18.6% of iOS Apps Still Collect Contact Information

[Akshay Masand]

According to a recent report by security company, BitDefender, approximately 18.6% of the 65,000+ iPhone apps included in its study can still access a user’s address book data, 41% can still track location, and only 57.5% of apps encrypt the cropped private data. The report continues to highlight the importance of Apple’s new data isolation privacy initiative after showing the results of their study.

According to Chief Security Researcher at BitDefender, Catalin Casoi:

It is worrying stored data encryption on iOS apps is low and location tracking is so prevalent. Without notification of what an app accesses, it is difficult to control what information users give up… We see a worrying landscape of poor user data encryption, prevalent location tracking and silent, unjustified, Address Book access.

What’s even more surprising regarding the ordeal is that BitDefender’s iOS tool for detecting apps that accessed users’ private data, Clueful, was recently removed from the App Store by Apple. The app had been available since May and while the issue of apps collecting private data without user permission still exists, it’s unclear why Apple removed Clueful from the App Store. The folks at BitDefender did state that they are looking into the issue and trying to get the app back into the App Store.

The whole ordeal occurred after Apple promised to implement stricter privacy controls and notifications for app developers requesting private user data. These rules are a part of Apple’s new data isolation privacy initiative which is prevalent in iOS 6. Apps that were previously collecting data without warning users, such as Instagram and Path, have already implemented warnings for users while Apple described the upcoming changes in iOS 6 recently by stating the following:

In iOS 6, the system now protects Calendars, Reminders, Contacts, and Photos as part of Apple’s data isolation privacy initiative.

Users will see access dialogs when an app tries to access any of those data types. The user can switch access on and off in Settings > Privacy.

There are APIs available to allow developers to set a “purpose” string that is displayed to users to help them understand why their data is being requested.

There are changes to the EventKit and Address Book frameworks to help developers with this feature..

We’ll have to see how effective their initiative turns out to be once iOS 6 rolls out to the general public. In the meantime, we’d recommend playing it safe and reading messages carefully when installing new apps.

Source: BitDefender via 9to5Mac

[iLoveWindows&iPhone]

Just say NO....

[hank197857]

1. contactprivacy,
2. protect my privacy
3. firewall ip

i wonder how effective these apps are. even though my "always deny" list is rather lengthy, i certainly wouldn't mind adding to it. does anyone know if there's a type of clearinghouse for these kinds of unwanted intrusions?

[Mrteacup]

well every social network and online game like words with friends will want it. its not like its always a bad thing

[cpotoso]

1. contactprivacy,
2. protect my privacy
3. firewall ip

i wonder how effective these apps are. even though my "always deny" list is rather lengthy, i certainly wouldn't mind adding to it. does anyone know if there's a type of clearinghouse for these kinds of unwanted intrusions?

Exactly my thoughts, and one more reason why jailbreaking is FUNDAMENTAL.