Months ago, a study revealed that Apple’s app store apps collected more personal info of users than jailbreak apps. Now a new study is almost a follow-up to that study.
A recent report by security company, BitDefender says that approximately 18.6% of the 65,000+ iPhone apps included in its study can still access a user’s address book data. 41% can still track location. Only 57.5% of apps encrypt the cropped private data. The report continued to highlight the importance of Apple’s new data isolation privacy initiative after showing the results of their study.
Catalin Casoi, Chief Security Researcher at BitDefender said:
It is worrying stored data encryption on iOS apps is low and location tracking is so prevalent. Without notification of what an app accesses, it is difficult to control what information users give up… We see a worrying landscape of poor user data encryption, prevalent location tracking and silent, unjustified, Address Book access.
Clueful, an iOS tool by BitDefender that could be used for detecting apps that accessed users’ private data, was recently removed from the App Store by Apple. The app had been available since May . While the issue of apps collecting private data without user permission still exists, it is unclear why Apple removed Clueful from the App Store.
The folks at BitDefender stated that they were looking into the issue and trying to get the app back into the App Store.
The whole ordeal occurred after Apple promised to implement stricter privacy controls and notifications for app developers requesting private user data. These rules are a part of Apple’s new data isolation privacy initiative which is prevalent in iOS 6. Apps like Instagram and Path, which were previously collecting data without warning users, have already implemented warnings for users. Apple described the upcoming changes in iOS 6 recently by stating the following:
In iOS 6, the system now protects Calendars, Reminders, Contacts, and Photos as part of Apple’s data isolation privacy initiative.
Users will see access dialogs when an app tries to access any of those data types. The user can switch access on and off in Settings > Privacy.
There are APIs available to allow developers to set a “purpose” string that is displayed to users to help them understand why their data is being requested.
There are changes to the EventKit and Address Book frameworks to help developers with this feature.
We will have to see how effective this initiative from Apple turns out to be once iOS 6 rolls out to the general public. However, for now, we recommend our readers to play safe and read messages carefully when installing new apps.