Last week it was discovered that a number of popular iPhone apps were invading users’ privacy and uploading entire address books to external servers. The data uploaded included full names, phone numbers and email addresses, and the offending apps never asked for permission to transfer this sensitive data. A group of researchers at the University of California at Santa Barbara and the International Security Systems Lab began a study last year to discover how and where iPhone apps were transmitting data, reports Forbes. The team found that one in five free apps in Apple’s App Store was uploading private data to external servers, and apps from Cydia, an app store for jailbroken iPhones, would leak private data less frequently than Apple-approved apps. Read on for more.
The study showed that 21% of apps tested from the App Store uploaded a user’s Unique Device Identifier, 4% uploaded the device’s location and 0.5% uploaded the user’s contact list. Just 4% of apps downloaded through Cydia uploaded a user’s UDID and one app — MobileSpy, which was specifically designed for espionage — out of the 500 tested leaked location and contact data. A table from the study showing how frequently authorized App Store and unauthorized Cydia apps leak private information follows below.