Had an interesting conversation today with Aral Balkan and others via twitter, which began when Aral mentioned some concern over the iPhone analytics package available at Pinch Media.
If you don’t know what Pinch Media Analytics is (or analytics in general), there are multiple ways I could describe it. I could describe it as “spyware that secretly gathers information about you and sends it across the Internet without your permission.” Of course, that would be a carefully designed statement, specifically engineered and worded to scare you into thinking it was evil and dangerous, and generally just an attempt to create FUD (Fear, Uncertainty, and Doubt). Or, I could go the other way and carefully craft an innocuous description that makes it sound wonderful. But let’s instead look at the facts of what it is, what it does, and what it can and cannot be used for.
Basically, Pinch Media Analytics consists of a library that is compiled into an iPhone application and a web service. Generally, when the application starts, it pings the web service with a small amount of information (we’ll cover that in a minute) and when the application is about to terminate, it pings the service again. The developer may also choose to ping the service at other various points in the application. These pings are then aggregated on the server into various reports the developer can look at, such as how many unique users have installed the application, how often and how long they are using it, how many times the app may have crashed, even how many “cracked” (pirated) copies of the app are installed (a surprisingly high number). If the developer included additional intermediate pings, one might be able to see how many users are visiting different parts of the app or game, and how much time they are spending on each part.
So, what information is being sent? Let’s get the big one out of the way first. It sends, *gasp* your device id! This is the unique hardware id identifying your iPhone. Now that sounds pretty bad, right? But don’t go having a big knee jerk reaction and freaking out. It’s not like it’s sending your social security number, drivers license, credit card, or mother’s maiden name. It’s simply a unique number that is used to differentiate two different users, so if I had 10 plays of my game today, I can tell whether that was 10 different people or the same person playing it 10 different times. There is no way for Pinch Media or any other developer to link a device id to a particular person. I imagine that Apple could probably do that, since you registered the phone with them and made your account. But unless someone is a serious hacker capable of getting into Apple or AT&T’s databases, you don’t have much to worry about. And this is not some super secret hack that Pinch Media put together in their evil labs. It’s part of the standard, approved, iPhone SDK public API. You just say:
[c]UIDevice *device = [UIDevice currentDevice];
NSString *uniqueIdentifier = [device uniqueIdentifier];[/c]
and there you are. Furthermore, this id is used by all kinds of apps. If you’ve ever played a game and submitted a high score, you’ve most likely submitted your device id to the server that stores the high score. Chances are that many iPhone advertisements also make use of the device id to know how many impressions or clickthroughs are by unique users, as opposed to one developer clicking on his own add over and over. I’m sure that the device id is used in many other ways by many other apps. So relax about it.
OK, what other data gets sent in the Pinch Media ping? Well, there’s an app id, which is a special id assigned by Pinch Media to a specific application, so they know what app to count the ping on. And various data about the hardware or software of the phone, such as whether it’s an iPod Touch or iPhone, what model, what OS, etc. It will also send location data, but it does that through CoreLocation, which automatically pops up a dialog asking the user if the application can access location first.
So, if you are running around telling people that Pinch Media is “secretly gathering information about you”, it’s definitely FUD. The only data that is remotely about YOU is your location, and it needs your permission to do so, so it’s not secret. All this is really no more than any web based analytics package can get right out of a browser – what kind of machine you are on, what OS and version, IP address, location, etc.
Now one problem people may have with this (one Aral voiced) is that a web application is on the web, but an iPhone application is like a desktop application that is trusted and installed and should not be “secretly” using any bandwidth, much less sending information, without explicit permission. I can see this point, but honestly, the lines between desktop applications and web applications are blurring more every day and I predict will be irrelevant at some point. And in the case of iPhone apps, I think it is irrelevant. An iPhone is a connected device. It’s an Internet device. Most interesting applications do have connectivity as a major component. High scores, dynamic content, web services, multiplayer, etc., etc. And I bet most of these send some or all of the same data Pinch Media is sending. Comparing this to an old fashioned desktop ask that requires permission every time it talks to the net is simply a wrong comparison.
I also know that no matter what anyone says, some people will just be against the idea of any app sending any information for any purpose without express permission. Personally, I feel that is dogmatic, rather than pragmatic. “It’s my device, I should be in control of what gets sent where.” I see that as dogmatic and I’m not going to argue right and wrong with you. The simple fact is, that if you don’t want your device to send any information, you better just shut it off now.
Furthermore, Apple has taken app security pretty seriously. All 3rd party apps run in a very strict sandbox. Other than the information described above (device id, hardware and software versions, etc.) an app only has access to its own bundle – which includes app included and installed by the application itself, and any data the user inputs into the application that the application then saves. There are, of course hooks into other apps, such as the Photo Library and Contacts, but these require user interaction and permission. I can’t write an app that just reads all your contact info and photos and uploads them to my server behind your back.
The final point I made on Twitter was, “analytics != spyware”, since the s-word was being tossed around.
Spyware is intentionally malicious software, or malware. It is designed to collect personal information about a specific user and make use of that information to exploit that user or his/her machine in some way, and often does harm to the device it is installed on as well. Malware is often illegal and almost universally frowned upon. To call any legitimate analytics package spyware is completely unfair. Analytics sends aggregated anonymous data. The purpose of using a package such as Pinch Media’s is to see how your app is being used and how you might improve it to make it a better experience so that people will use it more. In my book, that is not malicious by any stretch of the imagination.