Do you know what your apps are doing when you are not paying attention? How are they taking care of your personal data? An iOS app called Clueful from security company Bitdefender told users exactly what the apps on their iPhone were doing. That is a valuable service for consumers who may trust an app simply because it had the App Store stamp of approval, when not all apps are so trustworthy. Yet Apple has removed Clueful from the App Store for unspecified reasons.
According to Bitdefender, Clueful “identifies deviant apps on your iPhone. It looks at what applications are currently running in memory and it retrieves audit information from the Clueful Cloud. This audit info lets you know if the app is taking your address book, sharing your location, etc.”
Clueful would also let you know if an app integrated a mobile analytics platform so it could track a user’s behavior within the app. Mobile analytics is a powerful tool for developers, and the information is extremely useful to developers for marketing and designing updates. Clueful would tell you how an ad network was interacting with an app. It would tell if an app was accessing your Facebook or Twitter credentials or if it used telemetry data to ascertain your behavior across several apps. If an app was sending your data unencrypted, Clueful would let you know.
Apple has good reasons for not wanting consumers to have that information. Several companies have gotten into trouble in 2012 for improperly transmitting user data to servers, such as Path and LinkedIn.
What this comes down to is a basic matter of trust. Apple wants consumers to implicitly trust what they download from the App Store. The company has established a rigorous approval process for any app that is published on the App Store for precisely that reason. If Apple cannot keep malicious or carelessly developed apps out, people will not trust the App Store and will be less likely to download from it. That would hurt Apple’s bottom line as well as the ecosystem the company has built. Yes, iPhones and iPads are high-quality devices, but Apple’s marketing centers around what you can do with them: There's an app for that.
That said, Apple's reasoning is unclear. Bitdefender’s Chief Security Researcher Alexandru Catalin Cosoi declined to comment, citing a nondisclosure agreement. Bitdefender is working with Apple to have the app reinstituted and will resubmit it to the App Store on Monday or Tuesday of next week.
Although users can't currently download Clueful to find out what their apps are doing, Bitdefender offers statistics that illuminate the behavior of iPhone apps en masse. Between May 22, when it was published, and this week, when it was taken down, Clueful reported the behavior of 65,000 of the App Store's most popular apps. Bitdefender found that 41% of the apps studied could track users’ location and about 33% stored user information without encrypting it. 18.6% of apps could access all contact information in address books.
16.4% of apps studied can connect to Facebook. By itself, that is not a big deal, since a variety of applications use Facebook’s user authentication as the default way to log in. In fact, many of the behaviors Clueful tracked were benign and even in the user’s interest, if the app developer employed proper security and respected privacy. That said, it is still beneficial for users to know what an app is doing and how it is tracking behavior.
We have contacted Apple concerning the removal of Clueful and will update if we get a response.
The infographic below summarizes the information Clueful found before it was removed from the App Store.