Earlier this week, iOS developer Daniel Amitay published a report examining trends in passcodes chosen by users of his Big Brother Camera Security application. Amitay had anonymously collected over 200,000 passcodes used on his app and offered the data up as a proxy for actual iPhone passcode usage data based on the similarity of the input system style and functionality.

big brother camera security enter passcode
Amitay now reports that his application has been pulled from the App Store by Apple, although he is unsure at this time whether the removal was due to publication of the data or his admission of collecting it in the first place.

As of today at 4:58pm EST, Big Brother has been removed from the App Store. I'm certainly not happy about it, but considering the concerns a few people have expressed regarding the transfer of data from app to my server, it is understandable.

I think I should clarify exactly what data I was referring to, and how I was obtaining it. First, these passcodes are those that are input into Big Brother, not the actual iPhone lockscreen passcodes. Second, when the app sends this data to my server, it is literally sending only that number (e.g. "1234") and nothing else. I have no way of identifying any user or device whatsoever.

Amitay points to Apple's iTunes licensing agreement in support of his belief that he can collect such information, noting that he had planned on using the data collected to generate a list of common passcodes that would offer a warning of the codes being too obvious if they were chosen by a user. Consequently, it is unclear whether it is the collection itself or the publication of it that raised Apple's ire.

Amitay is currently reaching out to Apple to address the issue and have Big Brother Camera Security returned to the App Store.

Update: Amitay has updated his post to note that he has received a response from Apple relaying that his application was pulled for "surreptitiously harvesting user passwords". He has submitted an updated version of the application omitting the passcode collection capabilities and has appealed Apple's decision on the basis of the data being specific to the app, anonymized, and used for the purposes of improving the application.

Top Rated Comments

DanWithams Avatar
134 months ago
This developer has done nothing wrong, besides show the stupidity of users who use passcodes such as these. The unsolicited collection of data is something that happens everyday. Whenever you shop at WalMart, they record your credit card number and what you bought so they can refund you if need be. BUT they can easily bring up a purchase history and work out what your shopping style is, what you like to buy, what kinds of thing you buy. That's an invasion of privacy to a degree, but do you care?

The HUGE difference here is the developer can't tie up passcodes to individuals. What he wanted to do was look at the bigger picture. Apple published that they've sold x million iPads. OMG My iPad is in that statistics! That's MY data THEY HAVE NO RIGHT! See how stupid that is?

Information is taken from you all the time, whether or not you know it, and for most purposes it's used for seeing trends in large datasets, not to target you personally. Until your personal privacy is breached there's no need to cry. Apple are bending to consumer pressure because of a large volume of complaints they've probably received about the App.
Score: 8 Votes (Like | Disagree)
MacMan86 Avatar
134 months ago
What is the big advantage of Apple's curated App Store? Oh right, that Apple checks all apps for such things before making them available to the public.

As much as I don't approve of what this developer did, I also fear that there are thousands of apps out there, installed on millions of iOS devices, that send much more private data than just a passcode for the lock screen, unasked.

Apple gets 30% of the revenue, they could be a bit more thorough when testing apps...

That's just not realistically possible. For a start, you'd need to packet sniff all wi-fi packets and trawl through the data looking for something that looked like a 4 digit code in this case. Moreover, the minute Apple started doing this, any developer with malicious intent would immediately switch to sending all data over SSL/TLS. When the data is encrypted, the app could be sending anything and there would be no way to know.

Apple are doing the right thing - their API's heavily limit the damage a rogue developer can do but to try to go any further would just be a waste of everybody's time.
Score: 5 Votes (Like | Disagree)
42streetsdown Avatar
134 months ago
This developer has done nothing wrong, besides show the stupidity of users who use passcodes such as these. The unsolicited collection of data is something that happens everyday. Whenever you shop at WalMart, they record your credit card number and what you bought so they can refund you if need be. BUT they can easily bring up a purchase history and work out what your shopping style is, what you like to buy, what kinds of thing you buy. That's an invasion of privacy to a degree, but do you care?

The HUGE difference here is the developer can't tie up passcodes to individuals. What he wanted to do was look at the bigger picture. Apple published that they've sold x million iPads. OMG My iPad is in that statistics! That's MY data THEY HAVE NO RIGHT! See how stupid that is?

Information is taken from you all the time, whether or not you know it, and for most purposes it's used for seeing trends in large datasets, not to target you personally. Until your personal privacy is breached there's no need to cry. Apple are bending to consumer pressure because of a large volume of complaints they've probably received about the App.

