Smartphone apps could be sharing your private data

August 5, 2010 - 0:0

You might not give out your phone number to strangers, but the free app you downloaded on your phone might be doing just that.

Technology Review reported that apps downloaded on mobile devices can collect users' sensitive data – such as phone number, location and contact lists - catching users as well as application developers unaware.
The App Genome Project, developed by the mobile security company, Lookout, examined more than 300,000 phone apps. They found that that most app developers don't know that the code written by third-parties is harvesting users' data.
“Mobile apps are doing a lot of things that people would not expect,” Lookout CEO John Hering told Technology Review.
In one example, the project found that a wallpaper application for the Android gathers users' data and then transmitted it to a server over an unencrypted network connection. The information included the device's number, subscriber identification and even the voicemail number for the phone. It was estimated that the app was downloaded over 1.4 million times.
Apps for the iPhone, Blackberry and Android phones can all gather sensitive data from users. Both the iPhone and Android systems warn users that the app wants to collect sensitive data, but it doesn't reveal what data is collected or where it will end up.
While the project didn't find any actual malicious use of the data, they did say that third-party apps have the potential to take control of a phone. The project found instances where Androids released user data into logs that made it accessible to other applications. That vulnerability has since been addressed by Google and fixed in the v.2.2 versions of Android and beyond.
Nearly one-third of all free iPhone apps try to get a user's location. Approximately 14 percent of iPhone and 8 percent of Android apps try to access users' contact information.
The project found that almost half of the Android apps and over one-fifth of the iPhone apps depend on code written by third-party developers. The ‘application framework' makes building the app easier, but might also allow it to do things the developer never intended.
“Apple and Goggle are doing a great job trying to keep these platforms secure,” Hering told Technology Review, “but that does not mean anything if the developers are introducing vulnerabilities using third-party development kits.”
(Source:nydailynews.com)