Appolicious powers Verizon Educational Tools

Update: Apple to require user permission to access contact data

by Phil Hornshaw

The latest controversy surrounding Apple and its iOS devices concerns apps and what they do with your personal data. Update: Apple will require apps to obtain permission from users before storing their contact information.

Original Story

A new report from Forbes suggests apps given the green light to be downloaded by Apple are more likely to upload your personal data than those found in unauthorized app stores.

The story focuses on a study conducted last year by the University of California at Santa Barbara and the International Security Systems Lab. In it, researchers found that one in five free apps downloaded from the iTunes App Store transmitted users’ private data back to app creators, “that could potentially identify users and allow profiles to be built of their activities,” the report says. The study also found that apps downloaded from unauthorized sources, such as the Cydia app store that’s accessible only by users who have “jailbroken” their iOS devices, were far less likely to transmit user data.

Using a tracking program called PiOS, the study downloaded and tracked more than 800 apps from the iTunes App Store and more than 500 apps from Big Boss, the biggest unauthorized set of apps available through Cydia. The data type transmitted most often by both groups was the unique user ID, or UDID, which designates each iOS device individually: in the App Store, 170 apps transmitted the UDID back to app creators (about 21 percent), while on Cydia, 25 apps did so (about 4 percent).

Other types of data noted by the study included location data (4 percent of App Store apps transmitted compared to 0.2 percent of Cydia apps); Address Book data (0.5 percent and 0.2 percent, respectively); the device’s phone number (one App Store app and zero Cydia apps transmitting); Safari browser history (zero App Store and one Cydia app); and Photos (zero App Store apps and one Cydia app).

The big controversy about apps transmitting data was rekindled recently when it was revealed that social networking app Path was scanning and saving users’ contact list data during the course of using the app. Through a “find my friends” feature, the app would send contact list data back to Path’s creators, allowing users to find other Path users from their address book, but with that contact data saved as plain text somewhere remotely from the device.

The revelation kicked off some outrage, but as more and more reports show, there are plenty of apps that send and keep user data all the time. For example, social photography app Instagram did the same thing as Path and managed to update its app to add a layer of privacy protection before it saw much uproar.

The Forbes report suggests that Apple’s “walled garden” approach to its App Store isn’t as secure as the company might have you believe. It also highlights the fact that while smartphones continue to grow in popularity, they still have many potential security problems, so saving sensitive data on them is still not a good idea.