Foxtel app spies on iPhone users

Australian Pay TV company Foxtel has released a controversial electronic programming guide for the iPhone which allegedly tracks the viewing habits of users, without offering an opt-out.

According to ex-Telstra employee Leslie Nassar, the Foxtel Guide app sends identifiable information to an analytics firm called Pinch Media. Developers of applications for the iPhone use Pinch Media to track what users do with their iPhone apps. In return, the firm collects information about iPhone users.

iTnews has attempted to contact the developer of the app, Marcus Schappi. Foxtel, formed through a joint venture between Telstra, News Corporation and Consolidated Media Holdings, claimed an opt-out system wasn't required "since no personal information is used".

"The Foxtel Guide does not collect any information that can personally identify an end user," a spokesman said.

The spokesman also claimed Apple's end user licence agreement allowed developers permission to "collect and use technical data and related information".

Privacy concerns

Pinch Media has publicly boasted about the “secrets” it collects through its analytics code embedded within many iPhone apps.

Data collected by Pinch Media can include your current latitude and longitude (if location enabled) and your gender, birth month and year (if Facebook enabled).

According to Nassar, the Foxtel Guide app collects an iPhone’s unique identification number, model, operating system version, application name and version, the length of time the application was run and whether the iPhone had been jailbroken.

The app also tracks how the user navigates the Foxtel guide, sending Pinch Media information about the categories, channels and programs the user has viewed, he alleged.

Foxtel appeared to have included an amended statement alongside the app on the iTunes store over the weekend in an attempt to calm privacy concerns.

As of Saturday, the Foxtel Guide page on iTunes stated: "The FOXTEL Guide may collect technical data and related information, including but not limited to technical information about your device and application software. This data is gathered periodically to facilitate the improvement of software and product support. No information personally identifying you is collected."

But as of Monday, the Foxtel Guide page on iTunes had changed: "The FOXTEL Guide may use 3rd party services to collect technical data and related information, including but not limited to technical information about your device and application software. The data is gathered periodically to facilitate the improvement of software and product support. The FOXTEL Guide does not collect any information personally identifying you."

Nassar said his main concern about the app was that it didn’t offer an opt-out.

In a blog posting, Pinch Media suggested concerned users run their apps in ‘airplane mode’ if they didn’t want information sent to the company.

Airplane mode disables Wi-Fi and mobile network access. But most iPhone apps require airplane mode to be off in order to gain access to the internet.

Nassar said that the airplane method suggested by Pinch Media was not a fix.

"The airplane [solution] doesn’t actually count because if you’re in airplane mode ... the next time you happen to run the application and you happen to connect to the network, it will still go ahead and send it all," Nassar said.

In August, Pinch Media said it had made it “easier” for developers to implement an opt-out option. Foxtel did not use the opt-out feature, nor had it implemented its own opt-out option, which Pinch Media said had “always been possible”.

Nassar explained that Pinch Media could build a profile on a user if multiple apps used its analytics code by matching apps with a user's unique iPhone identification number.

"If I install an app next week that is a Pinch Media ad-supported app, the ad being served-up to me could very well be targeted to me personally," he warned.

Security concerns

Nassar also explained how data transmitted by Pinch Media was sent in clear text.

“It doesn’t encrypt any of the data that it sends," he said.

This would create security concerns if a user was connected to a public Wi-Fi hotspot.

Further, the app periodically transmits data between the iPhone device and Pinch Media's analytics database, which counts towards a user's data allowance.