Skip to main content

Zeptolabs Spying on You?

I am a developer. Today, I hooked up the device log to my android tablet which has Cut The Rope on it (Zeptolabs). Surprised, I found a curious series of log entries:

01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): [] : sendInstalledApps() -- FOUND_INSTALLED: com.djinnworks.StickmanBaseJumper.lite
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): [] : sendInstalledApps() -- FOUND_INSTALLED: com.duckduckmoosedesign.ibs
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): [] : sendInstalledApps() -- FOUND_INSTALLED: com.facebook.katana
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): [] : sendInstalledApps() -- FOUND_INSTALLED: com.fandango
Furthermore, it even sends application usage information:
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): CommManager: processesRequest() [thread:467] [request:1230252154] Sending POST data as part of the request [length: 5221]:
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): app_usage_data=%5B%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%224.4.54%22%2C%22key%22%3A%22android.package.ver

Apparently this game is enumerating all of the installed apps that I have on the tablet and is sending it to their server.

Here is where they upload the payload to their servers:

01-14 20:54:17.843 V/GetJar SDK [com.zeptolab.ctr.paid](14868): CommManager: processesRequest() [thread:467] [request:1230252154] ROUTE [ResolvedIP:  ProxyHost: null  TargetHoust:  Secured: true  Tunnelled: false]
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868): The request properties for this request:
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868):       Content-Language = 'en-US'
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868):       Content-Type = 'application/x-www-form-urlencoded'
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868):       User-Agent = 'GetJarSDK/20120921.02 com.zeptolab.ctr.paid/18 android/4.2.1 (google; nakasi; Nexus 7)'
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868):       Authorization = 'client_app.token=&user.user_access_id=&app.capabilities=18&legacy.client_app.soft_id=75206&'
The IP address ( belongs to Getjar, inc., located at:
Getjar, Inc. 
Street 1510 Fashion Island Blvd, Suite 300
City San Mateo 
State/Province CA 
Postal Code 94404

Popular posts from this blog

How To Cancel ATT Uverse

I was a subscriber to the AT&T Uverse service for a little over 2 years. In that time, we had experienced good service for the first year, and then it sucked. After 12 months, or there in, the service degraded quickly, and would stop working all together at times. At first it would die for a short period of time, usually when we were not home. Then it would get progressively worst, until there was an entire week of no service. We had technicians at the house trying to fix the service, but it would repeat the behavior quite consistently.

On January 15th we finally gave up and switched to a lesser service, COX TV and Internet. In the past we had cable service and it was always reliable, but not as good as the AT&T digital service. COX doesn't have nearly as many HD channels, but that's not enough. We needed internet to be reliable, and AT&T couldn't deliver that.

Cancelling the AT&T service was a nightmare. Try to find anything about such things on their web si…

Splunk To root or Not To root

Today I added some add-ons to my splunk and did some sysadmin on the server. Restarted and noted the splunkd was not running. Ahh, well, that's typical. Starting the splunk daemon is easy enough:

Start Splunk - from the people who made splunk.

There are two ways to start splunk, as you can read from above. One is to run the "splunk" process from your root shell after logging in. This will run splunk as root. The other is to use the nifty systemctl service script to daemonize the process.

Prior to today, I had the same problem and ran the splunk process as root. This was foolish. If you happen to have once started splunk as root, and then successfully started splunk as the "splunk" user, you will find that your splunk login page is empty. You get the background picture, but no input controls.

Damn. Google that, nada. Damn again.

Today, I learned alot more about selinux and permissions and labels, so I investigated the "web_service" log (/opt/splunk/var/…

Host Species Barrier to Influenza Virus Infections

The title of this entry was taken from a paper written by Thijs Kuiken, Edward C. Holmes, John McCauley, Guus F. Rimmelzwaan, Catherine S. Williams, and Bryan T. Grenfell. This paper appeared in SCIENCE Volume 312, pp 394 – 397. If you have the gumption to really know how viral infections cross the species barrier, then this is the paper for you. It’s written as a “perspective” rather than as a technical publication, which means there isn’t a bunch of jargon in it.

You can also contact the authors of the paper at

A particularly interesting quote taken from the paper:

“It is well established that, as the proportion of susceptibles in the population, s, drops (as individuals become infected, then recover), the number of secondary cases per infection, R, also drops: R = s * R0. If R is less than 1, as is currently the case for H5N1 virus in humans, an infection will not cause a major epidemic.” (pg. 312) The value, R0, “is the number of secondary cases produced when a…