Last week it was discovered that a number of popular iPhone apps were invading users’ privacy and uploading entire address books to external servers. The data uploaded included full names, phone numbers and email addresses, and the offending apps never asked for permission to transfer this sensitive data. A group of researchers at the University of California at Santa Barbara and the International Security Systems Lab began a study last year to discover how and where iPhone apps were transmitting data, reports Forbes. The team found that one in five free apps in Apple’s App Store was uploading private data to external servers, and apps from Cydia, an app store for jailbroken iPhones, would leak private data less frequently than Apple-approved apps. Read on for more.

The study showed that 21% of apps tested from the App Store uploaded a user’s Unique Device Identifier, 4% uploaded the device’s location and 0.5% uploaded the user’s contact list. Just 4% of apps downloaded through Cydia uploaded a user’s UDID and one app — MobileSpy, which was specifically designed for espionage — out of the 500 tested leaked location and contact data. A table from the study showing how frequently authorized App Store and unauthorized Cydia apps leak private information follows below.

[Via Forbes]

Read

Savvy iPhone 4S and iPad 2 owners were elated last week when the new dream team of iOS hacking announced that a jailbreak tool was finally available for owners of A5-powered devices. But there was a catch: the initial release of the new jailbreak tool, dubbed Absinthe, was only available for Mac computers. Owners of Windows machines will be happy to learn that the new jailbreaker resulting from the combined efforts of the iPhone Dev Team, the Chronic Dev Team and pod2g is now available for Windows. Absinthe 0.2 can be downloaded directly from the Greenpois0n website and applying the jailbreak is simple enough. Standard disclaimers considered, Windows users with an iPhone 4S running iOS 5.0 or iOS 5.0.1 or an iPad 2 running iOS 5.0.1 can download the Windows build by following the read link below.

Read

Research In Motion, for the first time ever, suffered an exploit in which root access was gained on one of their devices, the PlayBook. While RIM initially downplayed the significance of the jailbreak, the exploit tool created by a few hackers was recently released to the public and it indeed gave users root access to the BlackBerry PlayBook, bypassing RIM’s security measures. After the jailbreak was released, RIM made an OTA update available that fixed the jailbreak. RIM’s fix has already been jailbroken however, leaving the company’s only tablet exposed, again. This cat and mouse game is something that RIM has not had to deal with in the past due to the enhanced security of the BlackBerry platform.

Read

Apple released iOS 4.3.4 on Friday in an effort to fix a security vulnerability that was present on both the iPhone and the iPad. The fix was supposed to prevent hackers from using a PDF security hole to jailbreak both devices. That didn’t quite work. The next day iPhone Dev Team was able to route around the security fix and issued a jailbreak tool for iOS 4.3.4. iPhone Dev Team has released the latest redsn0w jailbreak tool, but unfortunately it forces iOS 4.3.4 users to keep their iPhone or iPad tethered to their computer during sync and reboot. In other words, if you haven’t already updated to iOS 4.3.4 and want your iPhone or iPad to remain jailbroken, you’re going to be best off sticking with iOS 4.3.3 until another workaround is found.

[Via Mac Observer]

Read

Web-based jailbreak tool Jailbreakme.com is back, and jailbreaking your iPhone, iPad or iPad touch has never been easier. How easy is it, you ask? Simply navigate to jailbreakme.com in Safari on your iOS device and then follow the on-screen instructions. Within seconds, you’ll be on your way to sporting an open iDevice. What’s more, JailbreakMe 3.0 is the first widely available tool to feature support for the iPad 2 (running iOS 4.3.3), so tablet owners will undoubtedly be excited about that. The service also supports every other iOS device other than Apple TV: iPad (iOS 4.3+), iPhone 3GS (iOS 4.3+), GSM iPhone 4 (iOS 4.3+), CDMA iPhone 4 (iOS 4.2.6+) and third or fourth-gen iPod touch (iOS 4.3+). Developer betas of iOS 5 are not supported. Remember to back up with iTunes before jailbreaking and, of course, proceed at your own risk.

Read

Everyone’s favorite muscle-bound nerd brought iOS fans great news on Tuesday: iOS 5 has already been jailbroken. The Dev Team’s “MuscleNerd” posted on Twitter that he has successfully jailbroken Apple’s iOS 5 software using Limera1n. Right now his jailbreak is tethered, meaning the device must be connected to a computer each time it is booted, but this version of the jailbreak will never reach consumers so it doesn’t really matter. MuscleNerd says the exploit used to jailbreak the iOS 5 beta will still work on the final release version, so iOS users can sit pretty knowing the latest version of the operating system will likely be jailbroken immediately following its release this fall.

Read

Jailbroken iOS users will soon have a new option for browsing and installing unsanctioned apps on their devices. A group of iPhone developers known as the Infini Dev Team is currently preparing to release a Web-based alternative to the popular Cydia app store, which will allow users to browse and install applications from within the Safari browser. Dubbed “lima,” the new app store will compete directly with Cydia — and with Apple’s App Store, of course — and it will provide both free and paid applications. It will also be repository-based, and will feature an integrated back up and restoring system to simplify the reinstallation process when users update their iOS software or switch phones. Hit the break for a video of lima in action.

