Unauthorized iOS Apps Leak Private Data Less Than Approved Ones

Sparrowvsrevolution writes "In the wake of news that the iPhone app Path uploads users' entire contact lists without permission, Forbes dug up a study from a group of researchers at the University of California at Santa Barbara and the International Security Systems Lab that aimed to analyze how and where iPhone apps transmit users' private data. Not only did the researchers find that one in five of the free apps in Apple's app store upload private data back to the apps' creators that could potentially identify users and allow profiles to be built of their activities; they also discovered that programs in Cydia, the most popular platform for unauthorized apps that run only on 'jailbroken' iPhones, tend to leak private data far less frequently than Apple's approved apps. The researchers ran their analysis on 1,407 free apps (PDF) on the two platforms. Of those tested apps, 21 percent of official App Store apps uploaded the user's Unique Device Identifier, for instance, compared with only four percent of unauthorized apps."

Profit.

In other words, applications developed by people interested in profit are more likely to steal your data.

Hopefully this does not come as a shock to most slashdotters.

Re:Profit.

Don't be obtuse. Whatever your stance on obtaining a copy of a more or less freely available* item of media, it's completely different from obtaining data about an individual without their consent. One is a civil issue dependent on the current legal and moral standings of the notion of copyright (which is far from universal or constant), the other is a privacy issue.

*as in, available to anyone willing to pay

Re:Profit.

Arguably, they're stealing your privacy -- or at least stripping you of it.

The same is not always true with a movie: I'm not depriving them of the movie, or even likely to spoil it for anyone else, and I'm not depriving them of profits they would otherwise have had I paid for the movie (simply because I will not buy a movie). (I do, however, go to many movies when they hit the cheap theater in town. Mostly I like the popcorn. That shit costs twice what the movie ticket costs, though.)

Re:Profit.

[Calos]

I couldn't decide whether to mod you 'Overrated' (because I think you might actually believe what you're saying and are therefore not a Troll or Flamebait) or 'Funny' (because I can't figure out how exactly you're equating the two and it may well be a joke).

So, instead, you get this reply.

Now, understand that this doesn't come from someone who "claim(s) that pirating movies isn't stealing," though I do believe in the right to privacy. Maybe because of that, I don't see your insight into the matter (but apparently as you don't believe both, maybe you don't either). But I'm curious about why you see these things as the same, and why you think that there is an apparently significant intersection between the group that considers downloading movies not to be stealing and the group interested in privacy.

You imply that a reproductions of the Mona Lisa and the details of your life, financial situation, activities, interests, online pseudonyms, and whereabouts are the same. Either you believe that I should be able to search for 'SiMac' on, say, the Pirate Bay and download this information same as I would a movie, or you don't. Which is it?

Because even though I don't think that people should 'pirate' movies and I think I should have a right to privacy - I wouldn't equate the two. Why do you?

Its a matter of who does the verification

[mehrotra.akash]

App store: Apple certifies app, people trust Apple, people download app, app creators can take advantage to get user data, unlikely to be caught
Cydia: No certification, people are more likely to look at what the app is doing(also because someone who uses Cydia has a higher probability of knowing how to look at it), app creators more careful to not get a bad reputation

Re:Data wants to be free

[mehrotra.akash]

Or atleast a virtual "profile" with random data in it, and while launching apps, you should be able to choose which data you want to give it access to

Methodology?

[tartles]

I checked the source publication and the following paragraph describes how they chose the apps:

Since iTunes does not support direct searches for free ap- plications, we rely on apptrakr.com [2] to provide a contin- uously updated list of popular, free iOS applications. Once a new application is added to their listings, our system au- tomatically downloads the application via iTunes and de- crypts it. Subsequently, the application is analyzed with PiOS.

I didn't see anything that described how they chose the Cydia apps however. I bring this up because there are numerous very popular Cydia apps that are simply iOS tweaks that adjust a piece of the interface or something similar. These apps would intuitively be less likely to require any sort of user information at all, so I'm not sure how much I trust these results.

How about Android apps ?

[Taco+Cowboy]

Anyone has done any research on Android apps, on the same topic ?

Re:How about Android apps ?

[mjwx]

Anyone has done any research on Android apps, on the same topic ?

Actually, very few leak details.

Android applications have to ask permissions to get access to the internet or your personal details.

Re:How about Android apps ?