People will always make big deals about these 'privacy' issues. It's the same thing as the whole location cache. People'll freak out because they think that somehow they're somehow special and that their info matters.

Should this dev have told his users about this study of his prior to do it? probably. Did it hurt anyone at all? NO
Score: 5 Votes (Like | Disagree)
jclardy Avatar
134 months ago
I don't think anonymous data collection should be forbidden, but when collecting something that could be "personal" information it should be.

In this case it is a users PIN code. While most were probably meaningless, some people may have used the same code to unlock their phone, the same code they use for their bank card or some other important number.

And the issue for me isn't so much that he collected it, it is that the code was probably sent in plaintext over a normal HTTP connection. So if someone was around you with a packet sniffer they could easily grab your unlock code. Of course the chances of this happening are essentially zero (A person must be sniffing the wifi that you are on, you must be using this app, and you must be setting your unlock code) it is still something you probably shouldnt do.

I'm fine with developers collecting simple anonymous data like "how many times did I open this app" or something along those lines, but I'd rather not have my device broadcasting security codes or passwords.
Score: 4 Votes (Like | Disagree)
mroddjob Avatar
134 months ago
You do realise that app developers are allowed to collect data from people using their apps as long as its anonymous? And the user agreement that we as users sign up to could be classed as letting us know that this can happen in any app. So technically i think he's still working within the EULA. I'm not saying i agree with what he did, but theres no need to flame the guy and call for life time bans etc. if he genuinely wanted to use the data to improve his application by stopping people using common passcodes. I'm sure analysis of passwords to persuade people to use less common passwords is/has been a common thing on the internet.

Also IMO it's not like he set out to trick people into using the same phone lock passcode for his app,(maybe i'm wrong and there were ulterior motives to it). But really, we shouldn't be using the same passwords for things, do you use the same pin code for your atm as your phone, or the same password for online banking and your macroumous login?

Edit: ok re-read the article and he did say that because of the similarity in the code screen he thought it may correlate with real codes, but still from the EULA apple does give the developers the right to do it and we still blindly accept the agreement and really he can't do anything with the data to harm anyone, and i think it helps to bring to light the importance of not using easy to guess common passwords (at the read the EULAs we accept)
Score: 4 Votes (Like | Disagree)
pyro008 Avatar
134 months ago
This developer has done nothing wrong, besides show the stupidity of users who use passcodes such as these. The unsolicited collection of data is something that happens everyday. Whenever you shop at WalMart, they record your credit card number and what you bought so they can refund you if need be. BUT they can easily bring up a purchase history and work out what your shopping style is, what you like to buy, what kinds of thing you buy. That's an invasion of privacy to a degree, but do you care?

The HUGE difference here is the developer can't tie up passcodes to individuals. What he wanted to do was look at the bigger picture. Apple published that they've sold x million iPads. OMG My iPad is in that statistics! That's MY data THEY HAVE NO RIGHT! See how stupid that is?

Information is taken from you all the time, whether or not you know it, and for most purposes it's used for seeing trends in large datasets, not to target you personally. Until your personal privacy is breached there's no need to cry. Apple are bending to consumer pressure because of a large volume of complaints they've probably received about the App.
Agreed. It is probably the same stupid users that have 0000 or 1234 as their passcodes that are all up in arms about OMG DEY STEELIN MA INFOS! You get your information stolen every day, but since its not brought to your attention in an article, you don't care? I get so many Amazon emails "recommending similar products" that I would never use that it borders on spam. How do they know which products are similar? Oh noes! Shut down Amazon!
Score: 3 Votes (Like | Disagree)

Top Stories

beats updater

Apple Officially Retires Beats Updater Utility in Favor of Over-the-Air Firmware Updates

Wednesday September 30, 2020 2:30 am PDT by
Apple has officially retired Beats Updater, the software utility that lets users update the firmware of their Beats Wireless headphones, earphones, and speakers. Beats Updater allows users to plug their Beats product directly into the USB port of their computer to check for firmware updates online, but with Apple's growing tendency to deliver over-the-air updates to wireless products via iOS ...
calculatorapp

iOS 11 Bug: Typing 1+2+3 Quickly in the Calculator App Won't Get You 6

Tuesday October 24, 2017 2:03 pm PDT by
A bug in the built-in Calculator app in iOS 11 is getting some major attention this week, despite the fact that it's been around since iOS 11 was in beta testing. At issue is a calculator animation that causes some symbols to be ignored when calculations are entered in rapid succession. You can try it for yourself: Type 1+2+3 and then the equals sign into the Calculator app quickly. Due to...
iPhone 13 Dummy Thumbnail 2

