A new study reveals that over half of all iPhone apps gather and share the device ID code—and they do it without the users' knowledge. The study, conducted by Manuel Egele of the Technical University of Vienna and three other researchers, will be presented at the Network and Distributed System Security Symposium in February, reports Technology Review.
Egele and his fellow authors studied 1,400 iPhone apps, finding that over half of them (750, to be precise) used a tracking technology and collected the 40-digit number unique to each phone. In a small minority of cases, apps "blatantly compromised privacy," in the assessment of Technology Review: 36 accessed the iPhone's location without permission, and five raided the user's address book without asking.
According to Egele, the device ID isn't just some anonymous string of numbers; companies could potentially link it to a Facebook account, thereby learning the actual name of the person whose phone it is. "There is a potential for companies who are not too legit to build profiles of their users," he said.
Before your burn your iPhone and go off to live in a cave, however, there are a few circumstances you should know about. First, there's Egele's sample. He and his fellow researchers culled 825 free apps from Apple's App Store, and then grabbed another 582 from the Cydia repository, a service tailored to those who have jailbroken their iPhones. And though you might expect the free-for-all Cydia repository to host less scruplous apps, apparently the Apple store apps were more likely to be invasive of privacy. Still, a sample of entirely free apps is not a representative one; we'd wager that free apps might be more likely to skew towards the less secure.
Second, Egele took a very broad definition of "invasion of privacy"—any instance in which any sensitive data was extracted without a user's knowledge. There's no indication yet of any malicious intent associated with such extractions.
Still, the findings are enough to be troubling for privacy advocates. Will we be needing do-not-track software now for our iPhones, to complement the features Chrome and Firefox have been working on?
[Image: Flickr user mugley]