Skip to main content

Zeptolabs Spying on You?

I am a developer. Today, I hooked up the device log to my android tablet which has Cut The Rope on it (Zeptolabs). Surprised, I found a curious series of log entries:

01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): [com.getjar.sdk.data.ReportManager] : sendInstalledApps() -- FOUND_INSTALLED: com.djinnworks.StickmanBaseJumper.lite
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): [com.getjar.sdk.data.ReportManager] : sendInstalledApps() -- FOUND_INSTALLED: com.duckduckmoosedesign.ibs
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): [com.getjar.sdk.data.ReportManager] : sendInstalledApps() -- FOUND_INSTALLED: com.facebook.katana
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): [com.getjar.sdk.data.ReportManager] : sendInstalledApps() -- FOUND_INSTALLED: com.fandango
Furthermore, it even sends application usage information:
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): CommManager: processesRequest() [thread:467] [request:1230252154] Sending POST data as part of the request [length: 5221]:
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): app_usage_data=%5B%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%224.4.54%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%224040054%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22Mono.Android.DebugRuntime%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2.1%22%2C%22key%22%3A%22device.platform_version%22%7D%5D%2C%22tracking_metadata%22%3A%5B%5D%2C%22event_timestamp%22%3A%222013-01-15T04%3A54%3A17Z%22%7D%2C%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%224.4.41%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%224040041%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22Mono.Android.Platform.ApiLevel_14%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2.1%22%2C%22key%22%3A%22device.platform_version%22%7D%5D%2C%22tracking_metadata%22%3A%5B%5D%2C%22event_timestamp%22%3A%222013-01-15T04%3A54%3A17Z%22%7D%2C%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%224.4.54%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%224040054%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22Mono.Android.Platform.ApiLevel_8%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2.1%22%2C%22key%22%3A%22device.platform_version%22%7D%5D%2C%22tracking_metadata%22%3A%5B%5D%2C%22event_timestamp%22%3A%222013-01-15T04%3A54%3A17Z%22%7D%2C%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%221.0%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%221%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22Tests.Tests%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2.1%22%2C%22key%22%3A%22device.platform_version%22%7D%5D%2C%22tracking_metadata%22%3A%5B%5D%2C%22event_timestamp%22%3A%222013-01-15T04%3A54%3A17Z%22%7D%2C%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%221.33%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%2233%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22br.com.beholdstudios.knightspp%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2.1%22%2C%22key%22%3A%22device.platform_version%22%7D%5D%2C%22tracking_metadata%22%3A%5B%5D%2C%22event_timestamp%22%3A%222013-01-15T04%3A54%3A17Z%22%7D%2C%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%221.0.4%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%225%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22com.MikaMobile.Zombieville%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2.1%22%2C%22key%22%3A%22device.platform_version%22%7D%5D%2C%22tracking_metadata%22%3A%5B%5D%2C%22event_timestamp%22%3A%222013-01-15T04%3A54%3A17Z%22%7D%2C%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%223.12.2%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%2245%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22com.about.CalorieCount%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2

Apparently this game is enumerating all of the installed apps that I have on the tablet and is sending it to their server.

Here is where they upload the payload to their servers:

01-14 20:54:17.843 V/GetJar SDK [com.zeptolab.ctr.paid](14868): CommManager: processesRequest() [thread:467] [request:1230252154] ROUTE [ResolvedIP: 204.138.26.182  ProxyHost: null  TargetHoust: https://rptuse20120814.getjar.com:443  Secured: true  Tunnelled: false]
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868): The request properties for this request:
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868):       Content-Language = 'en-US'
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868):       Content-Type = 'application/x-www-form-urlencoded'
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868):       User-Agent = 'GetJarSDK/20120921.02 com.zeptolab.ctr.paid/18 android/4.2.1 (google; nakasi; Nexus 7)'
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868):       Authorization = 'client_app.token=&user.user_access_id=&app.capabilities=18&legacy.client_app.soft_id=75206&user.id=000103e90000000000d78ce4&client_app.sandbox=false&user.capabilities=14&sdk.level=6&Issuer=http%3A%2F%2Fauthorize.getjar.com&Audience=getjar.com&ExpiresOn=1358398421155&HMACSHA256='
The IP address (204.138.26.182) belongs to Getjar, inc., located at:
Getjar, Inc. 
ICANN Handle GETJA 
Street 1510 Fashion Island Blvd, Suite 300
 
City San Mateo 
State/Province CA 
Postal Code 94404 

http://whois.arin.net/rest/org/GETJA.html

Popular posts from this blog

The Spinning Brain

Intuition is a phenomenon of the biological brain that doesn't have any physical explanation. Many people experience intuition with varying degrees of success. There are a variety of theories regarding intuition [1] and some people regard intuition with much caution [2] . Yet, I am happily in the camp that has learned to respect my intuition as it has proven time and time again to be correct. Recently, though, I'd been thinking about intuition and soothsaying . There are many cases of people who claim to see the future, whatever that might be. Maybe there is something to be said about this mystical phenomenon. Maybe there is a real physical process at work that we just haven't thought of yet. To this end, I am proposing a theory about human intuition. This theory, though requires some background in quantum mechanics . Specifically, quantum entanglement . I'm not the only person who has theorized about quantum entanglement and its role in biological congnition and th...

AI or AI, Which Is It?

Artificial Intelligence, a noun that has become a household term. Most refer to it as AI, which is less of a mouthful. Where and when did this term become real? [1] Apparently John McCarthy coined this phrase in 1956 at a conference.  Vannevar Bush and Alan Turing both mused about computers being intelligence and being able to enhance human intelligence or even simulate human-like thinking. Is this thinking really "artificial" though? To suggest it being artificial would imply that there is a non-artificial type of intelligence. Otherwise, there is just intelligence, or thinking, or cognition.  The famous Turing Test may be the source of this "artificial" notion. If there is an intelligent series of responses to a human interaction, and those responses are created using a computer program, then that is considered artificial.  On a philosophical note, though, the programs are written by humans. Those programs, using rules given by humans, are creating responses that ...

HP Web Site Failure

The HP site for buying stuff on their Labor Day Sale is broken. I tried it on other computers and each had the same result. Not sure if HP was able to sell anything on their big sale weekend, but I couldn't buy anything. Funny part was the feedback widget that didn't work. Not only could I not buy anything from HP but I couldn't report the problem I was having. Maybe someone at HP could run this through QA again.