[aguynamedrich]

I was checking the app out earlier and was curious to see what they're doing and what kind of data they're collecting, and they're really doing nothing out of the ordinary or worthy of distrust. They're using Flurry and Crittercism like everyone else, reverse geocoding your location with Google Maps API, and just serving up standard JSON data to power the app...again, just like every other app on your phone. One of the things I found interesting is that they're not using any kind of security model to protect the location of the media files online. If you clear the app data or start from a fresh download and trace the calls with a proxy like Charles or Fiddler, the entire album data is served up including full url's to the audio files on AWS. I don't know the etiquette around here, so I'll leave out the actual url and data, etc., but it's easiest enough to find for the crowd here.

I think it's brilliant. They're sending back events to the api when you stop and start tracks, and they're sending all of the information that the phone will give them - location, device/os info, storage/free space. This is probably the most real usage data a major artist has ever received on how, when and where their music is played by home listeners, and I wouldn't be surprised if this sets a major trend. They can pick which singles to release based on this data, decide where to spend the most money promoting concerts, etc.