• Author arn
  • Posted On2008-07-24 00:31:33
  • News

Those looking to download Danielle Cassley and Jason Citron's popular Aurora Feint game have found that the game is no longer available from the App Store.

It appears that Apple has pulled the application temporarily due to some concerns about the storage of user data. Macenstein explored the issue and found that the game creates a copy of your contacts and stores it locally. Meanwhile, your contact information is sent to their servers when using the community feature.

As it turns out, it appears to simply be the groundwork for future community features rather than for any nefarious purpose.

Some people have noticed that on your iPhone’s hard drive we make a local copy of the email and phone numbers from your contact list. This data is sent to our web servers when you press “Refresh Your Friends” on the community page. It is used ONLY to find other players who you know that have opted in to the community feature of Aurora Feint. This data is NOT saved on our web server. It is saved locally on YOUR iPhone so the game can optimize fetching that friend’s data in the future.

The developers have posted a more detailed explanation on their site and have updated their application to send the data using a secure connection. The new version is currently "in review" and should also include some long standing bug fixes.

  • D Wo

    They could have asked in the game if it's OK...

    Man this pisses me off!! =(

  • D Wo

    They could have asked in the game if it's OK...

    Man this pisses me off!! =(

  • VeganTnT

    they DID ask in the game.

    they fixed the problem BEFORE macensteins article came out the update was going to be submitted but before that could happen they had to deal with negative press.

    the community feature is now offline if you have AF

    The next update (the one currently in review) is patched with more specific wording and will send the data securely with https

    the next update after that will disable the feature entirely.

    This is an amazing game. made by 2 developers in 10 days, they had no idea it would be so popular, and what they did was a design choice. Had they made people manually put in every phone number and email in their contacts there would have been even more people displeased.

    what I have a problem with is that very few people will actually take the time to learn the truth. I've written SEVERAL long posts on the subject because places like Macbytes like to start witch hunts

    This is a post I did on the AF forum right after the story broke on macrumors/macbytes

    http://aurorafeint.proboards100.com/index.cgi?board=world&action=display&thread=314

  • VeganTnT

    they DID ask in the game.

    they fixed the problem BEFORE macensteins article came out the update was going to be submitted but before that could happen they had to deal with negative press.

    the community feature is now offline if you have AF

    The next update (the one currently in review) is patched with more specific wording and will send the data securely with https

    the next update after that will disable the feature entirely.

    This is an amazing game. made by 2 developers in 10 days, they had no idea it would be so popular, and what they did was a design choice. Had they made people manually put in every phone number and email in their contacts there would have been even more people displeased.

    what I have a problem with is that very few people will actually take the time to learn the truth. I've written SEVERAL long posts on the subject because places like Macbytes like to start witch hunts

    This is a post I did on the AF forum right after the story broke on macrumors/macbytes

    http://aurorafeint.proboards100.com/index.cgi?board=world&action=display&thread=314

  • D Wo

    The game was made in 10 WEEKS, not 10 days.

  • D Wo

    The game was made in 10 WEEKS, not 10 days.

  • http://www.blakespot.com blakespot

    @D Wo: Indeed - 10 weeks. That's impressive enough. 10 days would be, well, godlike. :-)

  • http://www.blakespot.com blakespot

    @D Wo: Indeed - 10 weeks. That's impressive enough. 10 days would be, well, godlike. :-)

  • Troy

    "they DID ask in the game"

    I'm sorry, but everything you said after that was just "blah blah blah".

    No, they most certainly did not ask. I am very impressed with this game, however, knowing this, I would not have downloaded it, and it will be removed immediately.

    Grabbing your info like that without asking permission sounds like grounds for a lawsuit. It's sleazy developers like this that are going to force apple into setting up the OS to notify you when an app is accessing your private information.

  • Troy

    "they DID ask in the game"

    I'm sorry, but everything you said after that was just "blah blah blah".

    No, they most certainly did not ask. I am very impressed with this game, however, knowing this, I would not have downloaded it, and it will be removed immediately.

    Grabbing your info like that without asking permission sounds like grounds for a lawsuit. It's sleazy developers like this that are going to force apple into setting up the OS to notify you when an app is accessing your private information.

