Pinch Media: Statistics your iPhone apps may be sending back home

Baz writes:

Spyware present on many iPhone Apps in a service offered to iPhone devs to a 3rd party company for statistics collected in the background from iPod touches and iPhones, including unique device ID, usage time and longitude and latitude.

from Eidac:

* Every time you quit an application that integrates Pinch Media, the following data gets transferred to Pinch Media: iPhone UUID (the unique ID of your iPhone), Iphone Software release, iPod/iPhone version, a timestamp when application usage started, a timestamp when application usage ended and (if you allowed it) the longitude and lattitude values of your position. You can see the detailed data that gets send out to Pinch Media in the graphic to the left.
* If no active internet connection is detected, the usage data gets saved to an sqlite database for every session. The next time there is an internet connection available all that data gets send out to Pinch Media servers (
* This all happens in the background. The user has no clue that data is send out to Pinch Media.

The co-founder of Pinch Media, the service in question, is quick out of the gate to respond to the post:

You might wonder if the data we collect is 'personally identifiable'. There's two pieces of data worth discussing - the UDID and the latitude/longitude coordinates. The UDID is tied to a specific phone, but can't be traced back to a user's identity - we've got no way to get your name or address from it, even if we wanted to, which we most certainly do not. The latitude/longitude coordinates are used only to provide high-level aggregated geographic reporting. So the application developer might learn that he has nine users near Berlin, but never anything about any individual. We also don't let application developers send back personally-identifiable information using custom actions - in fact, we've turned people away who've wanted to do this. There's not a single user's phone number, name, or e-mail address stored in our system, and there never will be.

Join the Conversation


  1. Without my consent, it’s spyware. Plain and simple.

    There are a butt-load of popular apps doing this. Suddenly my iPod touch has become less funnest.

  2. The ‘Powered by AdMob’ ads are similar– they send off the device UDID, an app identifier, etc, though not as much as the above (no location info, no timestamps, etc).

  3. This is interesting.

    We know that Google has handed over data on an individual user to a church member – the church member got a subpoena on the information, who then handed the information to the church leaders.

    So if am in a lawsuit against someone, I could use the UDID of their phone and a subpoena to get their location tracking information. I would imagine it would be a very useful tool to have in custody cases – dtailed information on exactly where the wife was … whether she really is a fit mother like she claims to be.

    Recently in Australia we’ve seen the case of Richard Einfeld – sentenced to two years in jail for lying over whether he was driving his car when it was photographed by a speed camera.

    In that case, the police used his cell location from his mobile phone, security camera footage in privately owned carparks, credit card transactions – even information from the restaurant’s computer to show exactly what he ate for lunch. All of this to show exactly where he was at the time. All over a $77 speeding fine !

    I wonder when the first person will go to jail due to information collected by Pinch Media !?


  4. @#3

    If you’re talking about the case I think you are (from Florida, iirc), it would be worth noting that the church member was actually a law enforcement officer and as such he used questionable justification (i.e. he lied/bent the truth) to get subpoenas on multiple people who were actively being critical of the church leadership online.

    IMO that’s a problem with LEOs being willing to violate the spirit and at times the letter of the laws they’re sworn to uphold.

    WRT Pinch Media, I’d be curious to find out what the EULA says when the software is installed. Does it allow for these communications? Not that this makes it morally right, but, until there’s a body of law saying that hiding things deep in the small print of documents of questionable validity is illegal, it’s up to us to watch out for companies that do things we don’t want them to do with the information we give them.

    Plus keep in mind that if you’re talking about going to court, you could subpoena the cell phone company and you’d be likely to get much more information than what Pinch Media collects. Several people have already been convicted based on information from their cell phones so at this point. The important thing to consider is to not have an easily traceable phone on you when you’re planning on committing any crimes.

  5. Oh, I don’t see why everyone’s so worried. I mean, just because the technology exists to match your phone to you with your use of the phone and your location at any time without your knowledge or consent doesn’t mean it ever will be in the future by anyone who is less than scrupulous. I mean, the founder promised they wouldn’t.

    I mean, Walt Disney was a hell of a guy who wouldn’t want his company to simply rest on their laurels of the Mickey Empire by renewing copyright forever, would he? He would have wanted them to come up with new characters and movies and keep entertaining children with new and exciting things.

