iOS Privacy in iOS apps

[koboos]

First of all it's a question to developers, that's why I put this thread in this category.

What device information can be fetched by an app which is installed from Safari (it's not AppStore approved). I know these apps doesn't have any limitations that Apple puts on official AppStore developers like prohibiting identifying devices by its UDID. But I have no idea what can be read from non-approved app about my device. I changed MAC address which changes my UDID number but after clean restore the app still thinks I'm the "old" device.
Additionaly the app is installing some kind of profile. Maybe it has more access to in-depth information about device? What do you think guys?

 

[1458279]

When you say installed from Safari, you're talking about a jailbroken device and Cydia or some combo of that or are you talking about web based apps?

I can't speak about web based apps and what they can or can't do, but my understanding of jailbroken devices is that the native apps can bypass the Apple rules.

As I understand it:

Apple has strict rules for what can and can't be done, it sandboxes the app and you have to say what you are going to do (ask for permission).

Jailbreaking allows apps to be stolen and allows apps to bypass the Apple rules.

I don't know exactly how far an app can go when running on a jailbroken device, but it's probably under the control (if there is any) of the jailbreak.

In other words, (as I understand it), the OS (iOS 7) controls permission and if you jailbreak, you are altering the OS and therefore altering the rules. So the rules (if any) would be under the control of the jailbreak OS.


Someone step in and correct me where I'm wrong (I'm sure I'm wrong somewhere )

 

[koboos]

Thanks for the answer.
Yeah I have jailbroken device, but the app is designed to work on all devices, not only jailbroken and iOS 4-7.

Most probably it's a wepapp but I'm not sure because it wasn't installed like normal webapp (creating icon bookmark from Safari) but it asked me if I want to install an app (classic Install/cancel popup).

During installing an app, some kind of profile is created in Settings. Maybe it's a ticket which allows installing the Developer's software outside the AppStore? I don't think I can normally install .ipa files from Safari (?).

I just feel I don't understand how it all works.

 

[ArtOfWarfare]

Thanks for the answer.
Yeah I have jailbroken device, but the app is designed to work on all devices, not only jailbroken and iOS 4-7.

Most probably it's a wepapp but I'm not sure because it wasn't installed like normal webapp (creating icon bookmark from Safari) but it asked me if I want to install an app (classic Install/cancel popup).

During installing an app, some kind of profile is created in Settings. Maybe it's a ticket which allows installing the Developer's software outside the AppStore? I don't think I can normally install .ipa files from Safari (?).

I just feel I don't understand how it all works.

If you don't understand how jailbreaks work, you shouldn't be jailbreaking. That's my rule of thumb for all sorts of things like this (if you don't understanding how rooting works, you shouldn't be rooting your Android device, either.)

 

[koboos]

Now I have a feeling you don't understand what I wrote.

I told that the app is designed to work under devices which are jailbroken and non-jailbroked. So if the app is universal it shouldn't have nasty things in it because it would not work on non-jailbroken devices.

 

[1458279]

Thanks for the answer.
Yeah I have jailbroken device, but the app is designed to work on all devices, not only jailbroken and iOS 4-7.

Most probably it's a wepapp but I'm not sure because it wasn't installed like normal webapp (creating icon bookmark from Safari) but it asked me if I want to install an app (classic Install/cancel popup).

During installing an app, some kind of profile is created in Settings. Maybe it's a ticket which allows installing the Developer's software outside the AppStore? I don't think I can normally install .ipa files from Safari (?).

I just feel I don't understand how it all works.

I also don't understand how it all works. I have a fair understanding of the Apple process, but pretty limited on others.

I've never heard of a popup that would allow you to install an app. Maybe it's just a link to what Cydia does and it expects your device is already jailbroken.

Your original question included what do they have access to, my guess it everything. I've heard that because Apple is so restrictive, some regular apps went outside Apple to get the app to do what they wanted.

One of the big issues going on in mobile is getting demographic info. Apple is a huge source of this info that advertisers want but can't get without permission from the user. Jailbroken devices have offered the answer to this problem.

In the world of Jailbroken, you don't have any police. You're making a back alley deal and Apple isn't involved. Developers know this and you can't do anything to change it other than going back to stock iOS. If the developer of the app is targeting jailbroken devices, you could contact them and ask them what they collect. If their app is on Cydia against their wishes, they would likely not help you.

