CybersecurityMore than half of iPhone apps track users
A recent study found that more than half of all iPhone apps could track users and collect data without an individual’s knowledge; researchers analyzed more than 1,400 iPhone apps to determine how they handle sensitive data; more than half collect an individual’s unique device ID or track a user’s location, and when combined with links to a Facebook account the app could gain a lot of sensitive data; researchers found that thirty six apps blatantly violated privacy rights by accessing an individual’s location without informing the user, while another five went so far as to take data from the user’s address book without first seeking permission
Half of iPhone apps track the user // Source: techtreak.com
A recent study conducted by researchers at the Technical University of Vienna found that more than half of all iPhone apps could track users and collect data without an individual’s knowledge.
Manuel Egele, a doctoral student, and his team of three other researchers analyzed more than 1,400 iPhone apps to determine how they handle sensitive data.
The researchers found that more than half of the apps collected an individual’s unique device ID and used tracking technology without first requesting permission.
According to Egele, “There is a potential for companies who are not too legit to build profiles of their users.”
“The identifier [code] is not tied to a username, but you could link it to a Facebook account, and that would give you a lot of information on the user, including — most of the time — their real name,” he says.
Of the apps studied, thirty six apps blatantly violated privacy rights by accessing an individual’s location without informing the user, while another five went so far as to take data from the user’s address book without first seeking permission.
In light of heightened measures to stop identity theft and to protect important data, cyber security experts are calling on Apple to strengthen their screening measures for their apps.
Charlie Miller, a principal analyst at Independent Security Evaluators who specializes in iPhone security, says, “”You don’t know exactly what these apps do — they don’t come from big developers, they come from regular people.”
Apple limits what developers can do with their apps by giving them a set programming environment to use, calling it a “sandbox.”
Miller says this operating environment is not entirely secure and programmers can easily develop ways to collect personal data. “They do run in a sandbox, but it’s a pretty lenient sandbox.”
Before an app can be sold at the Apple App store, the company must approve it and mandates that all apps must notify users before collecting sensitive data.
Researchers found that apps sold in Apple’s store were more likely to stealthily access user’s data than apps from the open source and unregulated Cydia repository, which specializes in apps for iPhones that have been unlocked.
Miller believes that Apple needs to develop more stringent policies for reviewing each app in its store.
“There is not an easy solution to the problem, but having a central clearinghouse (like Apple) is the best way to do it, but right now, Apple’s probably not doing it right,” Miller says.
The researchers will present their findings in early February at the Network and Distributed System Security Symposium.