    Why is everyone so suspicious?

  6. Pinch’s EULA is almost non-existent. You go to their web site and they have a generic privacy policy that really doesn’t tell anything about what they’re doing with the data either from a developer’s or an end user’s perspective.

    I read somewhere their CEO says they sell data. That’s not something they make clear on their site in any particularly obvious way, perhaps not even at all. I’ve been on the data side of the financial services industry long enough to know that you can never truly “anonymize” data from publishers, as they state they do, and that smart people who know the space can almost invariably reverse engineer to discover the source (in Pinch Media’s case, the developer). HFR has this challenge in spades and they’re MUCH more advanced in data knowledge than the Pinch people appear to be.

    And that report they came out with about usage and financial opportunity (ad/paid models) – can you say specious extrapolation? Looks like they got some junior stats geek with no domain knowledge to build a model in a rush without any ability to overlay far more valuable perspective on what were ultimately faulty conclusions.

    Bush league, very bush league.

  7. Here’s what Boing Boing is running right now, right when I loaded this page:

    Google Analytics
    Federated Media
    Google Custom Search Engine
    Tribal Fusion
    Six Apart Advertising

    That’s no fewer than eleven different services that started tracking information about me without my consent. Most (not all) of these services track users across every domain where their code is placed, constructing a profile that’s then used for ad targeting. Some of these services go out of their way to circumvent user attempts to safeguard their privacy. A couple, for instance, store information in the much lesser-known – and rarely deleted – Local Shared Objects that come along with Flash, and have been known to use this information to ‘recreate’ user cookies after they’ve specifically been deleted. A couple more combine the information they’ve gathered about you here with information they’ve pulled in from social networks (where you’re also tracked) to work up a complete demographic profile for targeting. Some of these probably don’t even have a direct relationship with Boing Boing, but are served by other ad networks doing backfill – you could get a different set of trackers, potentially even more invasive, the next time you reload the page.

    I didn’t consent to any of the tracking Boing Boing does – there’s no terms of service or privacy policy that pops up on first entry. Even if there *was*, by the time I got here, it’d be too late. If we went by the first commenter’s standards, Boing Boing’s running eleven different pieces of spyware.

    Every single person who installs an iPhone application consents to data collection in advance – it’s right there in the default EULA Apple’s provided so developers don’t have to hire lawyers before publishing something. So unlike Boing Boing, the developer actually has gotten your consent beforehand.

    I get that people want an explicit opt-in up front, just like they want it for various tracking technology online. People have always wanted this, for any sort of anonymous tracking technology. It’s not offered, by Pinch Media or by any online analytics provider, because it defeats the purpose of the analytics – they’re there to help the developer improve their business, and an opt-in introduces too much uncertainty into the stats. And the stats are what enables developers to make their applications better, so they can keep building. Making sufficient money from the AppStore isn’t cake.

    Analytics provide a useful function – they help keep costs low by allowing developers and content providers to optimize. Boing Boing’s use of eleven different trackers – while a little on the high side – are no different from a developer’s use of Pinch Media. Without them, Boing Boing would make a lot less money and have a lot less resources devoted to spreading hypocritical, misleading FUD.

    There’s always a subset of people who don’t care how useful analytics are, and automatically object to any analytics-providing company. Some don’t get how analytics make a lot of what they enjoy possible (I’m suddenly thinking of the Simpsons – “come back, zinc, come back!”) Some do understand this, but don’t think it’s worth the price of privacy. That’s an honest opinion, and we’ll have to respectably disagree, although I wonder why such a person would even have a mobile phone to begin with, since the carriers track things much more personal than we ever will, and are much more likely to share them. For all of those people, there’s airplane mode, just like there’s the no JavaScript / no cookies / no Flash / no browser extensions option for people using the web. I guarantee that if you do that, we’ll never record any information about you. But I’m not going to apologize for offering a service that helps a bunch of independent developers make a living, any more than Boing Boing should have apologize for running / allowing others to run a bunch of analytics in an effort to improve their advertising yield and pay their bills.