[Pieroxy]

Anyone has done any research on Android apps, on the same topic ?

Actually, very few leak details.

Android applications have to ask permissions to get access to the internet or your personal details.

Which is all but the same as most tech-unaware users will dismiss the dialog. What they understand behind these dialog boxes is that if they click "No", the App won't work.

It's a bit like electing the president. It's nice to ask people for their opinion, but the overwhelming majority has no clue what's at stake, so it serves very little purpose.

Still, it's better than not asking. A little.

Re:How about Android apps ?

[IntlHarvester]

Yes, I'd consider myself a 'tech-aware user', and even Google's own apps want such a laundry list of permissions, it turns into "fuck, whatever" and then you press OK.

Using Android was actually an interesting experiment for me, because I'd mulled over the possibilities of a capabilities-based permission system for many years. Then when I finally got one, I found it was realistically about as useful as an IE ActiveX dialog.

Re:How about Android apps ?

[jschrod]

I can't count the amount of Android apps that I didn't install because they want to have r/w access to my contacts, even though they obviously don't need it for their functionality.

There are also too many apps that demand an Internet connectivity where I ask myself why. Or I had to deinstall apps where the background process keeps downloading data all the time that I only need on a holiday, but not now; and I found no way of disabling the background process short of deinstallation (without rooting the phone, then means are available).

So I'd say, Android has it's similar share of problems.

Re:How about Android apps ?

[cduffy]

I wish you could restrict internet access to specific domains and I also wish you could turn off specific permissions

CyanogenMod does this (allowing specific permissions to be rescinded).

Re:How about Android apps ?

[fuzzyfuzzyfungus]

What android really needs(and probably won't get, for actively self-interested reasons; but so it goes...) is the ability to lie.

Right now, you can at least see what outrageous demands an application is making; but it's a take-it-or-leave-it thing. You cannot, for instance, specify that an application that wants your contacts list for no reason useful to you installed such that any attempt to access the contacts list returns a false one, rather than the actual system-wide contacts.

It'd likely add some resource overhead; but you could theoretically have a per-app 'virtual' set of android.* interfaces: some could transparently map to the real ones, others could be defined by a filter against the real ones(for network access, a specific set of firewall rules, or android.location interface that is based on the genuine android.location data; but with resolution reduced or a fictitious offset introduced, for instance), and some could be based on pure fictions unrelated to the real interface.

The ability to lie would allow you to push back against the creeping trend to just demand all kinds of permissions without obvious reason; but still provide well-formed inputs where applications expect them, so that things will still work(alternative uses, such as polluting the databases of the various 'social' scum who treat hoovering up contacts as a business model, are left as an exercise to the reader); but the device owner's wishes will be preserved.

Re:How about Android apps ?

[lordbah]

I've tried to discuss the permissions they require with some Android app makers but I've never gotten anywhere. It usually goes something like this:

I inquire as to why an article reading app would need permission to use my camera. They say the app has a function to take pictures and submit them. I say I don't currently have any interest in doing that - can't they have a base app which doesn't require that permission, and then for those who want to do something like that, have an add-on app which does require that permission? They tell me that Android permissions don't work that way. I tell them that I won't be installing their app.

or

I ask why a game wants access to my contact list and permission to make phone calls. They tell me it's just for a "friends" function, and they only want to read my phone's ID, they promise they would never do anything unwanted. I say I don't trust you that much yet, can't you have a version which doesn't require those permissions, and over time maybe I will come to trust you and then I can install the full version? They tell me that Android permissions don't work that way.

or

I ask why a streaming music app would need permission to "send email without my knowledge" or access my calendar. They say the app has the ability to share stations with my friends, "entirely under your (my) control", and display ads with a button which can add an event (concert presumably) to my calendar. I ask why then they would need to be able to do these things "*without my knowledge*". They say thank you, come again. I say I won't be installing your app then.

So I would say the permissions are nice in theory but in practice many app developers are not willing to finely tune them and either unwilling or unable because of (they claim) platform restrictions to provide variants of the app with different functionality and different permission requirements.

I have no experience with iOS so I can't say anything about that.

Re:How about Android apps ?

[Rich0]

Yup - I've been advocating the same thing. LBE Privacy Guard is the closest I've seen to it in implementation - I assume it actually works.

