Zeptolabs Spying on You?

I am a developer. Today, I hooked up the device log to my android tablet which has Cut The Rope on it (Zeptolabs). Surprised, I found a curious series of log entries:

01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): [com.getjar.sdk.data.ReportManager] : sendInstalledApps() -- FOUND_INSTALLED: com.djinnworks.StickmanBaseJumper.lite
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): [com.getjar.sdk.data.ReportManager] : sendInstalledApps() -- FOUND_INSTALLED: com.duckduckmoosedesign.ibs
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): [com.getjar.sdk.data.ReportManager] : sendInstalledApps() -- FOUND_INSTALLED: com.facebook.katana
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): [com.getjar.sdk.data.ReportManager] : sendInstalledApps() -- FOUND_INSTALLED: com.fandango

Furthermore, it even sends application usage information:

01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): CommManager: processesRequest() [thread:467] [request:1230252154] Sending POST data as part of the request [length: 5221]:
01-14 20:54:17.833 D/GetJar SDK [com.zeptolab.ctr.paid](14868): app_usage_data=%5B%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%224.4.54%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%224040054%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22Mono.Android.DebugRuntime%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2.1%22%2C%22key%22%3A%22device.platform_version%22%7D%5D%2C%22tracking_metadata%22%3A%5B%5D%2C%22event_timestamp%22%3A%222013-01-15T04%3A54%3A17Z%22%7D%2C%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%224.4.41%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%224040041%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22Mono.Android.Platform.ApiLevel_14%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2.1%22%2C%22key%22%3A%22device.platform_version%22%7D%5D%2C%22tracking_metadata%22%3A%5B%5D%2C%22event_timestamp%22%3A%222013-01-15T04%3A54%3A17Z%22%7D%2C%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%224.4.54%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%224040054%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22Mono.Android.Platform.ApiLevel_8%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2.1%22%2C%22key%22%3A%22device.platform_version%22%7D%5D%2C%22tracking_metadata%22%3A%5B%5D%2C%22event_timestamp%22%3A%222013-01-15T04%3A54%3A17Z%22%7D%2C%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%221.0%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%221%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22Tests.Tests%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2.1%22%2C%22key%22%3A%22device.platform_version%22%7D%5D%2C%22tracking_metadata%22%3A%5B%5D%2C%22event_timestamp%22%3A%222013-01-15T04%3A54%3A17Z%22%7D%2C%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%221.33%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%2233%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22br.com.beholdstudios.knightspp%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2.1%22%2C%22key%22%3A%22device.platform_version%22%7D%5D%2C%22tracking_metadata%22%3A%5B%5D%2C%22event_timestamp%22%3A%222013-01-15T04%3A54%3A17Z%22%7D%2C%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%221.0.4%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%225%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22com.MikaMobile.Zombieville%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2.1%22%2C%22key%22%3A%22device.platform_version%22%7D%5D%2C%22tracking_metadata%22%3A%5B%5D%2C%22event_timestamp%22%3A%222013-01-15T04%3A54%3A17Z%22%7D%2C%7B%22usage_type%22%3A%22FOUND_INSTALLED%22%2C%22app_metadata%22%3A%5B%7B%22value%22%3A%223.12.2%22%2C%22key%22%3A%22android.package.version_name%22%7D%2C%7B%22value%22%3A%22android%22%2C%22key%22%3A%22device.platform%22%7D%2C%7B%22value%22%3A%2245%22%2C%22key%22%3A%22android.package.version_code%22%7D%2C%7B%22value%22%3A%22com.about.CalorieCount%22%2C%22key%22%3A%22android.package.name%22%7D%2C%7B%22value%22%3A%224.2

Apparently this game is enumerating all of the installed apps that I have on the tablet and is sending it to their server.

Here is where they upload the payload to their servers:

01-14 20:54:17.843 V/GetJar SDK [com.zeptolab.ctr.paid](14868): CommManager: processesRequest() [thread:467] [request:1230252154] ROUTE [ResolvedIP: 204.138.26.182  ProxyHost: null  TargetHoust: https://rptuse20120814.getjar.com:443  Secured: true  Tunnelled: false]
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868): The request properties for this request:
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868):       Content-Language = 'en-US'
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868):       Content-Type = 'application/x-www-form-urlencoded'
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868):       User-Agent = 'GetJarSDK/20120921.02 com.zeptolab.ctr.paid/18 android/4.2.1 (google; nakasi; Nexus 7)'
01-14 20:54:17.843 D/GetJar SDK [com.zeptolab.ctr.paid](14868):       Authorization = 'client_app.token=&user.user_access_id=&app.capabilities=18&legacy.client_app.soft_id=75206&user.id=000103e90000000000d78ce4&client_app.sandbox=false&user.capabilities=14&sdk.level=6&Issuer=http%3A%2F%2Fauthorize.getjar.com&Audience=getjar.com&ExpiresOn=1358398421155&HMACSHA256='

The IP address (204.138.26.182) belongs to Getjar, inc., located at:

Getjar, Inc. 
ICANN Handle GETJA 
Street 1510 Fashion Island Blvd, Suite 300
 
City San Mateo 
State/Province CA 
Postal Code 94404 

http://whois.arin.net/rest/org/GETJA.html