In this case, because you said they are collecting a profile, they very well might be designed for Cydia/Jailbroken devices. If it's a free/ad supported app and you see the ads, they should be willing to help you.

I don't know if jailbroken apps see the ads or not.

What happens if you restore and re-jailbreak? You lose all the apps and reinstall them? Would that solve the problem?

 

[koboos]

First of all we should forget about the jailbreak. Like I said it's a universal app which has to run on every device, so even if I don't have jailbreak there will be a "popup" asking if I want to install an app. So I guess there is some way to go around the AppStore and Jailbreak allowing to install non-approved apps.

After clean restore and rejailbreaking and installing the app, the app itself knows that it's a device from before restoring. Moreover I changed MAC address, so that UDID number (which depends on hardware e.g MAC) also changed. But still the app is somehow recognizing the device as the old one.

I might try restoring a device and installing app without jailbreaking. Maybe you are right and the app recognizes I'm jailbroken and fetches more information about device (but I really doubt it).

 

[dejo]

I told that the app is designed to work under devices which are ... non-jailbroked.

How do you know this? Can you tell us the name of this app? How about a link?

 

[1458279]

Ok, this sounds like a Web App that is asking you to install the native app.

This would be basically a web page that knows about your device and asks you to install the native app.

The native app (as I understand it) would be able to install 1 of 2 ways:

1. thru Apple
2. thru Cydia type service on a JB device.

You might be installing thru Cydia or some similar service without knowing it. In other words, the link might be some kind of autoloader or an app the loads another app. I'm not up on these kind of things, but wouldn't be surprised if it was able to do this.

...

So back to the issue: From what you say, the developer is aware of the install, so you should be able to contact them and ask them about a fix.

Otherwise, if it's a regular app, Apple post the support websites for all the apps. You could contact them through that. Some offer a FAQ and/or forum with support.

Apple has some pretty strict rules, my guess is that they should have rules for not storing data once the app is removed. From what you're saying, the app is storing info after it's been removed.

One other option, is that the app could realize it's on a JB device and change how it works. I've heard of this, but don't know if it's actually done or not.

Which app is it?

So I guess there is some way to go around the AppStore and Jailbreak allowing to install non-approved apps.

Is the app on the AppStore?

After clean restore and rejailbreaking and installing the app, the app itself knows that it's a device from before restoring. Moreover I changed MAC address, so that UDID number (which depends on hardware e.g MAC) also changed. But still the app is somehow recognizing the device as the old one.

This really sounds like it breaking some of Apple rules.

One other note: I've heard that an app can be hacked so that it contains malware. This is much more common on Android, but very rare on nonJB Apple devices. I assume that it could be done on Apple JB devices.

Basically they crack the app and insert their own code, the user thinks they are using the real app, but they are using something else. Google shut down a bunch of apps because of this years ago.

 

[koboos]

So my next step would be checking if the app is recognizing me after only clean restore (no jailbreak). Probably it detects the jailbreak and then trying to gather more info about device. But still I'd like to know what info they can fetch (IP, ISP, country, city, device name, udid, mac. But what else can be used for identifying procedure?)
The app is not on the AppStore FYI.

I will post results later after restoring device.

 

[xArtx]

I can't speak of something made for non-jailbroken iPhones,
but as for jailbreak programs and tweaks, you really have to trust the author of every program on your iPhone.

As far as I'm aware it takes kernel mode access to see the root directory of an iPhone,
and at least somewhere along the line that has been possible, whether or not it is now.
That means any program (App) can see the data of any other App so long as it's not encrypted for example.

It is also easy to make an App look like it is for one thing, but really for another.
This doesn't make an App dodgy and crash, it's more likely an experienced/ talented author that would do something like that.

Some of the Apps that crash and play up when the author uses private APIs are just unavoidable.
For one of the iOS 4 versions a jailbreak App could send SMS fully automated.
This failed on later firmware versions. Apply have definitely made changes private APIs to cause some of these programs to fail innocently and naturally.

 

[koboos]

I just made an attempt to restore the device. But before I wanted to change MAC again using nvram command. Now I noticed there is another variable which (I think) can be read by discussed app. It's "platform-uuid" which looks like:

%00%00%00%00%00%00%10%00%80%00%b80d%d6%fa7

Do you think it is safe to change this variable? And what syntax it can be?

