evad3rs deny taking any money from Taig for evasi0n7, say no private data was uploaded

evasi0n jailbreak

Hot on the heels of releasing evasi0n7 1.0.1 update that removed TaiG, the Chinese App Store from the package, evad3rs have published another open letter to the jailbreak community.

When evasi0n7 was released on Sunday, it raised some serious privacy and piracy related concerns after jailbreakers found out that it installed the Chinese App Store.

evad3rs were quick to respond to the criticism, and disabled the default installation of TaiG on Sunday. They followed this up by releasing evasi0n7 1.0.1 update earlier today that removed TaiG, the Chinese App Store from the package.

In the open letter published today, they have clarified on the privacy concerns:

First and foremost, and of utmost concern, is privacy. No one’s data was ever sent anywhere. Of course, as a member of the community whose work frees devices, it would be against everything we’ve worked for the last 7 years to jeopardize the security of the users of our software. To reiterate, no Taig software was installed unless the computer’s language was set to Chinese. Furthermore, no Taig software would run unless the user opened the Taig application.

After rumors abound of encrypted data being sent for users in China who’ve installed Taig, we decided to do what we do best – reverse engineer the code of Taig to understand what was being sent. Taig transmitted data similar to what Cydia transmits. Unique device identifiers were transmitted in encrypted form similar to how Cydia uses SSL to protect the privacy of its users. Taig did not transmit any private user data from the devices at all. 

They have also clarified on the piracy concerns:

Our written and verbal agreement with Taig banned it. They assured us it was not in there. We did not check every package in their store but a cursory examination before release found no problems. However, after investigation and after notification from the community, we found examples, including pirated tweaks, Apple App Store apps, and even pod2g’s PodDJ app. We dropped the ball on this. While we at first did not believe Taig purposefully violated our agreement, the depth of the transgression against the software developers and the jailbreak community cannot be overlooked and we could not move forward after that even if it were fixed. We terminated our relationship with them. We are very disappointed that they have decided to put up a cracked version of the jailbreak on their site that installs Taig. We did not give them any permission or source code. 

There have been rumors that evad3rs received as much as $1 million to bundle TaiG in evasi0n7. They have now clarified that they have refused the money from TaiG:

There have been a lot of rumors listing various amounts we’ve been paid. We have received no monies from any group, including Taig. We will not be accepting any money. Our donations are being given to Public Knowledge, Electronic Frontier Foundation and Foundation for a Free Information Infrastructure to help protect jailbreaking as your legal right. 

They have also stated that they are working on fixing the bugs in evasi0n7, and will release an update after the Christmas holidays.

[via evasi0n blog]