This was proposed as a feature for Cyanogenmod and shot down. CM now has the ability to revoke individual permissions, but it tends to lead to lots of force-close issues. Most likely they're just sending errors to applications, and not simply lying to them (which is less likely to cause a force-close - app designers already have to handle the case where a user has one contact named John Smith and they never leave Topeka with an IMEI of 12345678). When the app force closes CM tells the user it is their fault for revoking permissions and offers to let them unrevoke them.

Android puts far too much control in the hands of app developers. It is like Windows 3.1 - it works great until some app decides to misbehave. Users, and not app designers, should be the final word in whether an app can run a service all day, or use the GPS vs the network, or transmit x GB of data per day, or whatever. And that final word shouldn't simply be to use or not to use - that is a race for the bottom.

Re:How about Android apps ?

[jo_ham]

So now you know what it's like whenever an Apple article is posted. A torrent of misinformation and frothing bias, mixed in with a little fact, often twisted around to ridiculous extremes.

Re:How about Android apps ?

[Rich0]

Read for yourself here.

I think the issue is that many of the CM devs care about their reputation in the phone industry. They don't want to tick off vendors, or Google.

Data Privacy? What about that?

[hcs_$reboot]

You know MobileMe / iCloud of course: knowing an App store email address and its password, gives you access to the following: where is the iPhone/user at anytime, contacts list, emails ... among others. Pretty important data.
So, in the subway/room... you enter your password to download an App, and someone may see and remember the credentials. It may happen, and? Gmail, for instance, allows you to get the list of the recent accesses to your account.
Apple App Store, MobileMe? Nothing. There is absolutely no way to determine if someone else accesses your account unless the other guy changes/order something. The only solution according to Apple is "Change your password". That case happened to a friend of mine who is not much in IT, and got suspicious after a few coincidences of interest. Considering the weight of iCloud and MobileMe, some more data protection is needed from Apple.

Getting device identifier != "stealing your data"

[sarysa]

I know that there is a considerable off-grid contingent on /., but I don't get why people use getting unique device identifier (UDID) as an example of stealing user data. It isn't hacking or anything -- it's a public API usable by any app writer. If it weren't acceptable to use, Apple wouldn't allow apps which access the UDID onto their store.

There are a large number of practical applications for the UDID, ranging from the more user friendly uses such as automatic backup of app-specific data (i.e. game save), to mutually beneficial things like incentivization schemes, to features less popular to the user but necessary to make free content financially viable, i.e. targeted advertising.

Whenever I rail against Apple around here, people always bring up the concept that most people just want their device to be an applicance, and don't want to care about the internals. This comes with said blissful ignorance. But those 20% of apps passing data back home aren't stealing anything -- they're just using another tool to profit in the modern mobile space. More than 99% of that 20% is sending no more than the UDID and data specific to the application itself. Stealing would be to somehow get the user's underlying iTunes account info and buying stuff with it. (though what Path was doing is a bit of a mess, heh...)

First thing..

[geogob]

...I did after jailbreaking my iphone was to install a firewall. The experience was quite interesting, allowing me to see exactly which apps tried to contact remote sites and which sites they attempted to contact. And, to my knowledge, the only external sites contacted by unofficial apps I've seen were related to ad content.

Access to private data on outside of the apps (calendar, contacts, etc.) should be controllable on an per app basis, just like with location service. And each app accessing this data should be carefully reverse engineered and analyzed to ensure it is safe.

Well, did you accept the EULA?

[Kaenneth]

I actually read the EULA for the recent game "Civilization V", and it said they could take your contacts list, and share/sell it.
Fortunently Valve/Steam was nice enough to give a refund before I installed it when I complained about it "As a one-time courtesy" not as policy, I'm sad to say.
Particularly since the EULA wasn't available for viewing until after purchase.
http://forums.steampowered.com/forums/showthread.php?t=2109777

Re:Data wants to be free

[Calos]

And also completely defeating the purpose of the current system, disrupting the entire ecosystem. There's a chain, here: the app developers include these permissions so that they can profit from providing a free-to-download-app by serving ads, the ads paid for by those believing that they're targeting ads to those most likely to buy their product/service. If the users disrupt the data stream with 'dummy' data, the ad providers don't know how well they're targeting the ads, and the value to the ad purchasers diminishes.

Not that I don't agree (and use software which lets me do the same on an Android phone) but the implications, when applied globally, greatly change the landscape.