly tied to individual iPhone users. As such, the app has been banned from the App Store. “As of today at 4:58pm EST, Big Brother has been removed from the App Store,” Amity wrote in a blog post. ”I’m certainly not happy about it, but considering the concerns a few people have expressed regarding the transfer of data from app to my server, it is understandable.”

Read

Tags:
, , , , , , , , ,
46 Comments

Related Articles

  • Anonymous

    good move by Apple :-)

  • Bringit

    This app would be allowed in “OPEN” Android.

    • http://www.droiddoes.com/ iNorm

      It would be in the DROID store as it is free and open where as the crApple App store is a walled gardened that Steve bloJobs gets the final say in.

      • Anonymous

        It would be in the “DROID STORE” free and sending a hell of a lot more back then 4 digits, or maybe it would be a “live wallpaper”…”app” that’s .99 cents and still sending a lot more back than 4 digits. 

    • Anonymous

      Yes an app like this will be on a android phone. But no worries for norn and papinyc. These fandroid lovers have each others passwords already. They are very “open” themselves get it. HAHAHA

    • kakapoopoo

      your comments are boring and lame.

      • Bringit

        tough for anyone to take anything you say seriously with a name like kakapoopoo.  However, you do smell like poo poo and kaka.

      • kakapoopoo

        I still love u

      • kakapoopoo

        I still love u

      • Bringit

        tough for anyone to take anything you say seriously with a name like kakapoopoo.  However, you do smell like poo poo and kaka.

    • Anonymous

      On the other hand, it must have been explicitly approved by Apple since that is the only way to get into the store in the first place.

      I guess approval has more to do with excluding competition than protecting users.

    • http://www.vgchartz.com SuperChunk

      I know your trolling however..
      1. Google would have removed it instantly from every phone… not just the market.
      2. The lack of openness on Apple should have prevented it from being in the store in the first place.

      This is why things like this look worse on Apple than Android… plus nothing else would have been sent unless it was all entered manually by dumb users as Android forces you to accept all the necessary permissions to snag that info automatically.

    • KCRic

      It WAS allowed in Apples app store you dumba$$

  • http://twitter.com/Nero3000 Neerav Patel

    First the app doesn’t actually steal the passcodes. Second it doesn’t trick the user into using the same one.

    But any sane person can clearly understand both points of view as to why it should and should not be on the App Store. It unfortunate for us that Apple is the one with the decision.

    • SteveJobsEvilTwin

      Well, if you’re putting the passcode in, and it’s sending it remotely to someone else without your knowledge or permission, then yes, it is stealing it.

  • Scott McIntyre

    Would you say that Mint’s app is also trying to “trick users into setting a passcode identical to the pin used to lock their iPhones”?  They also have a pin input that looks like the lock screen.

    • SteveJobsEvilTwin

      Not if the app isn’t then turning around and sending the password to someone else.

  • Anonymous

    APPLE GOOD!!!! ANDROID BAD!!!! true story.

    • puhsitch

      Sir, you make a compelling argument.

  • Anonymous

    Papinyc is a cock jockey. True story.

  • RRT190

    Fan Fanboys Fan…

  • SteveJobsEvilTwin

    What can we take away from this story?

    1) Apparently apps aren’t as well vetted by Apple as they’d like us to believe.
    2) Apple only allows Apple to to store your personal information without consent.
    3) iPhone users are apparently pretty easy to fool.

    JK. Only trying to fan the flames.

  • http://pulse.yahoo.com/_VBJ4XGUEOMGGDFA6KXLV26OLUU Roberto Cruz

    I don’t think Android users will install another application that does the same thing as many already in their market.

  • Anonymous

    Apple = Nanny State

    Apple knows what is best for you.  Just like big government.  I bet more Apple fanboys are mostly Democrats.

    Android = Free market; capitalism

    • Anonymous

      So, you are such a fandroid that you think Apple is wrong to ban an app that attempts to trick people into sending their PIN off to some unknown server?    Really?  Seriously?

      I enjoy ripping on Apple as much as the next guy, but come on dude….

      p.s. Google just nuked a bunch of apps that tricked people into installing malware.  Does Google = Nanny State?

      p.p.s.  I will agree with you that most Apple fanboys are probably Dems though..  :)  

      • Sofa King

        This camera app that did annoymous statiscial discovery of people’s pins is not malware. Nobody’s security was breached and nobody’s privacy was breached. Google pulling malware off the app market does not make Google a Nanny State. Big difference.

      • Anonymous

        No the ‘free wallpaper app’ that sends all of the information, personal and otherwise to servers in China is a shinning example of how open that platform is, and the fact that it took google so long to do anything about it.   How about the 100 other apps that google has finally gotten off the “store” in the last 3 months, god only knows how many other are out there that not enough people have complained about.

