June 20, 2013
Almost Half Of iPhone Apps Peek At Your Private Stuff
Lee Rannals for redOrbit.com - Your Universe Online
According to a new study, more than 13 percent of apps access an iPhone's physical location while six percent access the device's address book.
Computer scientists at the University of California, San Diego discovered that nearly half of the mobile apps running on Apple's iOS operating system have gained access to private data. These findings are based on a study of 130,000 users of jailbroken iOS devices, where uses have removed restrictions that keep apps from accessing the iPhone's operating system.
One might assume that the results are skewed because the study participants were using a jailbroken iPhone. However, the majority of applications in the study were downloaded through Apple's App Store and were able to access the same information on locked phones as well.
In March, Apple stopped accepting new applications or app updates that access these "unique identifiers," or privacy invaders. However, the findings suggest that although this update was made to the App Store policy, many apps can still get that information. Unique identifiers allow the creators of the app and advertisers to track a user's behavior through all the different apps on their devices. Some apps even associate the unique identifier with the user's email and other personal information.
The researchers developed an app called ProtectMyPrivacy (PMP) that is able to detect what data the other apps running on an iOS device are trying to access. Their application enables users to selectively allow or deny access to information on an app-by-app basis, based on whether they feel the apps need the information to function properly.
The team has also added notifications and recommendations for when an app accesses other privacy-sensitive information, such as a devices' front and back camera, microphone and photos.
"We wanted to empower users to take control of their privacy," said Yuvraj Agarwal, a research scientist in the Department of Computer Science and Engineering at UC San Diego who co-authored the study. "The choice should be in users' hands."
Nearly all of PMP's users voluntarily shared their privacy decisions, allowing the researchers to see which apps they believe should be allowed access to their privacy-sensitive data. PMP is able to make recommendations for 97 percent of the 10,000 most popular iPhone apps.
"We have already shown millions of recommendations, and more than two-thirds of all our recommendations are accepted by our users, showing that they really like this unique feature of PMP," said Agarwal.
Flixster, a popular app for finding movie times and reviews, was flagged for accessing private data. The researchers discovered that a third-party ad library used by the app was accessing users' address books and sending back information.
"We provided feedback to the app's developers in case they are unaware that a third party library may be accessing their users' private data," recalled fellow researcher Michael Hall, a visiting researcher in Agarwal's Synergy Lab at UC San Diego who co-authored the study.
Since the team pointed out the privacy breach to Flixster, the developers created an updated version that uses another ad library that does not access this kind of information.