  • http://www.jsayreallen.com Jonathan Allen

    The difference here is that when web applications use your contacts, there is usually some kind of portal where you are wanting to import contacts from other sources like gmail, facebook, or another site. You have to do this manually so you are very aware of what is going on. When I clicked the community tab, I did not know that my contact list was copied and sent to a remote server. That is very different than connecting with another source.

  • http://www.jsayreallen.com Jonathan Allen

    The difference here is that when web applications use your contacts, there is usually some kind of portal where you are wanting to import contacts from other sources like gmail, facebook, or another site. You have to do this manually so you are very aware of what is going on. When I clicked the community tab, I did not know that my contact list was copied and sent to a remote server. That is very different than connecting with another source.

  • Ryan

    As far as I can see, this is all a moot point. Why blame the developers? Apple is the one who gave them this capability and never put anything in the SDK giving them guidelines on how to use it. Obviously in this case the developers are being very upfront and are almost certainly trustable....but probably not so in other cases.

    I GUARANTEE you that there are far more apps than this one that are doing this. Look at speechcloud for example. It records your voice, sends the sound file and your contacts list off to the server, gets a match THERE (not on your iphone itself), and returns the result.

    Apple is to blame here, and no one else. Apple should have set up a system-level alert that asked YOU if you wanted to give the app access to your contacts...kinda like location services does.

  • Ryan

    As far as I can see, this is all a moot point. Why blame the developers? Apple is the one who gave them this capability and never put anything in the SDK giving them guidelines on how to use it. Obviously in this case the developers are being very upfront and are almost certainly trustable....but probably not so in other cases.

    I GUARANTEE you that there are far more apps than this one that are doing this. Look at speechcloud for example. It records your voice, sends the sound file and your contacts list off to the server, gets a match THERE (not on your iphone itself), and returns the result.

    Apple is to blame here, and no one else. Apple should have set up a system-level alert that asked YOU if you wanted to give the app access to your contacts...kinda like location services does.

  • mini vanilli

    game has been instantly deleted off my iphone after reading this. the only thing thats going to stop developers from doing this and not being clear about their intentions is us, the USERS, not accepting this! its a GREAT game, but people should make an example out of this and i promise it will not be an issue again or a rare one at that.

  • mini vanilli

    game has been instantly deleted off my iphone after reading this. the only thing thats going to stop developers from doing this and not being clear about their intentions is us, the USERS, not accepting this! its a GREAT game, but people should make an example out of this and i promise it will not be an issue again or a rare one at that.

  • ArtOfWarfare

    Well, at least it's proof that Apple is being cautious and not about to let their reputation for having the worlds most stable operating system become a joke.

  • ArtOfWarfare

    Well, at least it's proof that Apple is being cautious and not about to let their reputation for having the worlds most stable operating system become a joke.

  • Shannon Shiflett

    Any app that even so much as looks at my contacts will be deleted by me immediately. Our surveillance society is out of control. My contacts is NEVER their business.

  • Shannon Shiflett

    Any app that even so much as looks at my contacts will be deleted by me immediately. Our surveillance society is out of control. My contacts is NEVER their business.

  • Jevo

    Deleted this game from my iTunes library, I don't have an iPhone yet so this game won't even get on to it when I get one.

  • Jevo

    Deleted this game from my iTunes library, I don't have an iPhone yet so this game won't even get on to it when I get one.

  • UnknownElementX

    dear lord people....this whole privacy rant is horrendously overdone. you had no idea? It asked specifically for your info. Obviously if it needs to locate your friends, it must draw them from somwehere.

    While it might've been more explicit about how its done, this over the top big brother junk is really getting tiring. they are not storing all your contacts, they only store what you type in. your contact list is used once in order to match friends when you click refresh. theres a difference. CHILL OUT!

  • UnknownElementX

    dear lord people....this whole privacy rant is horrendously overdone. you had no idea? It asked specifically for your info. Obviously if it needs to locate your friends, it must draw them from somwehere.

