Rally that Lobby

Tech giants lobby Senate to curb NSA spying

Privacy Redux

Congress discusses privacy in wake of nude leaks


Developers must now list privacy policies in App Store

Who's tracking who?

iOS 8 MAC address randomization and you


FBI wants the the keys to your phone's data


Apple reaffirms commitment to protecting privacy everywhere, including China


UK government set to rush through emergency surveillance legislation


Location permissions in iOS 8: Explained


Apple awarded top marks for protecting user data from prying governments


iOS 8 wants: Privacy Sheets to make permissions manageable


Apple, Google, Microsoft increasingly defying U.S. government, informing customers of data demands


App Store now rejecting Flappy Bird copy-cats


QuizUp accused of lax security that lets other players see your private data


Darkmail Alliance wants to create newer, more private email standard to prevent snooping


NSA reportedly infiltrated Yahoo!, Google data center links, collected hundreds of millions of user accounts


Unity updated with MFi game controller support for iOS 7


U.S. President Obama to 'rebalance' NSA surveillance program, but is that enough?


Apple's Tim Cook, other tech leaders meet with U.S. President Obama, discuss NSA spying concerns


Private email service Lavabit chooses to quit rather than submit

ZEN & TECH 57: From NSA to cameras everywhere: Coping with privacy violations

< >

Apple Rejects/Removes Unity-built Games to Protect User Privacy


It looks like Apple is using its rejection power for good this time -- removing games built on the Unity engine which included private-API calls that could be used to steal private user information like your iPhone's phone number.

Not all of the rejected/removed games were engaged in privacy violations (or even had the network capability to exploit it), but Apple isn't taking any chances following the Storm8 lawsuit. Touch Arcade has the details:

The Unity engine currently uses the two private API calls that Storm8 allegedly exploited to steal user data, _NSGetEnviron and exc_server. Mantas Puida of Unity Technologies explains these two API's utilized by the Unity engine serve the following functions:

_NSGetEnviron is used by Mono runtime to provide implementation of .NET core API method: Environment.GetEnvironmentVariable().

exc_server is also used by Mono runtime to provide graceful NULL reference exception handling.

The Unity engine, however, has been updated to remove the offending API calls, and the games are being recompiled and resubmitted to the App Store. Hopefully this will keep users' data safe from unscrupulous developers, while the scrupulous ones continue to turn out great games.

[Touch Arcade via TUAW]

Have something to say about this story? Share your comments below! Need help with something else? Submit your question!

Rene Ritchie

Editor-in-Chief of iMore, co-host of Iterate, Debug, Review, Vector, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

Apple Hiring Gaming Engineer for iPhone Team

Next up →

Verizon iPhone Attack Ads Take the Gloves Off, Target Steve Jobs?

Reader comments

Apple Rejects/Removes Unity-built Games to Protect User Privacy


The factory warranty on your car is about to expire.
Thanks apple, way to finally take one for the team, and not one for yourself

I think that it should be noted in this article that there is actually no requirement to build a game in with the Unity platform in order to retrieve phone numbers and submit them to a server.
Although Storm8 may have been using Unity to do this, from what I understand, such functionality is already available to programmers using public APIs and without Unity.

Apple may have other motives for removing apps based on the Unity platform, and for the record I agree with removing Storm8 if they are violating privacy.
However without Unity these actions are still possible even through the official public APIs.

Just a clarification, I was talking about the address book framework. Which makes it possible to retrieve any phone number stored in the phone book.
If the Unity "hack" allowed for retrieving the owners phone number which was not stored in the address book this is definitely a cause for concern.
However Unity appears to have already fixed this issue, and developers that have built under the new version are still being rejected:http://toucharcade.com/2009/11/12/ravensword-and-many-other-unity-powere...
I hope for them that Apple will begin to approve Unity based apps again as long as they are built with the new version.

Let's keep it on-topic folks and discuss the story, not each other. We appreciate everyone's time, and their understanding. Thanks!

"That’s one reason I’m [happy] apple is such a stickler on approvals"
Huh? Apple approved Spyware for your iPhone! WTF are you talking about? Apple being "a stickler" seems to give you no protection, given tat they have approved multiple pieces of Spyware.
And besides, if there were any other mainstream place to get apps, it would be YOUR decision whether or not to install them. You gain nothing by Apple being "sticklers", and yet you lose choice. Why does that make you happy again?

To much gaming is bad for your health. you will get fat! there are loads of other things you can do in life. but still a great story