Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

9 iPhone-iPad Apps That Invade Your Privacy, and 1 That Doesn't

Tom Kaneshige | Feb. 1, 2013
Most iPhone and iPad apps appear harmless and fun, but don't fall for them. Some apps are virtual Trojan horses that swipe personal data when you're not looking. Appthority has put together a list of some of the worst offenders and you may be shocked to learn that a couple of the most popular apps made the list, such as Facebook and Angry Birds Star Wars. Be sure to check out the app at the end of the list for the one most honest.

"When we're looking to download the latest mobile app, we're generally not thinking about what it will do with our personal information. But many apps collect user information and share it with third parties, such as ad networks and analytics companies, in order to make a profit. They often access contact lists and calendar details, track our location and more. Plus, as many of us start using our own mobile devices for work use, we're putting company data at risk simply from the apps we've already downloaded. As more people bring their own mobile devices and apps into the workplace, security and education on app risk will become increasingly important.

Facebook

What it does: The free Facebook app is one of the most popular social networking apps on the App Store.

What are the risks:

  • Sends sensitive data in clear text (no encryption).
  • Has access to a user's Location and Contacts Book.
  • Uses Google Maps and transmits source or destination location values unencrypted over HTTP.
  • Includes file paths to source code files in debug information, stored within the app's executable. These file paths include usernames and information related to the app developer.

Note: The app now handles user authentication better when using a Facebook account to log into third-party sites or services. The app used to have authentication tokens that never expire; the authentication tokens now expire in 1 hour.

QR Pal

What it does: QR Pal - QR Code Scanner and Barcode Reader (free) is an iPhone app that lets users scan, store and share QR codes, and compare product prices with a built-in barcode reader. QR Pal rewards users with monthly cash prices.

What are the risks:

  • Not compiled as a Position Independent Executable (PIE), which could expose the app to memory corruption attacks.
  • Sends some sensitive data in clear text (no encryption).
  • Can access a user's Location, Calendar and Contacts Book.
  • Includes file paths to source code files in debug information, stored within the app's executable. These file paths often include usernames or other information related to the app developer or development company

iTorcia

What it does: Have you ever downloaded a flashlight app from the Apple App Store and got a weird request for access your location? iTorcia is a popular flashlight app that Appthority calls "suspect."

What are the risks:

  • Includes the device's Unique Device Identifier as a query string parameter in the URL that is sent unencrypted via HTTP.
  • Accesses user's Location, Calendar and Contacts Book.
  • Includes file paths to source code files in debug information, stored within the app's executable, which often include usernames and information related to the app developer.
  • Incorporates Flurry Analytics framework, a service used to collect usage data, as well as Millennial Media, AdMob, DoubleClick and other analytics and ad network frameworks.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.