Passcode-nabbing security app banned after developer releases passcode stats

Fifteen percent of iOS users use one of 10 number combinations for their four-digit device lock screen passcodes.

That was determined by app developer Daniel Amitay, who released statistics compiled from 204,508 iPhone and iPad users showing the top 10 passcodes. As one might expect, 1234 took the top spot, followed by 0000, 2580, 1111 and 5555. Way to be creative, humanity.

This all happened Tuesday, and Amitay’s data floated around the Internet, being snapped up as a warning against using predictable passcodes to lock smartphones, lest they be stolen and (extremely easily) hacked with this information. Boy Genius Report has a story that runs down bar graphs of all the data, as well as how Amitay came by it. One graph shows the top 10 numbers used, which Amitay says make up about 15 percent of all Apple (AAPL) users’ passcodes. Another shows that of the top 100 passcodes, huge numbers start with 199 or 198, which suggests a lot of people using easy to determine years, like their birth year or graduation year, as their passcodes.

By Wednesday, Amitay’s app, Big Brother Camera Security, had been booted from the iTunes App Store. Big Brother let you set a lock screen on your iOS device that’s very similar to the native one created by Apple, and automatically snaps a photo of whoever is using the device if the password is entered incorrectly – basically showing you who has been trying, and failing, to look at your stuff. The reason for the ban: well, sure, Amitay released all kinds of anonymously collected data that shed light on iOS security, but he did it by secretly compiling all the passcodes entered into his security app. Those 204,508 users had no idea they were volunteering their passcodes for Amitay’s study, and in fact the method for gathering them is pretty close to the same hidden malware secreted in apps to perpetrate identity theft.

So it’s not at all surprising that Amitay’s app has been banned, according to his blog. Amitay says Apple told him it believed “…that I was ‘surreptitiously harvesting user passwords.’” He already resubmitted his app to the App Store with the analytics code he used removed, but Amitay argues that the data was specific to his app (it logged passcodes entered into Big Brother and not actual iPhone passcodes, though Amitay believes users probably utilize the same number for both), was gathered anonymously and was used to make his app better. Because of all these factors, Amitay believes Big Brother ought to be reinstated.

We’ll see if Apple buys that explanation – it sounds like the banning might have been more reaction to perception and rumor than actually based on a security risk. In the meantime, Amitay has given out some useful information to iOS users, if he did come by it a little disingenuously. Go change your passcodes.

Recent content