Thursday, September 03, 2015

Killer App? 450th Events Guide App May Violate Privacy: WARNING




KILLER APP? 450th Events Guide App May Violate Privacy -- DO NOT DOWNLOAD WITHOUT RESPONSE FROM CITY -- No Response from City Manager, City Attorney or 450th Director -- Pitiful
At 10:46 this morning, local resident David Nails shared the concern about the 450th Events Guide App: "very intrusive - it has the ability to read, copy, and store your text messages, images, and all other personal data. There is not a reason in the world for them to be requiring such permissions." I wrote and called the City of St. Augustine within minutes."
The facts are now undisputed and well-nigh irrefragable.
Still no response and it is after 5 PM, time for all the lugubrious goobers to go home and stare at their big-screen TVs, watching faux Fox News, no doubt.
Our City staff is lacking in transparency -- insouciant, unresponsive and incompetent -- about this subject.
450th Events Guide App maker Graham Media Group, listed on NYSE, through its spokesperson (Patty Oliva, 312-917-6242) promised to investigate and get back to me before Noon EST. It is now past 5 PM -- no response to two telephone calls.

Update: 8:40 PM: Have filed amended request:
-----Original Message-----
From: easlavin
To: ilopez ; support ; dsteclaire ; jregan ; lfountain ; nshaver ; dmay ; jpiggott
Sent: Thu, Sep 3, 2015 8:25 pm
Subject: Re: Request No. 2015-327: Alleged Privacy Violations by "450th Events Guide App" -- All documents on app contract, bids, cost, privacy concerns and app software design
Good evening:
1. Please send source code. Our City owns it.
2. Please send list of software development tools
3. Please send proof of the associated licenses for those development tools.
Thank you.
Update: 6:55 PM -- Not a peep from the itty bitty City mismanagers and their hangers-on, toadies, acolytes and mouthpieces.
Blaming Google® ("We have to") is no excuse, there's an intriguing written response from Graham Media (below), unadorned by the name of any natural person (e.g., no name of a living breathing human). Here's the GDS e-mail and and my response:

-----Original Message-----
From: easlavin
To: support
Cc: nshaver ; jregan ; lfountain ; llueders ; ilopez ; dmay ; dgibson ; jimwil03 ; pat.gleason ; sunshine ; sceastman ; gardner ; news ; craig.richardson ; jim.sutton ; stuart.korfhage ; sheldon.gardner ; steve.patterson
Sent: Thu, Sep 3, 2015 6:25 pm
Subject: Re: UPDATE: 450th Event Guide App
Hello, GDS:
1. It is much broader than that.
2. Text messages -- everything in your cellular telephone, right? Why?
3. Please give me your name, title and phone numbers.
4. Who designed software -- was it your firm or a subcontractor in India or China?
5. Please share a copy of bid and contract documents with City and City specs and instructions.
6. Please call ASAP today.
7. Story already posted.
8. No substantive response from City.
9. No contract documents from City. This stinks.
Thanks,
Ed Slavin
www.cleanupcityofstaugustine.blogspot.com
904-377-4998
-----Original Message-----
From: Graham Digital Support
To: easlavin
Sent: Thu, Sep 3, 2015 5:55 pm
Subject: UPDATE: 450th Event Guide App
Hi Mr. Slavin,
I wanted to follow up with you on the issue your reported regarding the 450th Event Guide App.
Those permissions display because Google Play says we have to.See, we access the phone's photos so the user can create a postcard, that's why the Photos and Media permission request is there.
The calendar request is there because users can add events that you have in your App to their phone's calendar.
The location permission is there so the user can get directions to a location you have in your App.
To sum up, all of the permission are there because they allow the user a better and more integrated experience.
You should feel free to download the App. I personally promise nothing untoward (sic) will come of it!
If you still have questions or concerns, please let us know and we would be happy to get on a call and walk you through them.
Thanks for the feedback,
Graham Digital Support Team

-----Original Message-----
From: easlavin
To: ilopez ; dsteclaire ; jregan ; lfountain ; nshaver ; dmay
Sent: Thu, Sep 3, 2015 11:36 am
Subject: Re: Request No. 2015-327: Alleged Privacy Violations by "450th Events Guide App" -- All documents on app contract, bids, cost, privacy concerns and app software design
Please investigate. Software is by Graham Media Group, formerly the Post-Newsweek stations, which owns WJXT in Jacksonville (News 4).
-----Original Message-----
From: Isabelle Lopez
To: easlavin
Sent: Thu, Sep 3, 2015 11:18 am
Subject: RE: Request No. 2015-327: Alleged Privacy Violations by "450th Events Guide App" -- All documents on app contract, bids, cost, privacy concerns and app software design
I have no responsive document.
From: easlavin@aol.com [mailto:easlavin@aol.com]
Sent: Thursday, September 03, 2015 11:12 AM
To: Paul Williamson; John Regan; Isabelle Lopez; Denise May; Nancy Shaver; Debra Gibson; Dana Ste. Claire; Jennifer Zuberer; NancySikesKline@aol.com; Roxanne Horvath; cityfreeman@yahoo.com; Todd Neville; Tim Burchfield; Meredith Breidenstein; llueders@staugpd.com; Mark Litzinger
Subject: Request No. 2015-327: Alleged Privacy Violations by "450th Events Guide App" -- All documents on app contract, bids, cost, privacy concerns and app software designPlease send. Thank you.
======David Nails
September 3 at 10:46am
ATTENTION:
The St. Augustine 450th Events Guide app is now public. You can get it on the Google Play store, and probably whatever the iPhone store is.
I suggest that you DO NOT download this application. It is very intrusive - it has the ability to read, copy, and store your text messages, images, and all other personal data. There is not a reason in the world for them to be requiring such permissions.
Check out the screenshots below. If anyone involved in building this app can tell me why it's asking for such sensitive data, I will listen and change this post if my query is satisfied. I don't expect that is going to happen.

No comments: