Apple acted swiftly to remove the app developed by the iPhone developer who revealed the most common passcodes used by iPhone users. The iPhone developer, Daniel Amitay, made changes to his App “Big Brother Camera Security (Free)” such that it records user passcodes anonymously.
Not surprisingly 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212, 1998 came out as the top 10 passcodes used by iPhone users. Smartphone users behaved just like computer users(after all, they are all the same). Daniel Amitay published his finding on his blog yesterday and Apple took swift action against him with in 24 hours and removed his app from the App store.
Announcing the removal of his app in a blog post Daniel Amitay addressed the security concerns of people and tried to explain why he thought his actions are within iTunes’ rules. Here is the full explanation from Daniel Amitay.
Yesterday I posted an analysis of the Most Common iPhone Passcodes, with passcode data taken from my Big Brother Camera Security app. As of today at 4:58pm EST, Big Brother has been removed from the App Store. I’m certainly not happy about it, but considering the concerns a few people have expressed regarding the transfer of data from app to my server, it is understandable.
I think I should clarify exactly what data I was referring to, and how I was obtaining it. First, these passcodes are those that are input into Big Brother, not the actual iPhone lockscreen passcodes. Second, when the app sends this data to my server, it is literally sending only that number (e.g. “1234”) and nothing else. I have no way of identifying any user or device whatsoever.
Lastly, and overall, I had believed that said data was covered under section b of the iTunes EULA:
b. Consent to Use of Data: You agree that Application Provider may collect and use technical data and related information, including but not limited to technical information about Your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to You (if any) related to the Licensed Application. Application Provider may use this information, as long as it is in a form that does not personally identify You, to improve its products or to provide services or technologies to You.
Namely, that I’d be able to collect this data so long as it was “not personally [identifiable to] You.” Perhaps this was a misunderstanding on Apple’s part, or perhaps I missed a developer agreement where I’m not able to publish certain statistics (?), but I’m hoping to get this worked out and have Big Brother back on the App Store. I’ll gladly remove the code in question if it is what Apple has a problem with. That said, I had planned on having these common passcodes built into a next update, so as to prompt users not to choose obvious passcodes.