What happened to Aurora Feint? It's gone!

This game steals contact info. It generates a file called "iMmoAccountData" auto with all your contact info when the first time you run it. I think Apple removed and banned it forever. I hope Apple will do more security check before putting application on iTunes App store.

Message was edited by: anewday

see here:

http://aurorafeint.proboards100.com/index.cgi?board=crash&action=display&thread= 346

If what they told is true, they should have told everyone about the feature, instead of doing it sneaky.

Message was edited by: anewday

I just read their post on their website. I don't know if it's just me, or the lawyer inside of me, but it certainly looks as though they are playing MAJOR damage control. It's going to be interesting to see the fallout over this. At the very least they could have at least made it a feature you can turn on/off. Wow.

Hi everyone,

I think you might be in need of some clarification. This whole thing has been exaggerated all over the web and blown WAY out of proportion.

This game does not "steal" your contact info. I mean, it is an MMO, so if you want to play with friends online, then of course you need SOME way to find them. BUT - now this is the important part - *NOTHING AT ALL* was uploaded to their server unless you specifically enabled the Community feature, entered your own email address and phone number, and pressed the “Find your friends” button. If you did all of these things, then and *only then* was your data sent to the server to query, and then PROMPTLY DELETED. The only data being stored was your own info which you entered yourself by choice - your email and phone #.

Of course, if you never used the Community feature in this game, then nothing at all was sent. If you did, then you surely would have had some idea that you were transmitting data, as you had to enter and send it yourself. In any event, none of this information was stored anywhere except locally - on your own phone.

And that's what that file is that anewday mentioned - iMmoAccountData is a file the game creates on your hard drive - it also stores your character's stats and progress, etc. so you don't have to start from the beginning every time. But I repeat, this file was never sent anywhere unless you explicitly turned on the Community feature.

I hope this clears up some confusion, and that Apple will release the new, higher-security update of the game soon!

It's back in the App Store. Would you try it again?

I heard network feature is removed in the new version. No need to input username, and game saves locally now.

Come on! The game transports all(!) my(!) contacts without(!) encryption over the internet to their server. I hope the server is secure, otherwith a hacker can steal all contacts from all iPhone users.

It is so f ** unbelievable that Apple puts a app like this on the store. This is a scandal!

That the data is transfered without encryption is the smaller part of the problem. All my contacts without notifying me to an untrusted server!!

Nothing was ever saved on the server in the first place - so there was nothing for a hacker to steal. The only time data was vulnerable was during the transport, when it could have been susceptible to a packet sniffer, and we already know that this did not happen. No personal data was compromised.

In any event, Apple has put the updated game back up on the app store, and is endorsing it in their "What We're Playing" section. The devs sent out an annoucement on their forum, and I've copied part of it here:

"Now, here's some even cooler news. We've heard you guys loud and clear. We are removing contact list integration from Aurora Feint. Early next week we're going to put out another update which will use a system similar to Nintendo's friend codes but less of a hassle. So, once we get that out, there will be no personal data pulled from your phone at all.

In the mean time, remember these things:
1) We do not pull data from your contact list before notifying you. There is now a notification in-game when this is done. And it is only done on the community page by YOU pressing the submit button.
2) We never store your contact list on our web server.
3) All data sent over the wire is now completely encrypted.
4) No contact data is saved on your phone's hard drive anymore. This has been removed.

Thank you all for your tremendous support. Danielle and I are so excited that we can bring AF back to you with Apple's stamp of approval. We hope you enjoy the fixes and new content we've put in this version of the game."

You can find the full announcement w/ release notes at http://aurorafeint.proboards100.com/index.cgi?board=world&action=display&thread= 369&page=1#3940.

In the meantime, yes I downloaded the new version as soon as I heard it was up - and it's so much better! A lot of bugs were fixed, and I highly encourage everyone to try it out at least once. You don't have to use the online feature at all if you don't want to. Have fun!

batasha03,

A well-composed response. Detailed, professional, and non-defensive. I think you handled it very well, and I respect that. I'm not much into games, but your professionalism and integrity will make me want to check it out.

Sometimes developers forget about privacy concerns when their intentions were good. The transferring of any personal data is a very hot topic these days. A lesson learned, I suppose...

Thanks, Frank. 🙂

I think it's important to point out that not only were their intentions good, but that this contact-searching feature grew out of their discovery that the Apple SDK fully permits that access - for any program! The whole idea of accessing the contact list would never have even occurred to them otherwise. So it's not as if they found some security loophole in the SDK - that information was freely handed over by Apple.

What's REALLY amazing is that the SDK doesn't allow any program to access the iTunes library! Apple is happy to give up the keys to YOUR private information, but god forbid you should get a free song or two.

Corporate America. Sigh.

I agree with batasha03 .