    Oh, and for the commenter that suggested a lawsuit could produce detailed information on a user’s movements – you can’t subpoena what we don’t store, so the best you’re going to get is nearest city. Try the carriers, they’re much more likely to share.

    Greg Yardley
    Co-Founder, Pinch Media

  8. Greg, you write co-founder, but you’re CEO, right? I just Googled you and saw you tweet that you “always wanted” a boingboing hit, then you say this: “Without them, Boing Boing would make a lot less money and have a lot less resources devoted to spreading hypocritical, misleading FUD.”

    Pot, meet kettle. You two should talk.

  9. Anonymous, a couple of comments up:

    Yep, I’m co-founder & CEO. I like ‘co-founder’ more than ‘CEO’ because calling yourself CEO when you’re at a small startup makes you sound like a bit of a tool. The title is necessary when talking with certain people, though, so I use both.

    As for your comment – I don’t usually explicitly indicate whether I’m being sarcastic or not in my twitter feed for the benefit of random people googling me.

  10. I’m curious; they upload this data when there is a connection present. So, in the rare instances when someone is on a limited data plan, how big are these analytics being sent out?

    “* If no active internet connection is detected, the usage data gets saved to an sqlite database for every session. The next time there is an internet connection available all that data gets send out to Pinch Media servers”

  11. Greg, thanks for the input, and try to ignore anonymous barbs. I don’t think you sound like a tool but rather someone with legitimate input. We may or may not disagree on specifics of it but no big deal.

  12. Greg I’m going to have to humbly disagree with you. I believe you fail to recognize the difference between a service and a product. When I use a service I and the provider of that service interact with each other and therefore both have a right to the data generated as such (google analytics, buying something at wallmart). However when I use a product that product belongs to me and may not transmit privileged information to the manufacturer of the product (desktop application, a razor).

    By following your argument Microsoft would have no issue implementing analytics in all of their products and operating systems so long as it’s stated in the EULA and helps them pay their bills?

  13. Yes, please slowly and over time violate my privacy more and more. I signed a contract several years ago allowing you to pry bar in to my location and flowing movement. Please sell my data and tell ’em, “This is an older dude…that’s why he moves so slowly…now he’s in the prune juice isle at the local mini-mart…here he’s at the assistive technology store laying down cash on a walker so he won’t fall over at the crosswalk. I know, let’s ship him a little advertisement on his phone offering a discount on depends panties because we know he’s goin’ have an uncontrolled poofer soon!” CEO schmoe…protect your turf, and be defensive and coy. Geeze give me a break…

  14. I bet Apple would love to know who is jailbreaking their devices. They, coincidently, are the only ones who can match UDID with your name and address.

    Think about it, people.

  15. I have to say I think this is a mute point. If your on an iphone…you are already exposed to the concerns listed above. Out of the box, with no 3rd party apps installed.

    The Gov/NSA can walk into Google, Apple, AT&T and subpoena any data they want. And as stated above, If Apple or AT&T are the only ones who can match UDID to Personally Identifiable Info, that’s who the Gov will subpoena. Going to ad delivery vendors for this info is simply too far down the line.

    This is also akin to privacy policies and web analytics collected for web site monitoring. The same concerns were shouted from the mountain tops a few years ago…now its commonly accepted practice no one bugs out about.

    The arguments that data will be misused are unfounded too. Come on, the ad delivery company isn’t going to abuse your data, its counterproductive. The real concern is what the ad delivery company’s customers have access too, and the privacy/T&C’s of those apps or software are.

    To my knowledge, PinchMedia customers DO NOT have access to long/lat beyond simple reporting. They can’t view long/lat and UDID together.

    Having said all of that….if our user base complained, we’d probably drop drop Pinch and find another way.

    I agree with above, admob is doing basically the same thing. And if you really wanted to be malicious you could use ad server code to track much of what we’re discussing by rolling your own solution.

    What people should really be concerned about is that they are signing on for services and devices for various reasons that track WAY MORE PIM then ever before, AND….all those GPS enable mobiles are pinging apple’s, google’s and satellite servers like nuts, keeping receipts of it all for god knows how long.

    How come no one is bugging about about GPS in cell phones to begin with?

Leave a comment

Your email address will not be published. Required fields are marked *