Since I do not have "permission" to post in the actual news section, I am posting this here:

from the curated-for-a-different-purpose dept. posted by Soulskill on 2012-02-15 05:11:00

Sparrowvsrevolution writes "In the wake of news that the iPhone app Path uploads users' entire contact lists (http:// thenextweb. com/apps/2012/02/07/path-2-uploads-your-address-book-but-says-that-its-for-friend-matching-and-will-be-opt-in-soon/) without permission, Forbes dug up a study from a group of researchers at the University of California at Santa Barbara and the International Security Systems Lab that aimed to analyze how and where iPhone apps transmit users' private data. Not only did the researchers find that one in five of the free apps in Apple's app store upload private data back to the apps' creators that could potentially identify users and allow profiles to be built of their activities; they also discovered that programs in Cydia, the most popular platform for unauthorized apps that run only on 'jailbroken' iPhones, tend to leak private data far less frequently than Apple's approved apps. The researchers ran their analysis on 1,407 free apps (http:// seclab.cs.ucsb. edu/media/uploads/papers/egele-ndss11.pdf) (PDF) on the two platforms. Of those tested apps, 21 percent of official App Store apps uploaded the user's Unique Device Identifier, for instance, compared with only four percent of unauthorized apps."