 

[ArtOfWarfare]

I just made an attempt to restore the device. But before I wanted to change MAC again using nvram command. Now I noticed there is another variable which (I think) can be read by discussed app. It's "platform-uuid" which looks like:

%00%00%00%00%00%00%10%00%80%00%b80d%d6%fa7

Do you think it is safe to change this variable? And what syntax it can be?

I think you're playing with fire and you should restore your iOS device to its factory settings and never jailbreak again - if you like having a non-bricked iOS device, that is.

 

[fishkorp]

What the OP is describing sounds like he's installing an app built for Enterprise distribution. I've developed apps for Enterprise before, and that's how we had them install them. I setup a webserver that hosted the files and the employees would go to a link and it would prompt them to install the app. It loaded a provisioning profile to the device, then installed the app. So that's probably what he's describing.

 

[koboos]

What the OP is describing sounds like he's installing an app built for Enterprise distribution. I've developed apps for Enterprise before, and that's how we had them install them. I setup a webserver that hosted the files and the employees would go to a link and it would prompt them to install the app. It loaded a provisioning profile to the device, then installed the app. So that's probably what he's describing.

It's exactly the same process as you are talking about. Can you describe how can you identify device? What information can be read by developer since the app isn't liable to Apple rules?

 

[1458279]

It's exactly the same process as you are talking about. Can you describe how can you identify device? What information can be read by developer since the app isn't liable to Apple rules?

Aren't enterprise apps subject to the same or at least most of the same as other apps?
I'm wondering because I intend on doing enterprise apps and would like to know if the rules are different.

[question not directed to OP]

 

[thewitt]

Enterprise apps do not go thru Apples review process, so are not forced into following all the same rules as commercial apps.

 

[koboos]

So please tell me, from the developer point of view, do you have access to all files and read whatever you want from the iphone filesystem? Or you can read only some properties like UDID or MAC address or from here:

Identifying the Device and Operating System
   name  property
   systemName  property
   systemVersion  property
   model  property
   localizedModel  property
   userInterfaceIdiom  property
   identifierForVendor  property
   uniqueIdentifier  property Available in iOS 2.0 through iOS 6.1

What can I try to do on my device to differentiate it for the app developer?

 

[ArtOfWarfare]

So please tell me, from the developer point of view, do you have access to all files and read whatever you want from the iphone filesystem? Or you can read only some properties like UDID or MAC address or from here:

Identifying the Device and Operating System
   name  property
   systemName  property
   systemVersion  property
   model  property
   localizedModel  property
   userInterfaceIdiom  property
   identifierForVendor  property
   uniqueIdentifier  property Available in iOS 2.0 through iOS 6.1

What can I try to do on my device to differentiate it for the app developer?

What makes you think you can? Why would you want to? Have you tried contacting the developer and asking?

 

[dejo]

So please tell me, from the developer point of view, do you have access to all files and read whatever you want from the iphone filesystem? Or you can read only some properties like UDID or MAC address or from here:

Identifying the Device and Operating System
   name  property
   systemName  property
   systemVersion  property
   model  property
   localizedModel  property
   userInterfaceIdiom  property
   identifierForVendor  property
   uniqueIdentifier  property Available in iOS 2.0 through iOS 6.1

For non-jailbroken apps, developers do not have access to all files. Apps run within a "sandbox" and can only access files from within certain directories exclusive to that app.

What can I try to do on my device to differentiate it for the app developer?

Why do you need to differentiate your device? Also, you still haven't told us the name of this app.

 

[koboos]

So the app is called Featurepoints and it let's you earn gift cards for trying apps. There are lots of other similar apps but this has one big advantage. You can earn more money for referring people to it.
The reason I want to be different is that my referral code is confusing it has capital O and 0 (zero) in it and these are very often mistaken. I believe new people I refer may go to someone else because of these letters and digtis.
Of course I contacted support. They told me it's impossible to change my ref code, and that's why I want to do this by my own. I still believe it's possible.

So the app installs like fishkorp said. It's enterprise distribution. I open website, click to install app, it must first install provisioning profile on device (which is the same for every device). Then it let's me install app. After first opening app, it cycle through Safari and app (this is the process where app is identifying device). The URL of first Safari cycle page contains something like "apikey=[many a-Z and 0-9 symbols]".

I have to mention that I can go to my account through Safari (not only the app) so some cookies must be saved also for identifying purposes in the future.
During my filesystem observation I've noticed some key is stored in Keychain database for this app.


So the question still remains. What they fetch from my device to identify me even after clean restore without jailbreak and having different udid and mac.