Aurora Feint, the thoroughly excellent (and free, would you believe?)  game has been removed from the App Store due to privacy concerns over its Community feature, which allowed you to see which of your friends were playing the game at the same time.   The concern surrounds the fact that Aurora Feint apparently uploads your entire Contacts list — unencrypted — to the developer’s server.

According to Danielle Cassley, one of the game’s creators, there was no nefarious intent; having your contacts uploaded was easier than typing in friend data by hand.   Casserly maintains that they "weren’t trying to be sneaky about how this worked" and that a notification message of some sort was "just overlooked".  

Casserly notes that an updated version that uses HTTPS to encrypt the data has been submitted to the App Store and is currently "In Review" status.   She notes that the data in question was never stored on their servers.  

The question that remains unanswered: Why transfer the entire contact list at all when most of those contacts are likely not iPhone owners? Why not present a list of contacts and allow players to checkmark those whom they’d like to keep track of in the Aurora Feint Community?

Thus far, it appears that those who already have downloaded the game will not see it magically disappear from their iPhones – which begs yet another question – does Apple have any methodology for mass-removing from iPhones applications that prove to be legitimate security threats?    

Share this: