Mobile apps collecting sensitive data

[akugami]

Arstechnica

Seems some Android apps are collecting and sending data that I would find uncomfortable if it happened to me. Seriously, I have a few apps on my iPhone that are advertisement supported but when the app in question sends data such as GPS location and phone number...that's crossing the line. And I don't think for a minute this is listed as an Android only problem. It's less likely, though entirely possible, on iOS but other smartphone OS's will also have to be on the lookout.


*EDIT*

Changed title to reflect the fact that it's not just Android but iOS apps collecting data that probably should remain private.

 

[Oyeve]

Buyer beware. I'd be surprised if data WASN'T collected.

 

[Deeko]

The Market warns you of what data the app can access before you install it. Problem is, most people don't read it.

If you're downloaded a sports scores widget and it can access your phone book....yea, you probably should question that.

 

[dguy6789]

They might as well make an article that says "some Windows programs collect sensitive data". It's a public place, people need to use common sense when they download things from the internet. Running Android doesn't mean you get to be brain dead when you download things.

 

[akugami]

The problem is that the data collected doesn't seem to be anonymous...they're attaching your phone number along with GPS location and stuff. If the app was generating a random anonymous ID and sending it, that's one thing but with a phone number they can easily find out who you are (or at least who the account holder is) even if it's not sending your exact name and address.

 

[Bateluer]

A lot of applications do this, I've voiced this before. Keep getting ignored on it too. People don't care that their GPS locations are being recorded, or if their contacts and phone books are being sent to a 3rd party.

 

[coolVariable]

The Market warns you of what data the app can access before you install it. Problem is, most people don't read it.

If you're downloaded a sports scores widget and it can access your phone book....yea, you probably should question that.

Sadly - pretty much all apps (including really good ones) have ridiculous requests for data access.
What can you really do about it, except not installing the app (which might not be a real option)

 

[snikt]

A lot of applications do this, I've voiced this before. Keep getting ignored on it too. People don't care that their GPS locations are being recorded, or if their contacts and phone books are being sent to a 3rd party.

Is this true even if GPS is not enabled?

 

[tatteredpotato]

Is this true even if GPS is not enabled?

If you're GPS is disabled I would venture a guess that it would revert to the cellular approximations.

 

[zerocool84]

Sadly - pretty much all apps (including really good ones) have ridiculous requests for data access.
What can you really do about it, except not installing the app (which might not be a real option)

Yea we don't have many options. Either all of us on any phone with apps install nothing or deal with it. It affects us all with modern smartphones.

 

[pm]

On the iPhone side, which I mention just as comparison, not because I think the situation is any better, pretty much the only warning that I ever see if when an "app wants to use your location?". I've never seen any other warnings or dialog boxes regarding other information. If I turn off "Location Services" entirely - as I often do to save battery life - then I get a dialog box asking me if I want to turn it on.

My personal opinion is that a user should have better control over privacy settings. It's fine for apps to pay for themselves with advertising, and it's fine if they want location, phone numbers, user names, cookies, whatever, but a user should also have control over what it can and can't see. On the iPhone, the location services lets you control which apps can and can't see your location. I'd personally like to see something like this for all apps, for all information. And then if you disabled more settings than the app author is happy with, he can make it so that the app won't run. Not that I'm likely to get what I want... but that's what I would want.

Just saying "deal with it, or don't install apps" to me isn't a solution because some apps, I might want might not share any data, and some apps that I really don't want might be sharing more than I'm comfortable with.

I will say that if the industry doesn't improve the situation then at some point, it's going to be a big deal for them. At some point there's going to be a Dateline or 60 Minutes or something about all of the data that it's sending and there will be interviews with outraged consumers and then Congress or the FCC will step in and make a mess of things trying to solve the problem. I'm disappointed that Google and Apple haven't made this whole thing more transparent.

 

[Bateluer]

If you're GPS is disabled I would venture a guess that it would revert to the cellular approximations.

Network Locations can also be turned off. I keep both GPS and Network Location turned off. I'd like to have them on, but too many apps that I use want location information, for some reason. I've uninstalled a few of them, left a comment as to why, and contacted a few devs about it.

 

[coolVariable]

Yea we don't have many options. Either all of us on any phone with apps install nothing or deal with it. It affects us all with modern smartphones.

I wish one could just block it, e.g. via a firewall.
IT should be noted that they tested the top 200 apps on android and found offenders - that's 200 of the most installed apps, ie you are very likely to be affected on android!!!
They absolutely should publish the names of the apps - I would not be surprised if installs drop significantly ... and maybe that leads to change.

 

[Gooberlx2]

The Market warns you of what data the app can access before you install it. Problem is, most people don't read it.

Are the warnings granular enough to tell you which data it accesses? For example, I might not care about my email address getting out (spam filtering is easy enough), but I'm not a fan of my phone# being used.

 

[coolVariable]

Are the warnings granular enough to tell you which data it accesses? For example, I might not care about my email address getting out (spam filtering is easy enough), but I'm not a fan of my phone# being used.

And the list of warnings is ridiculous for 99% of apps anyhow.
Most apps could/should work without any of the items that they ask access for ... but what can you do about it? Nothing except not installing the app.

 

[akugami]

I wish one could just block it, e.g. via a firewall.
IT should be noted that they tested the top 200 apps on android and found offenders - that's 200 of the most installed apps, ie you are very likely to be affected on android!!!
They absolutely should publish the names of the apps - I would not be surprised if installs drop significantly ... and maybe that leads to change.

I know the test was on Android only but I'd be very surprised if the situation wasn't similar in iOS. Heck, a lot of the apps I install, I always say "no" when it asks if it can get location data or whatever the exact warning is. There's no reason for Solitaire to ever get info like my location. Again, I use the iPhone but I'm under no illusion that the situation is any better on iOS. The only plus is that with Apple's nazi ways it's less likely but not impossible as evidenced by the hidden code that allowed for tethering in a "flashlight" app.

 

[zerocool84]

I know the test was on Android only but I'd be very surprised if the situation wasn't similar in iOS. Heck, a lot of the apps I install, I always say "no" when it asks if it can get location data or whatever the exact warning is. There's no reason for Solitaire to ever get info like my location. Again, I use the iPhone but I'm under no illusion that the situation is any better on iOS. The only plus is that with Apple's nazi ways it's less likely but not impossible as evidenced by the hidden code that allowed for tethering in a "flashlight" app.

Yea this really affects all of us.

 

[akugami]

http://www.pskl.us/wp/?p=476

The other foot so to speak. I had a feeling that it wasn't limited to Android and, unfortunately, it seems I was right.

 

[zerocool84]

http://www.pskl.us/wp/?p=476

The other foot so to speak. I had a feeling that it wasn't limited to Android and, unfortunately, it seems I was right.

Seems like it's TOO easy for them to get our info.

 

[coolVariable]

An alternative solution would be for the OS to "fake" a set of data for apps (unless you allow "real" data on the OS level)

 

[zerocool84]

http://www.pskl.us/wp/?p=476

The other foot so to speak. I had a feeling that it wasn't limited to Android and, unfortunately, it seems I was right.

Here's an Engadget article today about this that you talked about

http://www.engadget.com/2010/10/03/hacker-claims-third-party-iphone-apps-can-transmit-udid-pose-se/

It doesn't matter what platform we're on, we're all going to be dealing with this.

 

[akugami]

Here's an Engadget article today about this that you talked about

http://www.engadget.com/2010/10/03/hacker-claims-third-party-iphone-apps-can-transmit-udid-pose-se/

It doesn't matter what platform we're on, we're all going to be dealing with this.

There's actually an Ars Technica article on the iOS apps as well. It's why I changed the thread title. I usually choose the "no" option when an app asks for permission to get location data and all that crap but I know a lot of people who will just pick the "yes" option no matter what it says.

I think all of us mobile users need to voice our displeasure to both Apple and Google.