Read

Toyota recently launched a publicized campaign that placed a special Scion-branded theme pack in the Cydia store for jailbroken iPhone users to enjoy. The move was seen as progressive considering Toyota’s decision to embrace the jailbreak community, but a new report reveals that the theme pack has since been pulled from Cydia. According to the report, Toyota’s advertising agency claims Toyota was contacted by Apple and asked to have the theme removed from Cydia. Toyota complied, of course, and had its agency contact the theme’s publisher to have it taken down immediately. Apple has been openly opposed to the jailbreak community in the past, and this latest move hardly comes as a surprise.

Read

Apple released the latest version of its mobile operating system last Friday and within 24 hours, a tethered jailbreak method became available to the public. This should hardly be unexpected, as the Dev Team had said it would wait for iOS 4.3.1 before releasing a jailbreak solution for iOS 4.3 in order to avoid having Apple fix the latest security hole the Dev Team planned to exploit. A “tethered” jailbreak affords users the same ability to customize iOS as the standard jailbreak, but it requires that the device be tethered to a computer in order to boot. An untethered jailbreak is not advisable for most users and the wait for an untethered solution won’t be long, so we definitely recommend waiting a few days before jailbreaking your iPhone, iPad or iPod touch. Sit tight — we all know how fast the Dev Team works.

Read

AT&T has started to issue warnings to customers unofficially tethering their smartphones to its network. In an email to unauthorized tetherers, the company writes, “Our records show that you use this capability, but are not subscribed to our tethering plan.” The correspondence goes on to note that users will be automatically enrolled in the $45 per month “DataPro for Smartphone Tethering” plan if they ignore the warning. “The new plan – whether you sign up on your own or we automatically enroll you – will replace your current smartphone data plan, including if you are on an unlimited data plan,” the email continues. The standard DataPro offering is $25 per month and provides users with 2GB of monthly data, although some users are still clinging to a discontinued, $30 per month 5GB data plan. It is safe to assume that a large portion of the unofficial, tethering populous is jailbroken iPhone users and rooted Android users. “If you discontinue tethering, no changes to your current plan will be required.” A copy of the email tethering-cheaters are receiving is after the break.

Dear [Name of Account Holder],

We’ve noticed your service plan may need updating.

Many AT&T customers use their smartphones as a broadband connection for other devices, like laptops, netbooks or other smartphones– a practice commonly known as tethering. Tethering can be an efficient way for our customers to enjoy the benefits of AT&T’s mobile broadband network and use more than one device to stay in touch with important people and information. To take advantage of this feature, we require that in addition to a data plan, you also have a tethering plan.

Our records show that you use this capability, but are not subscribed to our tethering plan.

If you would like to continue tethering, please log into your account online at www.wireless.att.com, or call us at 1-888-860-6789 Monday – Friday, 7 a.m. – 9 p.m. CST or Saturday, 8 a.m. – 7 p.m. CST, by March 27, 2011 to sign up for DataPro 4GB for Smartphone Tethering. Here are details on the plan:

DataPro 4GB for Smartphone Tethering

• $45 per month (this gives you 4GB in total, combining both your smartphone data plan for $25 and the tethering feature, $20)
• $10 per each additional GB thereafter, added automatically as needed
• Mobile Hotspot capabilities are included for compatible Smartphones

If we don’t hear from you, we’ll plan to automatically enroll you into DataPro 4GB after March 27, 2011. The new plan – whether you sign up on your own or we automatically enroll you – will replace your current smartphone data plan, including if you are on an unlimited data plan.

If you discontinue tethering, no changes to your current plan will be required.

It’s easy to track your usage throughout the month so there are no bill surprises. For example, we send you free text messages when you reach 65, 90, and 100 percent of your plan’s threshold. If you would like to monitor your account more closely, go to www.att.com/dataplans to learn about other ways to track your data usage.

As a reminder, our smartphone data plans also include unlimited usage of Wi-Fi at no additional charge. AT&T smartphone customers can use Wi-Fi at home or on-the-go at any one of our more than 23,000 U.S. hotspots already included in your data plan.

Thank you for bringing your account up to date. We appreciate the opportunity to continue to serve your mobile broadband needs.

Sincerely,
AT&T

Read

It’s rather sad that Bluetooth file transferring coming to a modern smartphone by way of a third party application is something that warrants coverage, but that’s what you get when the smartphone you’re talking about is the iPhone. Its lack of ability to conduct Bluetooth file transfers is just one of the many things we wish were not left off of the original iPhone and when we saw that it wasn’t coming to firmware 2.0+ we were quite surprised. Thankfully it looks like Bluetooth file transfer is almost a reality for iPhone users everywhere. No, the application is not made nor endorsed by Apple and it certainly won’t find its way to the App Store, but if you have a jailbroken iPhone you can grab iBluetooth as soon as it is released into iSpazio repository on Cydia. Hit the jump for a video.

Read

Yeah, we know that the iPhone’s software keyboard is a thing of beauty, and that the aesthetic argument for a clean, unblemished touchreen interface is a good one. That said, there are days when you just need a little physical keyboard goodness to make it through the 300th email response you have to bang out. A clever iPhone hacker seems to agree, having hacked his jailbroken iPhone to support a physical keyboard. Sure, the interface is a bit… clunky, and the actual connection between the keyboard and the phone is a bit cumbersome, but it still warms our hearts to know that there are people working hard out there to prove this sort of demonstration. We can’t see Apple adding much in the way of official support for this, so if a set of actual keys sounds appealing you might want to consider jailbreaking… either that, or buying a different handset.

Read