Apps are caught stealing private data stored on smartphones (Android and iOS)

In December 2010 the Wall Street Journal conducted a small test of the 101 most popular apps on iOS and Android, finding fifty-six apps transmitted the phone unique device ID to third parties, forty-seven apps transmitted the phone’s location to third parties, and five transmitted age, gender and other personal details to third parties; in that particular test the WSJ found iPhone apps transmitted more data than Android apps. Last year the smartphone world was hit with scandal when it was discovered an app was logging users’ every keystroke and URL visited. Carrier IQ, the app in question, was discovered to be operating on a wide range of Android handsets (specifically AT&T, T-Mobile USA, and Sprint handsets) and – in a limited fashion – on the iPhone, too. After public outrage, the culprits pledged to either disable or totally remove Carrier IQ from the devices in question.

Now a new wave of privacy concerns has swept the digital world after it was discovered last month that social networking apps – on Android and iOS – are transmitting user data (in particular, data about contacts) without notifying the users first. The violating apps aren’t just from some unknown, rogue developers. On the contrary, the apps in question are from well-known companies such as Twitter, FourSquare, Instagram, FoodSpotting, and Path. (Twitter app was found to transmit user data on Android and iOS while Path was found to do it on iOS but probably does it on Android too.. For the remaining three it is not specified but Instagram is an iOS only app at the moment.) In each instance the just-mentioned apps where trasmitting some sort of private information, typically focused around contacts data.

In response to these findings, two US Representatives wrote to Apple more or less asking Apple to explain what is going on. Apple responded that gathering contacts data without permission is in violation of Apple’s guidelines and the next iOS update will force apps to explicitly gain permission before gathering the data. However, privacy experts are not buying Apple’s story. And rightly so. Apple maintains strict control over apps submitted to Apple App Store; each app goes through a rigorous review process before being approved, according to Apple. Thus, unless Apple has incompetent people reviewing apps or Apple lied about its review process, it is highly unlikely Apple did not know about the privacy violations prior to these recent developments.

So what about Google? Well Google has always had a “hands-off” approach to Android Market/Play Store, insisting it is up to app developers to determine how to responsibly handle user data. But does that give Google a get-out-of-jail-free card? No, not at all. Many people, including myself, have raged against Google’s hands-off approach and there have been consequences of this policy, e.g. incidents of malware apps on Google Play Store. But Google’s approach does mean Android makes it a bit easier to detect when an app may be violating privacy by simply scanning the permissions an app requests (although this isn’t foolproof, as shown by the Twitter example).

All in all, the tussle between pro-privacy advocates, app developers, and OS creators will continue to rage. Just be aware the data on your smartphone may not be as safe as you may think.

Update: Read Tip: How to protect your privacy on Android devices

Feel free to share your thoughts on this topic in the comments below.

[Credits: WSJ, LA Times | Image credit: Topgold]

Related Posts

  • asdjasdasdjasd

    I’ll stick to the old phones thank you very much. If you remove them from the market, I will come with an angry mob to kill you.

    A non-sheeple.

  • Zapped Sparky

    @Ashraf: Ooh, that was quick :) Cheers.

  • Ashraf

    @Shatimi: Interesting, thanks for the heads up. For what it is worth, I can name individual apps that do the same thing — see

  • Shatimi

    @Ashraf: It’s called LBE Safety Master and it’s a real Swiss knife:
    1) An antivirus;
    2) A firewall;
    3) A black list manager for unwanted SMS and calls;
    4) An App2SD;
    5) An uninstaller;
    6) 2G/3G/WiFi Traffic Manager&Limiter;
    7) A task and startup manager;
    8) A permission manager for apps;
    9) A smart battery saver
    And all these components work flawlessly.
    The only small downside – it’s in Chinese :) I have a Russian translation made by a friend of mine, and I’m not sure whether there is an English one.

  • Ashraf

    @Zapped Sparky: “Sent via facebook, google+ & twitter, phoneID 0123456789, Gender:Male, Age:That’s none of your business, Location:Bermuda triangle :)” L. M. A. O.

    Read Zapped.

    @Shatimi: What app is that and what does it do?

  • Shatimi

    >Just be aware the data on your smartphone may not be as safe as you may think.

    My smartphone – my fortress :)

  • Zapped Sparky

    It’s certainly a good reason to hold off on getting a smartphone. With my computer I am alerted when a program wants to access something it shouldn’t (or doesn’t need to), and alerted when a program wants to talk to the internet. In both cases I can deny them. The programs on a smartphone apparently neither alert you nor can you stop them from doing things they shouldn’t, as you don’t know what they’re doing. It’s a bit worrying to say the least.

    Sent via facebook, google+ & twitter, phoneID 0123456789, Gender:Male, Age:That’s none of your business, Location:Bermuda triangle :)