See updates at the bottom of this post.
Aurora Feint has been pulled from the iTunes apps store as of July 23rd. It appears that there has been quite a bit of spyware concern centered on the “Community” feature. This feature asked you for your email address and phone number. In return, it was supposed to automatically add your friends so they could be in your party within the game. But it wasn’t immediately obvious how this was to magically happen.
The intent was to add the community feature with as little typing as possible because according to the developers, “everyone always complains about the keyboard on the iPhone and how annoying it is to type on it“. Apparently, they used an API that would download all of your contact information stored in the Contacts app on your iPhone. The contact details were to be transmitted in clear text to their server.
This is part of what the developers had to say:
In the 1.0 version of the game we just didn’t get around to doing everything we wanted to do in time for the launch: remember we tried to do a high quality game in 10 weeks flat. So, if you opt-in to the community feature, when you refresh your friends, the data is sent unencrypted to our web servers. Before you freak out though, let me explain why this was done. We just thought that it was a cool feature and that we’d implement security stuff if we became popular. To that end, the web server we launched with was a teeny box with almost no power. We spent the first few days scrambling to scale our servers. We really had no idea how popular we were going to be. We added this feature in near the end of our development cycle and simply decided that we didn’t have enough time to spend to make it secure in advance of knowing if it was even going to be a hit.
The developers say that they have revised their application to use
HTTPS for data transfer and it has been submitted to Apple for review. They are also
working on another version which has the community feature completely
removed.
If you play the game and want to continue, make sure you don’t delete it from iTunes. You might want to think twice about enabling the community feature if you haven’t already done so. If you have already enabled the community option, your data hopefully shouldn’t be transmitted unless you choose “Refresh Friends Data”.
I read through the posts on the Aurora Feint forums and it seems to be
a mix of those who are concerned about security and those who don’t
think it’s a big deal. What do you think?
I imagine this is going to take a while to straighten out …
Read more on the Aurora Feint forums.
See their privacy statement.
Edit: Looks like this isn’t the first time there has been an issue with an application in the app store.
25 Jul 2008 - Update: Version 1.0.0.1
has been released. It contains bugfixes, “additional networked
features” and more magicbooks. The developers also advised that they
disabled the community feature as of July 18th as soon as they realised
they were becoming popular. They do not store the data and have
assured us that they have deleted all personal information stored on
their servers. Make sure you update, because your game data will no
longer be saved to the AF servers with the old version.
Technorati Tags: iphone, apple, aurora feint
1 response so far ↓
1
Jason Citron
// Jul 25, 2008 at 1:31 am
We’ve spoken with Apple and sorted everything out. We’re back with their endorsement. Please check our official announcement on our forums: http://aurorafeint.proboards100.com/index.cgi?board=world&action=display&thread=369
Leave a Comment