        Enjoy your open community.  :) 

      • Anonymous

        How do you know nobody’s privacy was breached?  Because the developer who stole the PINs says so?

    • puhsitch

      Ohhh the melodrama!

  • serpentor

    What I wanna know is… did was BGR actually the first one to report about this app yesterday? Or were you guys just implying you did?

    This would be a shocker to me cuz I’m just so use to BGR regurgitating analyst reports.

  • Anonymous

    Hold on, before I join BGR and Apple fans on putting a postiive spin on this issue,
    1) Apple approved this app in the first place right?
    2) Would Apple have even known about this if the developer did not come out publicly and publish the data he found?
    3) Who knows how many other apps within the app store are doing this sort of behaviour?

    I don’t see how this is positive for Apple at all… if anything it creates doubt in how Apple is incompetent in conducting their due diligence when it comes to consumer security. With so many apps in Apple’s App Store, can we confidently say that none of the other apps are doing the same thing or something similar? I think not.

    You can spin this as much as you want, but at the end of the day, this shows a very fragile and negligent process in app approval from Apple. Yes, other companies should definitely be held accountable for their actions as well if they had a similar situation, however people would be bashing those companies and only looking at the negative, whereas Apple receives praise.

    • Anonymous

      All it says is to set a pin for this app, it can be the same pin as your phone.  It then sends the pin that is set FOR THE APP back to the developer.  You don’t have to set the pin the same, don’t be stupid for the sake of trolling. 

      Apple saw it as an issue so they stopped it.

      • Anonymous

        I appreciate your perspective, but that still doesn’t paint a brighter picture in terms of the three points I layed out. Apple approved the app, they banned it ONLY after the issue was brought to light by the developer himself, and are other developers doing something similar?

        Apple is banning this app not so much for the sake of their consumers. You said it yourself, it’s not really that bad, because the pin doesn’t have to be the same as your phone pin. Apple is banning it to prevent some bad PR. They would have looked silly if this were brought to light and they did nothing to remedy the “situation”.

        I hardly think this action was taken with the consumers in mind. That’s just my 0.02.

      • serpentor

        I think the salient point is that Apple’s approval process only gives an illusion of safety.

        It maybe worse because end users think Apple protects them when in reality they can’t possibly do that without going through every single line of code for every single app.

      • Anonymous

        This app was still sanboxed, and was approved because of that. It doesn’t actually access anything on your device.

      • guest

        your comment makes no sense

      • Drew

        Hmmm…. point missed. Please continue…

  • Jared

    You play with fire and your going to get burned……

  • Sofa King

    This camera app that did annoymous statiscial discovery of people’s pins is not malware.  Nobody’s security was breached and nobody’s privacy was breached.  Google pulling malware off the app market does not make Google a Nanny State.   Big difference.
     
     

  • http://twitter.com/oomatter Seth Aaron

    Way to be proactive Apple! Not surprising that doing something which creates negative press would get you booted from the app store. It would be nice if things like this ended up improving transparency regarding what information apps acquire and send to from your phone, but I doubt it. Not when they can add exciting new features like instant messaging. It makes you wonder just how well Apple checks out apps in their store.

  • http://www.vgchartz.com SuperChunk

    When an occasional malware app gets into Android and Google removes it, it makes sense as Android very open and that will happen given the flexibility. At least Google has the ability to auto-remove it from any device.

    However, Apple is restricted and its Appstore must go through extensive scrutiny before being published. How in the world could such an app actually make it out in the first place? Guess that throws poo in the face of those that think Apple is more secure….

  • Danny W. Pimienta

    The app should be banned if what he did was against Apple’s TOC in the app store. I don’t think it’s a matter of him harvesting the passwords, I think he screwed himself when he “published” his finding because now it’s malicious and Apple probably looks at it as such b/c nowhere in his app tells the user your data is being monitored for the developers use outside the funtionality of the application.

  • Bobdonhim

    You don’t get this on BlackBerry….too secure.  Using Android or Apple is like leaving your wallet in the middle of a parking lot.  NOBODY would willing do that but they willing use devices with next to no security. 

    • Gus

      You have no clue about what you are talking about.  This camera app that send pin numbers to the developer did its thing by social engineering and not because of any technical feat.    Social engineering can happen on any platform, even Blackberry.   The app isn’t a security threat nor a privacy threat.  The only reason the app was pulled is because of public relations.  It is an ethics problem and not a security problem.

  • Steve Hillshire

    No way!!  This *NEVER* happens to succle!!!  Stevie personally sees to it that all succle apps are 100% magical and perfect!  This is just an attempt to put mud on the face of succle!!

  • whoswho

    good move!  your kidding, right.  I thought that’s what the 30% was for.  For them to build up there approval process so things like this didn’t get through.  come on people. 

blog comments powered by Disqus