    While it might've been more explicit about how its done, this over the top big brother junk is really getting tiring. they are not storing all your contacts, they only store what you type in. your contact list is used once in order to match friends when you click refresh. theres a difference. CHILL OUT!

  • Troy

    "It asked specifically for your info"

    What are you talking about? It NEVER asked for my info. Then again, I never clicked on any "community" tab. Does that mean it never grabbed my info?

  • Troy

    "It asked specifically for your info"

    What are you talking about? It NEVER asked for my info. Then again, I never clicked on any "community" tab. Does that mean it never grabbed my info?

  • Mr. Zorg

    "What are you talking about? It NEVER asked for my info. Then again, I never clicked on any 'community' tab. Does that mean it never grabbed my info?"

    Yes. That's exactly what it means. Don't believe the hype when you have the developers themselves telling you exactly what they did and didn't do and why.

  • Mr. Zorg

    "What are you talking about? It NEVER asked for my info. Then again, I never clicked on any 'community' tab. Does that mean it never grabbed my info?"

    Yes. That's exactly what it means. Don't believe the hype when you have the developers themselves telling you exactly what they did and didn't do and why.

  • Ben

    Please understand the situation before you comment, people. The majority of you here look like complete idiots. NIMBY much?

  • Ben

    Please understand the situation before you comment, people. The majority of you here look like complete idiots. NIMBY much?

  • Nag

    To all the people that have questions about what happened please read the link in the article. It includes all the information as to what was going on.

    Just incase you don't read it here are the important points:

    1) If you never used the community feature it never sent any contact info to the servers. The community feature is opt in, if you just played the game you never sent any contacts to them.

    2) All personal information on their servers was deleted after they realized they were popular. Apparently they released an unsecure version not expecting so many people to be using the game. While this is somewhat of a bad excuse (you really should do security first) it is understandable.

    3) If you did use the community feature in the game your contacts were never stored on the server. The only thing they stored was your number and email address you gave them when signing in to the community feature.

    So, all the people freaking out just calm down. Yes, this was a screw up. No, it isn't the end of the world. Hopefully they'll get this sorted out and a good game can return to the app store.

  • Nag

    To all the people that have questions about what happened please read the link in the article. It includes all the information as to what was going on.

    Just incase you don't read it here are the important points:

    1) If you never used the community feature it never sent any contact info to the servers. The community feature is opt in, if you just played the game you never sent any contacts to them.

    2) All personal information on their servers was deleted after they realized they were popular. Apparently they released an unsecure version not expecting so many people to be using the game. While this is somewhat of a bad excuse (you really should do security first) it is understandable.

    3) If you did use the community feature in the game your contacts were never stored on the server. The only thing they stored was your number and email address you gave them when signing in to the community feature.

    So, all the people freaking out just calm down. Yes, this was a screw up. No, it isn't the end of the world. Hopefully they'll get this sorted out and a good game can return to the app store.

  • Nachoes

    You can actually still install Aurora Feint, just google it. The phobos.apple.com link's still valid, they're just filtering searches for Aurora Feint in the App Store.

  • Nachoes

    You can actually still install Aurora Feint, just google it. The phobos.apple.com link's still valid, they're just filtering searches for Aurora Feint in the App Store.

  • Rich

    Love the game, still love the game, still gonna play the game.

    Seriously people, the devs have been 100% honest about this. Yeah, they made an error of judgement (which they're now fixing ASAP), but that's a looooong way from data abuse.

    *sigh*

  • Rich

    Love the game, still love the game, still gonna play the game.

    Seriously people, the devs have been 100% honest about this. Yeah, they made an error of judgement (which they're now fixing ASAP), but that's a looooong way from data abuse.

    *sigh*

  • oracle_ab

    Agreed about folks freaking out about this for nothing. Opt-in is just that. If you opted into something w/out doing your homework, that's no-one's fault but yours. Google Mobile App searches your iPhone/iPod touch, as other have said, other apps do this very same thing. And I'm in agreement that it's Apple's fault for not making it more secure w/in their SDK. If they didn't specify how this functionality should or shouldn't be used, then Apple failed to ensure their SDK was as secure as they may have wanted it to be. I, for one, continue to play the game, would love to see the full effect of the Community feature, and have no quarms paying for an update if the developers so chose to charge. With blogs, social sites and e-mail, most everyone's privacy is just about up for grabs.

