[interlagos]

The location data concern was that if anyone got possession of your phone or a copy of your backup, they could discern your entire location history.

With this finding, if someone got possession of your phone, they could apparently discern...nothing. Instead a subset of data is sent to a company contracted by the carriers (or at least one - Sprint) for the purposes of network monitoring/quality monitoring. Of course the carriers already know your location history through time (just as they know every SMS you sent, picture you sent, data you transmitted, voice call you made, etc), whether you're on a smartphone or dumbphone, and everyone knows and is aware of this.

Is this app sending too much data? I guess we'll find out. Is it "1000 times worse" than a forever location log easily exploitable? Not really.

EDIT (while sitting at -4 while the hysterics have their fit of vapours): Moderation in this story has demonstrated to me once and for all that HN is largely populated by ignorant bottom-feeders now. It is a sad state of affairs, and this site desperately needs a turn off moderation from dipshits option for users to toggle.

[hackoder]

I think it is certainly a lot worse. All user data (since it is a keylogger?) being logged and sent to a third party without user knowledge or consent, how is that not worse than just logging user information on the device?

To get access to your location data on the iPhone, someone would have to steal your phone or get into your itunes account. This is happening in the background.

[interlagos]

>All user data (since it is a keylogger?) being logged and sent to a third party without user knowledge or consent

Where does anyone say that it is being sent to a third party? This rather noob-ish developer noted that they have a keyboard hook, but in no way does that mean that they send all of your keystrokes to a third party.

Honestly I think I expect too much from HN. The level of discourse on here is absolutely no better than any typical blowhard site.

[hackoder]

I dont see how meta comments on HN help the discussion?

Directly from the article:

> “Our technology is not real time,” he said at the time. "It's not constantly reporting back. It's gathering information up and is usually transmitted in small doses.”

The issue is, we don't know what this software is gathering and sending. It is not being done with consent.

But you're right, this needs to be looked into before getting the pitchforks out. But certainly, having the presence of a keylogger is bad enough in itself.

[interlagos]

I'm sure people consented through some random paragraph in a two hundred page long EULA, usually under the guise of quality monitoring.

The meta is pertinent. I expect the sort of knee-jerk reaction among non-software developers. I don't among a more educated in the realm crowd.

There is little chance this company is recording, much less transmitting, everything you type, every message you receive, etc. I would hazard a guess that they do, however, record basic usage patterns to let the carrier know how people are using their devices ("6975 characters average per day, send 256 messages while receiving 12. Spends an average 37 seconds in the dialer.").

[arunabha]

If someone got your phone, they could get all the passwords you typed in. Its certainly not 'nothing' that they could discern.

[interlagos]

??? Really, how so. How are they going to get all of the passwords you typed in? Can you point out where anyone has noted any log on the device of this data?

This whole story is that they have system event hooks. That's it. Maybe a real security researcher will find something deeper, but as is it's a nothing story of limited interest. When people like you carry it further than reality you just add ignorance to the conversation.