Your browser does not support JavaScript!



Friday, June 01, 2012
Privacy, another reason to Jailbreak your iPhone? - Tips to protect yourself
Privacy, another reason to Jailbreak your iPhone? - Tips to protect yourself

Every time I jailbreak my iPhone, I need to go out in Cydia to find all the apps that were installed before, just like last weekend with the 5.1.1 JB. And because I forget some of the package names, I go google again for the best Cydia apps. This time around I came across some other apps which I haven’t installed before and got to my attention.

The first one is called Firewall iP. The tool blocks by default all the connections your iPhone wants to initiate when you use your applications. I was surprised how many different sites some of the applications contact before they are fully functional.

Because I wanted to know what to block or to allow, I started investigating them one by one.

Firewall iP Privacy ios iPhone 4SFirewall iP Privacy ios iPhone 4S

Booking.com

When you start the App Store app, it tries to contact these addresses, not always in the same order or all of them. Below you can see addresses which have been requested with the action I give to Firewall iP (always allow or always deny) together with some explanation;

App Store Connections

0. itunes.apple.com (allow)
1. r.mzstatic.com (allow) (Apple domain which is iTunes store content related)
2. a3.mzstatic.com (allow) (Apple domain which is iTunes store content related)
3. a1.mzstatic.com (allow) (Apple domain which is iTunes store content related)
4. a4.mzstatic.com (allow) (Apple domain which is iTunes store content related)
5. metrics.apple.com (deny) (this resolves in DNS to appleglobal.112.2o7.net which is an Omniture tracking and mining of web usage site.)
6. omtrdc.net (deny) (Also Omniture site)
7. 66.235.139.152 (deny) (Ominture Adobe Server)
8. ax.su.itunes.apple.com (allow)


This is what happens when starting the iTunes Application;

iTunes Connections

0. itunes.apple.com (allow)
1. metrics.apple.com (deny) (this resolves in DNS to appleglobal.112.2o7.net which is an Omniture tracking and mining of web usage site.)
2. a1.mzstatic.com (allow) (Apple domain that is iTunes store content related)
3. *.112.2o7.net (deny) (Also Omniture site)
4. a4.mzstatic.com (allow) (Apple domain which is iTunes store content related)
5. 66.235.138.44 (deny) (Also Omniture site)
6. 77.67.28.146 (allow) (Akamai server distributing iTunes content)
7. omtrdc.net (deny) (Also Omniture site)
8. 66.235.138.44 (deny) (Also Omniture site)
9. scm-api2.oak1.omniture.com (deny)
10. a3.mzstatic.com (allow) (Apple domain which is iTunes store content related)
11. a4.mzstatic.com (allow) (Apple domain which is iTunes store content related)
12. a2.mzstatic.com (allow) (Apple domain which is iTunes store content related)
13. ax.init.itunes.apple.com (allow) (Apple domain which is iTunes store content related)
14. phobos.apple.com (allow) (xml content server) (try this in your browser; phobos.apple.com/version)

If you also click on Purchased in the menu it goes also amongst Apple and Akamai servers to sercuremetric.apple.com which I blocked.

One of the macrumors forum readers notes that Omniture is in the state of Utah which apparently has regulatory umbrellas roughly corresponding to the government of Belarus.

After some more googling around I came across the information that App Developers can choose to install tracking software from Pinch Media. When you start the App that has this enabled, it will send back the following information to Pinch Media;

→ iPhone’s unique ID
→ iPhone Model
→ OS Version
→ Application version (in this case, camera zoom 1.x)
→ If the application is cracked/pirated
→ If your iPhone is jailbroken
→ time & date you start the application
→ time & date you close the application
→ your current latitude & longitude
→ your gender (if facebook enabled)
→ your birth month (if facebook enabled)

PrivaCy

Saurik has developed together with these tracking companies a global opt-out application called PrivaCy. Once installed you have to go to the settings menu to select the providers you want to block. The application can be found in the Cydia store.

Conclusion

I am not recommending here to Jailbreak your iPhone because potentially you are more insecure that way than with a clean iPhone and privacy tracking software. The chances that some malicious packages are in Cydia are far bigger than in the controlled App Store.

However if you stick with the default app-sources in Cydia (don’t add any untrusted sources) and only jailbreak the latest iOS which has the most security fixes, you are probably quite safe, but I write that with a Big Probably. On the other hand if you Jailbreak your iPhone like I just described and add the extra Privacy protecting tools like Firewall iP and PrivaCy, you can actually see what is happening when you start applications and you can allow or deny connections to servers you don’t trust or like. Also blocking all those unwanted connections should make your apps start faster I suppose.

I don’t like the fact that apps can receive gender, GPS coordinates together with the unique ID without me approving this or being able to opt-out of it, how about you?

Sources:

http://www.macintouch.com/readerreports/security/topic4414.html
http://www.makeuseof.com/tag/that-mysterious-2o7-net-tracking-cookie-all-you-need-to-know/
http://blogs.computerworld.com/14568/iphone_apps_are_spyware_panic

 


Your opinion counts!

comments powered by Disqus