Friday, November 6, 2015 [Tweets] [Favorites]

Apps Sharing User Data

Dan Goodin:

Apps in both Google Play and the Apple App Store frequently send users’ highly personal information to third parties, often with little or no notice, according to recently published research that studied 110 apps.

The researchers analyzed 55 of the most popular apps from each market and found that a significant percentage of them regularly provided Google, Apple, and other third parties with user e-mail addresses, names, and physical locations. On average, Android apps sent potentially sensitive data to 3.1 third-party domains while the average iOS app sent it to 2.6 third-party domains. In some cases, health apps sent searches including words such as “herpes” and “interferon” to no fewer than five domains with no notification that it was happening.

[…]

iOS apps, meanwhile, most often sent third parties a user’s current location, with 47 percent of apps analyzed in the study transmitting such data. In total, 18 percent of apps sent names, and 16 percent of apps sent e-mail addresses. The Pinterest app sent names to four third-party domains, including yoz.io.facebook.com, crittercism.com, and flurry.com.

3 Comments

What I find more concerning is this: http://dl.acm.org/citation.cfm?id=2813675

These people built a static analyzer that checks if apps use private APIs and ran it against 2019 apps from the App Store. 146 of the tested apps used private APIs. Since it's impossible to do implement a perfect static analyzer for Objective-C code, there were probably more apps using private APIs in their sample that they didn't catch. Due to the nature of Objective-C, unlike Android, there is literally nothing Apple can do to prevent these apps from making into the App Store, or to properly sandbox apps written in Objective-C. And based on these numbers, Apple doesn't even seem to be trying very hard.

There are probably tons of apps in the App Store (and on people's iPhones) that do shady stuff Apple doesn't want them to do, but is powerless to stop them from doing.

@Lukas Thanks for the link.

I wonder if Apple will start using those tools.

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment