Research conducted by Bitdefender, the award-winning provider of innovative antivirus solutions, has revealed almost one in five iOS apps can access a userâ€™s iPhone Address Book, while some 41 percent can track your location and more than one in three store user data without encrypting it. The study of more than 65,000 apps distributed widely on the Apple App Store revealed tens of thousands tap contact information and access data without explicit user permission.
While many apps clearly use these privileges to function, others have no obvious use for the data they may be collecting, ranging from accessing a userâ€™s phone book to tracking usage. By default, apps on the App Store only ask for permission to access locationâ€“related services and not when accessing the Address Book or other functions.
Bitdefenderâ€™s analysis included 65,000 of the more popular apps in the App Store and found only 57.5 percent encrypt stored data while the rest do not, potentially placing the userâ€™s data at risk after accessing it.Â Some 41.4 percent of the apps analysed can track a userâ€™s location, meaning most iPhone owners are likely to have at least one app on their device capable of knowing where they are.
Location tracking used in contextual ads that display based on a userâ€™s geo-location is highly controversial, yet common. This type of information can be sold to companies, helping them build effective marketing campaigns. Bitdefenderâ€™s study did not cover all available apps so the numbers and ratios may change when extrapolated across the whole App Store.
The research also revealed 18.6 percent of the apps can access a userâ€™s Address Book, including all contact details. The only legitimate reason for an app to access the userâ€™s Address Book would be to transfer contacts or merge social media contact details with your on-device phone numbers. Itâ€™s unlikely almost a fifth of all apps need Address Book information to function. Chances are high many apps access Address Books without a userâ€™s knowledge.
Bitdefender also found 30.7 percent of the apps analysed can display ads and 16.4 percent can connect to Facebook. Other functions include tracking usage through Flurry analytics, Google Analytics of Mobclix analytics. Some apps use all three analytics software. Hundreds of apps analysed also use an iPhoneâ€™s Unique Device Identifier (UDID) which can identify the owner, while hundreds more use background Voice-over-IP, Open Feint usage tracking and more.
Private data may be used to determine an individualâ€™s behaviour patterns including, but not limited to, profiling for marketing activities. Collection algorithms and patterns are sometimes used to reveal much more, including user identity. There is no publicly accessible database for user education and awareness on these privacy concerns.
Smartphone users concerned about their data should check out the free Clueful iOS Security app, powered by Bitdefender, and learn more about how apps treat their privacy.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
This article is based on the technical information provided courtesy of Bitdefender Labs.