REJECTED: Storm8 (all titles)
Last week, Storm8 was served with a class-action lawsuit for illegally collecting detailed private data in ALL its iPhone games and transmitting it to a server. As a result, it’s also had its games rejected from the App Store.
“Storm8 has written the software for all its games in such a way that it automatically accesses, collects, and transmits the wireless telephone number of each iPhone user who downloads any Storm8 game,” the suit alleges. ” … Storm8, though, has no reason whatsoever to access the wireless phone numbers of the iPhones on which its games are installed.”
As a result, they had all their games removed from the App Store, until the offending code could be removed.
It sounds as though this was Apple’s decision (the official statements from Storm8 take no credit for it) – in which case, well done to Apple for acting fast.
Although, sadly, they tend to ALWAYS takie down Apps immediately, without actually checking the merits of the case, so it’s quite possible Apple didn’t even investigate here.
Developer thoughts
Apple allows us to collate a lot of non-personal, yet private, data about each user of each iPhone app. The following information is easily available:
- UDID of phone (a unique serial number, effectively – no known use other than being able to distinguish between iPhones; see below)
- Name of the phone (this is set by the user when they first connect to iTunes. It’s usually “Joe Bloggs’s iPhone” or similar)
- Which version of the OS they’re running (e.g. 3.0, or 2.2.1 – very very useful for adding workarounds for Apple’s bugs. Especially considering Apple refuses to give iPod Touch owners a free upgrade)
- Whether it’s an iPhone or an iPod Touch (some of Apple’s features CANNOT work on an iPod Touch – the developer needs to know this so that they can make alternative features when running on an iPT)
- What kind of internet connection it’s using: None, Wifi, or Cell/Mobile Network – i.e. GPRS, EDGE, or 3G – (useful for deciding e.g. whether to give the user high-quality video stream, or low-quality)
- The complete contents of the AddressBook
The only two of those that aren’t anonymous are the AB and the personal name of the phone, and in 90% of cases the personal name isn’t a real concern (it’s usually benign, e.g. my first phone was called “Adam’s iPhone”, along with the half-million other Adam’s iPhones out there…).
Obviously, the AB is a different matter. But any developer attempting to secretly download the entire AB from every phone and use it for … well … any purpose at all is fairly obviously acting illegally.
How do you get the user’s cell phone number off an iPhone?
IMHO, grabbing the user’s cell-phone number is in the same category as the AB: you can use it, but attempting to upload it to your server is blatantly illegal and should be avoided at all costs. (unless, of course, the user specifically gave you permission – and understood what they were doing).
I’ve often been asked by fellow developers how to grab the cell number. In 99% of cases, all they needed was the UDID and a bit of common sense – but in about 80% of cases they’d already “decided” that only the cell number would do. They didn’t care about privacy issues (”I’m not going to do anything bad with it”) and only cared that it was “so unfair” that Apple didn’t make it easy to grab.
Ironically, in nearly all cases I’ve seen, getting the cell number didn’t actually solve any of the problems with using the UDID – they just reduced the frequency of those problems. Ultimately, the developer still needed to solve the problems (through additional UI design and app features), and getting the cell number was a waste of their time.
So … while I’m happy to believe Storm8 weren’t malicious, just stupid, I’m firmly on the side of Apple here: no-one should be secretly uploading cell numbers.
Unfortunately, there *are* legit reasons for taking the cell number (with user permission), and Apple is almost guaranteed to now cut all those off. They have a habit of throwing the baby out with the bathwater…
November 14th, 2009 at 10:51 pm
[...] just ran into the Storm8 controversy, and has seen all new Apps using Unity3D automatically rejected this past week. Ouch. I got off [...]
November 18th, 2009 at 11:46 pm
“Especially considering Apple refuses to give iPod Touch owners a free upgrade”.
Actually, it’s an accounting rule that Apple has to follow. Google for details, but simply put Apple is not refusing to give out free upgrades, your government is refusing to let Apple give out free upgrades (and applies equally to all other products that fall into the same category).
November 26th, 2009 at 2:57 pm
I read the iPhone paperwork and it states you must not copy the customer’s private data, so Apple is well within its rights. All this other bullshit about the lawsuit is totally irrelevant. If you don’t like the agreement with Apple, don’t agree to it.
This site should only be for situations where the app is rejected for reasons OTHER than what is in the contract with Apple.
November 26th, 2009 at 7:47 pm
It’s this very reason that I’m glad Apple is a strong gatekeeper on the iPhone. I deal with enough BS on my hone and personal computers (PC & Mac). I would prefer my phone, my primary means if communication and organization in my life to be issue and most importantly WORRY free. I don’t trust developers, why should Apple. It only takes one malicious developer to spoil the whole experience.
November 26th, 2009 at 8:02 pm
Taking my phone number is not malicious? Then why do it at all? I would personally ban all apps from any such company and never give them a second chance. There is absolutely no reason to collect any of our personal data unless they want to exploit it. Kudos to Apple for protecting me from these losers. The developer needs a punch in the face…a few times.