3 Comments

Summary:

Many of your iPhone apps may be sharing much more of your data with other companies than you might suspect, according to a new report. Among the info being passed along is your user name, location, age, gender and phone’s unique device identifier.

AppStore-featured

Many of your iPhone apps may be sharing much more of your data with other companies than you might suspect, according to a report by the Wall Street Journal. Among the info being passed along is a user’s name, location, age, gender and your phone’s unique device identifier (UDID).

The WSJ tested 101 popular apps for iPhone and Android, and found that 56 transmitted the device’s unique identifier to companies that weren’t the app’s developer or publisher without asking consent first; 47 apps transmitted location data without permission; and five sent age, gender and other personal info without notification or request for consent.

The iPhone apps in the test overall transmitted more information than the Android apps transmitted. The Android market might not be a curated software selling platform like the App Store, but apparently that doesn’t mean that iOS apps can still leak data while not technically violating any of Apple’s rules.

Some big names were among the apps tested. For example, Pandora sent age, gender, location and UDID data to various ad networks. TextPlus 4 (free text messaging app) sent the UDID to eight ad companies, and zip code, user age and gender to two more. In one of the worst cases, an iPhone game called Pumpkin Maker transmits live location data to an ad network without even asking a user permission to use locations services, in clear violation of Apple’s rules, yet it remains available for sale.

In fact, according to Apple’s stated policy, iPhone apps are not allowed to “transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used.” Yet many of the apps tested by the WSJ appear to violate this rule, and Apple declined to discuss its understanding of what the rule means in practice.

The info passed along by these apps is used by advertisers to build a user profile for the purposes of targeted advertising and marketing campaigns. For many of the services involved in the apps mentioned, you actually agree to provide your info to third-party companies when you initially sign up (in that lengthy user agreement you scrolled right through without reading). Chances are, if an app requests use of your location, or wants you to provide your age, gender, etc., it isn’t just out of curiosity, especially if it’s a free app, in which case data farming may be the only way the app gathers revenue.

I know why companies don’t make this practice clear to users. If you foreground the fact that you’re gathering info just to it share with many others, then people will be far less likely to use your app, even if you explain that info won’t be used to identify or target you personally, but will instead help paint a picture of a general category of customer. That’s hard to explain in an alert dialog box.

Still, in this case, Apple seems to be selectively fulfilling its role of stewardship with regard to iPhone software. If the company feels it has a responsibility to monitor the apps it provides through its storefront for questionable and inappropriate content, then it should also provide fair warning that some of these apps want to collect and distribute more of your data than you feel comfortable sharing.

Related content from GigaOM Pro (sub req’d):

You’re subscribed! If you like, you can update your settings

  1. As was pointed out, few companies have any kind of “privacy statement” as to what they will do with the data.

    The data is easy to get via social engineering. A particular game will show you a background based upon the time of day. It needs to know your location so it can figure out sunrise, sunset, twilight, etc. So if the operating system says, “Hey, I need your location.” you’ll give it. There’s no mention that, once you give it, it sends it off to an ad network.

    This is why Apple’s rationale for their “curated” store is rubbish. The iPhone Fanbois love to point out Android Apps that do this and that they don’t have to worry about it because Apple would catch this. Yet Apple doesn’t appear to be catching it. So now they come back and say, “Well, there’s no way Apple could catch this!” So all Apple is providing is “security theater.”

  2. Important commentary. Thanks for the heads up on the WSJ article and spotlighting this issue.

    I find it creepy. OTOH, we use a shopper card at our local grocery store–we get discounts, but they are tracking our every purchase and tailoring coupons to us. Which we keep wanting to resist. The coupons are a laugh riot– often spot on, but then they become strange… buy 3 of X and save $1.50. We do that, and the next coupon we get says buy 4 of X and save $1. We’re fools to have gotten involved in this, but not that foolish!

    iAds itself strikes me as bizarre. And apps with ads are an irritant. Plus, who ever looks at or follows them?

  3. One more very good reason to avoid App stores. If Apple can’t or wont Stop this then Apple should give buyers fair warning. Given the length of time it takes to get an app thru the approval process, I can’t believe that doesn’t know whats going on– or maybe they don’t care.

Comments have been disabled for this post