By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Nick Arnott, investigating for iMore:
On launch, the app immediately does a few things. First, it starts sending pings to https://my.currentc.com/mobile/pinggateway every two seconds or so. No interesting data is sent in the requests and blocking them seems to have no impact on the app. Next, a deviceState request goes out. In the request are your device type (iPhone or iPad) and a unique device identifier. This identifier is stored in the device keychain so even if you delete the app and re-install, it persists, allowing CurrentC to track users across app installs. The third and last request seen on launch is a call to Localytics. Localytics is a mobile analytics company and is used in countless other apps. As with the many other apps using Localytics, this call seems to include a variety of analytics information: not surprising for many apps, and not surprising for CurrentC (though it probably should be for an app seeking to handle payments and personal data).
Looks like an awful lot of personal information going over the wire.
★ Tuesday, 28 October 2014