  • oracle_ab

    Agreed about folks freaking out about this for nothing. Opt-in is just that. If you opted into something w/out doing your homework, that's no-one's fault but yours. Google Mobile App searches your iPhone/iPod touch, as other have said, other apps do this very same thing. And I'm in agreement that it's Apple's fault for not making it more secure w/in their SDK. If they didn't specify how this functionality should or shouldn't be used, then Apple failed to ensure their SDK was as secure as they may have wanted it to be. I, for one, continue to play the game, would love to see the full effect of the Community feature, and have no quarms paying for an update if the developers so chose to charge. With blogs, social sites and e-mail, most everyone's privacy is just about up for grabs.

  • girlgeek101

    There was an update today but after I updated it stopped working. Now it won't load.

  • girlgeek101

    There was an update today but after I updated it stopped working. Now it won't load.

  • Poor

    Rich n' Pals,

    I looooove your "*sigh*," it says a lot about your incredible patience dealing with the simpletons in here. I can't imagine how any of them could pooooossibly care that some buggy tetris game uploaded their address book to a random server somewhere on the Internet. How could they not expect this to happen, when the zero-doc game's hypo verbose one-liner on the community tab made it so clear what was going to happen? I mean everyone knows that phone number+email=upload your addressbook.

    Anyway, you and other like-minded posters here are right. Data abuse isn't even remotely possible in this case. The reasons are so numerous, for example after they got caught, the developers said they didn't keep any of the information they designed their game to collect, so therefore by the laws of physics and such, that has to be true. Clearly, to believe otherwise requires a tinfoil hat.

    The corollary to those same laws of physics is apparently that nobody can be upset that it happened in the first place or they're just "freaking out about this for nothing." I have no "quarms" about saying I'm pissed. It would have been great if you and the rest of the fanboi brigade could stick up for the AF devs without being condescending to those of us who care about privacy, but so be it.

    P.S. Ben - Whatever you think "NIMBY" means is not what it means, look it up.

  • Poor

    Rich n' Pals,

    I looooove your "*sigh*," it says a lot about your incredible patience dealing with the simpletons in here. I can't imagine how any of them could pooooossibly care that some buggy tetris game uploaded their address book to a random server somewhere on the Internet. How could they not expect this to happen, when the zero-doc game's hypo verbose one-liner on the community tab made it so clear what was going to happen? I mean everyone knows that phone number+email=upload your addressbook.

    Anyway, you and other like-minded posters here are right. Data abuse isn't even remotely possible in this case. The reasons are so numerous, for example after they got caught, the developers said they didn't keep any of the information they designed their game to collect, so therefore by the laws of physics and such, that has to be true. Clearly, to believe otherwise requires a tinfoil hat.

    The corollary to those same laws of physics is apparently that nobody can be upset that it happened in the first place or they're just "freaking out about this for nothing." I have no "quarms" about saying I'm pissed. It would have been great if you and the rest of the fanboi brigade could stick up for the AF devs without being condescending to those of us who care about privacy, but so be it.

    P.S. Ben - Whatever you think "NIMBY" means is not what it means, look it up.

  • Jason

    This is exactly why the iPhone was a closed system for so long. This is the very thing Apple was concerned about when everybody cried that they wanted to jailbreak the system. Kudos to Apple for looking out for the integrity of our data from the get-go.

  • Jason

    This is exactly why the iPhone was a closed system for so long. This is the very thing Apple was concerned about when everybody cried that they wanted to jailbreak the system. Kudos to Apple for looking out for the integrity of our data from the get-go.

  • Ben

    Ooo, he put us in our place.

  • Ben

    Ooo, he put us in our place.

  • http://www.cyclelogicpress.com Partners in Grime

    Is that why it's called Aurora Feint — after you find out what they did with your data you faint? :)

  • http://www.cyclelogicpress.com Partners in Grime

    Is that why it's called Aurora Feint — after you find out what they did with your data you faint? :)