Kuo: iPhone 13 to Feature LEO Satellite Communications to Make Calls and Texts Without Cellular Coverage

Sunday August 29, 2021 7:39 am PDT by
The iPhone 13 will feature low earth orbit (LEO) satellite communication connectivity to allow users to make calls and send messages in areas without 4G or 5G coverage, according to the reliable analyst Ming-Chi Kuo. In a note to investors, seen by MacRumors, Kuo explained that the iPhone 13 lineup will feature hardware that is able to connect to LEO satellites. If enabled with the relevant...
studio buds family

Beats Studio Buds Debuting Today With Active Noise Cancellation, Stemless Design, and More for $150

Monday June 14, 2021 8:00 am PDT by
We've seen a lot of teasers about the Beats Studio Buds over the past month since they first showed up in Apple's beta software updates, and today they're finally official. The Beats Studio Buds are available to order today in red, white, and black ahead of a June 24 ship date, and they're priced at $149.99. The Studio Buds are the first Beats-branded earbuds to truly compete with AirPods...
original iphone

Phil Schiller Says iPhone Was 'Earth-Shattering' Ten Years Ago and Remains 'Unmatched' Today

Monday January 9, 2017 7:15 am PST by
To commemorate the tenth anniversary of the iPhone, Apple marketing chief Phil Schiller sat down with tech journalist Steven Levy for a wide-ranging interview about the smartphone's past, present, and future. The report first reflects upon the iPhone's lack of support for third-party apps in its first year. The argument inside Apple was split between whether the iPhone should be a closed...
m1 imac orange

New iMac Tidbits: Headphone Jack on Side, Ethernet Port on Power Adapter, Spatial Audio and WiFi 6 Support, No SD Card Slot

Wednesday April 21, 2021 6:38 am PDT by
Apple yesterday announced a completely redesigned 24-inch iMac with the M1 Apple silicon chip. The new iMac, the first major redesign of the Mac desktop computer since 2012, has several changes compared to the previous generation. In the aftermath of the event, a few new features and tidbits may have slipped under the radar, so we’ve compiled this list of some of the less-talked-about...
General Apps Messages

Android iMessage Competitor Puts Pressure on Apple

Friday July 30, 2021 3:15 am PDT by
Google and the three major U.S. carriers, including Verizon, AT&T, and T-Mobile, will all support a new communications protocol on Android smartphones starting in 2022, a move that puts pressure on Apple to adopt a new cross-platform messaging standard and may present a challenge to iMessage. Verizon recently announced that it is planning to adopt Messages by Google as its default messaging...
affinity designer contour tool

Serif Updates Affinity Photo, Designer, and Publisher With New Tools and Functions

Thursday February 4, 2021 1:58 am PST by
Serif today announced across-the-board updates for its popular suite of Affinity creative apps, including Affinity Photo, Affinity Designer, and the Apple award-winning Affinity Publisher for Mac, all of which were among the first professional creative suites to be optimized for Apple's new M1 chip. "After another year which saw record numbers of people switching to Affinity, it's exciting to...
iPhone 13 Dummy Thumbnail 2

Full iPhone 13 Feature Breakdown: Everything Rumors Say We Can Expect

Tuesday August 31, 2021 7:50 am PDT by
With the launch of Apple's iPhone 13 lineup believed to be just a few weeks away, we have compiled all of the coherent rumors from our coverage over the past year to build a full picture of the features and upgrades coming to the company's new smartphones. For clarity, only explicit improvements, upgrades, and new features compared to the iPhone 12 lineup are listed. It is worth noting that...
qualcomm snapdragon x60 5g

iPhone 13 Lineup Expected to Use Qualcomm's Snapdragon X60 Modem With Several 5G Improvements

Wednesday February 24, 2021 8:10 am PST by
Apple's next-generation iPhone 13 lineup will use Qualcomm's Snapdragon X60 5G modem, with Samsung to handle manufacturing of the chip, according to DigiTimes. Built on a 5nm process, the X60 packs higher power efficiency into a smaller footprint compared to the 7nm-based Snapdragon X55 modem used in iPhone 12 models, which could contribute to longer battery life. With the X60 modem, iPhone...