|
2010-10-05 Software: USB Disk for iPad - Version 1.0.2First, in Proxy log 2 lines appear shortly after starting the app: 1286303998.910 456 192.168.1.47 TCP_MISS/200 232 POST http://data.flurry.com/aap.do - DIRECT/216.74.41.4 application/octet-stream 1286304006.927 8472 192.168.1.47 TCP_MISS/200 255 GET http://imesart.com/ip/login.php? - DIRECT/91.121.70.97 text/htmlUsing Wireshark to track first connect and the use of the Follow-TCP-Stream-function reveals: The red content shows the HTTP-Request, the blue content shows the HTTP-Response. This connect transmits the UDID (your unique device ID), the language, the version of the app and some other information to data.flurry.com. Obviously because of the connect, the owner of the webserver also knows the time and the IP-address of you or your proxy. Lets have a look at the second connect: The second connect goes to imesart.com and transmits also the UDID. It also transmits the IP-Address of the device, which is in my case a private one behind a NAT-Router. After closing the app, another line appears in the proxy log: 1286304085.807 9640 192.168.1.47 TCP_MISS/200 255 GET http://imesart.com/ip/logout.php? - DIRECT/91.121.70.97 text/htmlThis connect looks the same like the previous one, but the login was replaced with logout in the URL. The website owner is now able to track the usetime of this app. Recommended action: Delete the app, because it tracks you. The connects are not necessary for proper function of the app." |