Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unauthorized iOS Apps Leak Private Data Less Than Approved Ones

Posted by Soulskill on from the curated-for-a-different-purpose dept.

Sparrowvsrevolution writes "In the wake of news that the iPhone app Path uploads users' entire contact lists without permission, Forbes dug up a study from a group of researchers at the University of California at Santa Barbara and the International Security Systems Lab that aimed to analyze how and where iPhone apps transmit users' private data. Not only did the researchers find that one in five of the free apps in Apple's app store upload private data back to the apps' creators that could potentially identify users and allow profiles to be built of their activities; they also discovered that programs in Cydia, the most popular platform for unauthorized apps that run only on 'jailbroken' iPhones, tend to leak private data far less frequently than Apple's approved apps. The researchers ran their analysis on 1,407 free apps (PDF) on the two platforms. Of those tested apps, 21 percent of official App Store apps uploaded the user's Unique Device Identifier, for instance, compared with only four percent of unauthorized apps."

2 of 179 comments (clear)

  1. First thing.. by geogob · · Score: 5, Informative

    ...I did after jailbreaking my iphone was to install a firewall. The experience was quite interesting, allowing me to see exactly which apps tried to contact remote sites and which sites they attempted to contact. And, to my knowledge, the only external sites contacted by unofficial apps I've seen were related to ad content.

    Access to private data on outside of the apps (calendar, contacts, etc.) should be controllable on an per app basis, just like with location service. And each app accessing this data should be carefully reverse engineered and analyzed to ensure it is safe.

  2. Well, did you accept the EULA? by Kaenneth · · Score: 5, Informative

    I actually read the EULA for the recent game "Civilization V", and it said they could take your contacts list, and share/sell it.
    Fortunently Valve/Steam was nice enough to give a refund before I installed it when I complained about it "As a one-time courtesy" not as policy, I'm sad to say.
    Particularly since the EULA wasn't available for viewing until after purchase.
    http://forums.steampowered.com/forums/showthread.php?t=2109777