Wed 2008-07-23 ( ap En )

I was waiting eagerly for 3rd party apps on my iPhone since I bought it…but I didn’t expect the apps to be this good. Turns out the best game is actually free: “Aurora Feint: The Beginning”. The developers are very active and nice. Give it a try, if you have an iPhone or iPod touch :)

Screw that. Apple has taken it down (Thank you! No sarcasm!) because it actually sends your contact list over to the developers’ server.

They thought it was a cool feature that makes finding friends dead simple. How can you be so stupid. How can they not know what people out there are using private data for. How can Apple let such an application through their gates in the first place.

I actually discovered this by accident myself, and was unsure how to react. Well, it’s no longer necessary. Others have made it public.

I’m sorry to have recommended it earlier. You can discuss with the developers if you want.

Really, it makes me sad. Bad day for the AppStore. Bad day for programmers.

Update: For the record, here’s the original board PM communication from Jul 18, 2008 with Danielle Cassley, starting with my question:

hi!

I experimented a bit with XCode and AF, and – trying to find out more about the user data it stores – I found this: com.youweb.iMmo/Documents/iMmoAccountData. it looks like a dump of all my contacts’ names, emails, and phone numbers.

you don’t sync this with your server, right?

Answer from Danielle:

nope. we send it to the server to find the friends that have the game, and dont store them. the community feature works by telling you who in there is also in our servers.

My answer:

I understand that, and it is crucial for an MMO to have community features. but I never agreed to the upload of my contact data to your server, especially not through a possibly unsafe EDGE connection or over the internet!

I didn’t even give my own email and phone number, because I didn’t want to use that feature. if you want to match data, you should use hashes or unique names or something else. it is simply not necessary to send private data from my contacts.

this is a very serious matter, and I think other players would be surprised to find that their personal data is sent to your servers without any confirmation. they would have to trust you that the data is not stored – which is simply not enough.

please think about this. in my opinion, you should:

1. Explain the situation clearly on this board, ASAP.
2. Ensure that no private data is stored on your server.
3. Remove or change the community feature so that no private data is sent automatically.
4. Add a clear confirmation that explains users what is sent, when and why.

I can hardly explain how disappointed I am about this. Aurora Feint is a wonderful game, but I won’t play it until I am sure my privacy is respected. I will refrain from posting publicly about this for now, because I respect you as developers, and because I love the game.

Danielle’s Answer:

If you do not use the community feature the information should not be sent.

We are dealing with the hashing of emails and phone numbers as we speak in order to keep the data safe over the edge connection. Currently the feature is disabled as we deal with this (its something we have been working on for a day or so). Telephone numbers of those who currently do agree are not even stored. When they are stored only the telephone number of the person that submitted their data is stored, the actual friendships are calculated on the fly each a user checks them out, and the only thing sent to our server is the phone and email to be checked.

The question about the community feature and how it finds your friends was asked earlier this week and I disclosed that we queried our servers for the numbers and emails in the contact list. I am sorry if this was not clear to you.

I will make sure the text is updated to specifically state the way we find friends is through the information in the contact list and that connections between people are not stored!

Danielle

I never played Aurora Feint, or any of their games again. I’m still disappointed, by the Feint team, and also by Apple.

Say something! / Sag was!

WHAT?!?!
Joanna @ 13:46 on Thursday, 2008-07-24

No markup, just plain monospace text. / Kein Markup, nur Normschrift-Klartext.