Which iPhone Apps Are Tracking You?

A recent study shows that over half of iPhone applications collect your device ID. Should you be worried about your privacy?

shadow in alley

A new study reveals that over half of all iPhone apps gather and share the device ID code--and they do it without the users' knowledge. The study, conducted by Manuel Egele of the Technical University of Vienna and three other researchers, will be presented at the Network and Distributed System Security Symposium in February, reports Technology Review.

Egele and his fellow authors studied 1,400 iPhone apps, finding that over half of them (750, to be precise) used a tracking technology and collected the 40-digit number unique to each phone. In a small minority of cases, apps "blatantly compromised privacy," in the assessment of Technology Review: 36 accessed the iPhone's location without permission, and five raided the user's address book without asking.

According to Egele, the device ID isn't just some anonymous string of numbers; companies could potentially link it to a Facebook account, thereby learning the actual name of the person whose phone it is. "There is a potential for companies who are not too legit to build profiles of their users," he said.

Before your burn your iPhone and go off to live in a cave, however, there are a few circumstances you should know about. First, there's Egele's sample. He and his fellow researchers culled 825 free apps from Apple's App Store, and then grabbed another 582 from the Cydia repository, a service tailored to those who have jailbroken their iPhones. And though you might expect the free-for-all Cydia repository to host less scruplous apps, apparently the Apple store apps were more likely to be invasive of privacy. Still, a sample of entirely free apps is not a representative one; we'd wager that free apps might be more likely to skew towards the less secure.

Second, Egele took a very broad definition of "invasion of privacy"--any instance in which any sensitive data was extracted without a user's knowledge. There's no indication yet of any malicious intent associated with such extractions.

Still, the findings are enough to be troubling for privacy advocates. Will we be needing do-not-track software now for our iPhones, to complement the features Chrome and Firefox have been working on?

[Image: Flickr user mugley]

Add New Comment

5 Comments

  • Hotrao

    I'm quite surprised that Appple, that has a so strict approval policy on application sold through App store, omits checking the data monitored by applications.

  • Roscoe

    You must be totally joking. Apple and these companies are in league to siphon as much data off of you for sale to others.

    I'd be surprised if Apple approved apps that didn't steal your data and sell it to others. After all, how do you think Steve gets rich while you stay poor.

  • Justin White

    Who does think that Cydia apps would be more likely to "invade privacy"? Jailbreaking isn't about stealing programs (apps), it's about returning permission to the user to install any apps they choose. It makes sense to me that apps in Cydia would be more secure, as they're being offered based on utility, to users who care a bit more about freedom, not to the masses who just want shiny and will take whatever Apple tells them is hot this week, and don't bother to worry about privacy until it's too late.