In-Depth Look at CurrentC and the Personal Data They Want to Collect
[Via Daring Fireball]
Nick Arnott, investigating for iMore:
On launch, the app immediately does a few things. First, it starts sending pings to https://my.currentc.com/mobile/pinggateway every two seconds or so. No interesting data is sent in the requests and blocking them seems to have no impact on the app. Next, a deviceState request goes out. In the request are your device type (iPhone or iPad) and a unique device identifier. This identifier is stored in the device keychain so even if you delete the app and re-install, it persists, allowing CurrentC to track users across app installs. The third and last request seen on launch is a call to Localytics. Localytics is a mobile analytics company and is used in countless other apps. As with the many other apps using Localytics, this call seems to include a variety of analytics information: not surprising for many apps, and not surprising for CurrentC (though it probably should be for an app seeking to handle payments and personal data).
Looks like an awful lot of personal information going over the wire.
Loved this line from the article:
With CurrentC, you’re not the customer — you’re the product being sold.
Read the article and see just how much data appears to be sent to servers under the control of the merchants. They want your name, address, email address, etc.
And then read how insecure the system is right now. A brute force approach could reveal who is signed up and who is not.
It also collects GPS and health data. So much personal data in their control (along with, I expect, information about your bank accounts, and the merchants have shown themselves so good with security. Not!
Forty million card information stolen from just one merchant. That breach at Target cost credit card issuers $200 million just to issue new cards. Lord knows how the information stolen was used.
And how many of those breaches have we seen recently? Letting the merchants control our data is not reasonable.
For those who want so see just what these merchants will do with this data. Yes, Target knew a teenage girl was pregnant before her family did. And sent ads to her father.
They know when you are ill. Or dating. All because they have access to your credit cards which allows them to tie addresses, etc. to purchases.
None of the information Apple Pay transmits is accessible to the merchants or any of their employees/terminals. That is one reason CurrentC hates Apple Pay – they want access to that information which gets transferred to their servers.
To send us ads and coupons.