Apple approved iOS apps leak private data more than jailbroken Cydia apps
Feb 20, 2012. Page visits: 451
Tags:
Users have learned over the last few years that Apple’s “walled garden” approach to third party apps isn’t quite as protective of their sensitive data as it might sound. More surprising, perhaps, is another revelation: that the popular unauthorized apps outside those walls tend to respect privacy better than the approved ones inside.
As the scandal swirled this past week over news that the iPhone app Path uploads users’ entire contact lists without permission, I came upon a study (PDF here) released last year by a group of researchers at the University of California at Santa Barbara and the International Security Systems Lab that aimed to analyze how and where iPhone apps transmit users’ private data. Not only did the researchers find that one in five of the free apps in Apple’s app store upload private data back to the apps’ creators that could potentially identify users and allow profiles to be built of their activities. They also discovered that programs in Cydia, the most popular platform for unauthorized apps that run only on “jailbroken” iPhones, tend to leak private data far less frequently than Apple’s approved apps.
After building a tool called PiOS that analyzes private data leaks from iOS apps, the researchers ran their analysis on 1,407 free apps–825 downloaded from Apple’s App Store using the website App Tracker, and 526 accessible through BigBoss, the largest repository of unauthorized apps available to users through the Cydia app market for jailbroken iPhones and iPads.
Of those tested apps, 21 percent of official App Store apps uploaded the user’s Unique Device Identifier, (UDID) a series of user-specific digits that can be tracked between apps to assemble a profile of a specific person’s behavior. Four percent uploaded the device’s location, and half a percent uploaded the user’s contact list. When the researchers analyzed the unauthorized Cydia apps, on the other hand, only four percent leaked the user’s UDID, and only one app out of the 500 tested–a program specifically designed for espionage called MobileSpy–leaked location or contact data.
For Manuel Egele, a post-doctoral researcher at UCSB, the discovery by a Singaporean researcher that the social networking app Path uploads users’ contact list only confirms a pattern he and his co-authors have long seen. Four of the Apple-approved apps he tested last year were found to similarly upload contacts, including one from the location-based social network Gowalla. ”Clearly this behavior hasn’t changed over the last year. I’m not sure whether there’s been any improvement from Apple’s side,” Egele says. “For easily accessible data, app store apps are much more frequently accessing and leaking that data. The app store is supposed to be a walled garden. Unless Apple gives approval, you can’t put things there. But whatever job the company is doing isn’t good enough.”
But why would Cydia’s unauthorized apps actually leak private data less often than those that Apple approves? Egele points to Cydia’s culture of privacy among administrators and users. “The people who run Cydia seem very conscious of what information is available and can be accessed,” says Egele. “The applications you get from Cydia are geared toward more privacy-aware people.”
I’ve contacted Apple for comment and will update this post if I hear back from the company.
With somewhere between 10 million and 15 million users, Cydia’s app platform has become the default unofficial app store of users who jailbreak their iPhones and iPads, hacking them to install applications and operating system tweaks that Apple restrictions are designed to block. That kind of device hacking, using security flaws hackers find in iOS’s code to unlock its restrictions against running unapproved code, also introduces new security and privacy risks for users by stripping away the phone or tablet’s security features and leaving the device open to malware.
But Jay Freeman, Cydia’s creator, points to numerous applications available via Cydia that actually give users privacy and security features they wouldn’t otherwise have. Immediately after the Path scandal broke, for instance, a developer named Ryan Petrich created a tweak for Cydia called ContactPrivacy that warns the user whenever an application wants to upload his or her contact information, (shown above) rather than simply allowing the data to be transmitted by default. Another app that Freeman wrote himself, called PrivaCy, gives the users a toggle switch that allows them to control whether any particular app can upload usage statistics to a remote server.
“If you care about this kind of thing, you should jailbreak your phone,” says Freeman. “Instead of Apple making decisions about what’s good and bad, you decide. People think jailbreaking is about deciding that things Apple doesn’t like are good. But it also allows you to decide that things Apple likes are bad. We provide you the tools to block the functionality you don’t believe apps should have on your phone.”
Comments:
-
News comments - page 1 of 1
To post your opinion, please fill out the form below
Related Mobile Phones News:
|
Wikipedia Now Available In The Android MarketWikipedia is one of the most reliant and world’s largest online encyclopedia and many students around the world use to complete college/school assignments. As you might know that yesterday Wi... |
|
Owners report that the Samsung Galaxy Nexus is plagued by random rebootsWe’re not arguing about it, but it must surely be wonderful being the Samsung Galaxy Nexus – considering that it’s the sole device on the market available right now packing Androi... |
|
Apple in talks with HzO to waterproof future devices?HzO, a company that waterproofs electronics with its "WaterBlock" technology, is in talks with Apple about using the product in future releases including the Apple iPhone. The company dis... |
|
Nokia Lumia 900 expected to launch on March 19When Nokia announced the new Lumia 900 at CES they only said it will be released in the next few months without giving a proper date. WMPoweruser has now learned that the phone will in fact be laun... |
|
Good News for Skype user its integration in Windows PhoneSkype for Windows Phone, along with Skype for Windows 8 and Xbox, is coming soon, says Skype's VP of Products, Rick Osterloh. Although it's been eight months since Microsoft acquired Sk... |
Top Mobile Phones Brands
Nokia
Sony Ericsson
BlackBerry
Megagate |
Samsung
Motorola
Apple
Qmobile |
LG
HTC
Voice
Acer |
All Mobile Phones Brands
SMS Categories
| Christmas SMS |
Flirt SMS |
Funny SMS |
| Love SMS |
New Year SMS |
Sad SMS |
| Valentins Day |
Latest SMS Jokes
Don't wait until it's too lateDon't wait until it's too late
to tell someone how much you love,
how much you care.
Because wh... Happy Valentines Day
Tears can sometimes be more special than smiles?
For smiles can be given to any one?
But tears are... You are my valentine
You are my valentine,
Which is why I have a smile.
Because you are mine,
I would go that extra mi... Do you know that beside valentine day
Do you know that beside valentine day,
the whole week (infact 2 weeks) is dedicated for various pur... To Remind Us That True Love Hurts
Why Does 'CUPID' Never Grow Up . . .?
Because
It Symbolizes That Love Never Gets Old.
And
...
