Many of your iPhone apps may be sharing much more of your data with other companies than you might suspect, according to a report by the Wall Street Journal. Among the info being passed along is a user’s name, location, age, gender and your phone’s unique device identifier (UDID).
The WSJ tested 101 popular apps for iPhone and Android, and found that 56 transmitted the device’s unique identifier to companies that weren’t the app’s developer or publisher without asking consent first; 47 apps transmitted location data without permission; and five sent age, gender and other personal info without notification or request for consent.
The iPhone apps in the test overall transmitted more information than the Android apps transmitted. The Android market might not be a curated software selling platform like the App Store, but apparently that doesn’t mean that iOS apps can still leak data while not technically violating any of Apple’s rules.
Some big names were among the apps tested. For example, Pandora sent age, gender, location and UDID data to various ad networks. TextPlus 4 (free text messaging app) sent the UDID to eight ad companies, and zip code, user age and gender to two more. In one of the worst cases, an iPhone game called Pumpkin Maker transmits live location data to an ad network without even asking a user permission to use locations services, in clear violation of Apple’s rules, yet it remains available for sale.
In fact, according to Apple’s stated policy, iPhone apps are not allowed to “transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used.” Yet many of the apps tested by the WSJ appear to violate this rule, and Apple declined to discuss its understanding of what the rule means in practice.
The info passed along by these apps is used by advertisers to build a user profile for the purposes of targeted advertising and marketing campaigns. For many of the services involved in the apps mentioned, you actually agree to provide your info to third-party companies when you initially sign up (in that lengthy user agreement you scrolled right through without reading). Chances are, if an app requests use of your location, or wants you to provide your age, gender, etc., it isn’t just out of curiosity, especially if it’s a free app, in which case data farming may be the only way the app gathers revenue.
I know why companies don’t make this practice clear to users. If you foreground the fact that you’re gathering info just to it share with many others, then people will be far less likely to use your app, even if you explain that info won’t be used to identify or target you personally, but will instead help paint a picture of a general category of customer. That’s hard to explain in an alert dialog box.
Still, in this case, Apple seems to be selectively fulfilling its role of stewardship with regard to iPhone software. If the company feels it has a responsibility to monitor the apps it provides through its storefront for questionable and inappropriate content, then it should also provide fair warning that some of these apps want to collect and distribute more of your data than you feel comfortable sharing.
Related content from GigaOM Pro (sub req’d):