Mobile Apps Caught Stealing Data
It seems that while many people have been enjoying the benefits of mobile wireless internet, blithely surfing and downloading apps, there are some apps (both on the iPhone and Android) that have been collecting personal data without your knowledge.
The problem was highlighted by Lookout Inc, a mobile phone security firm, and presented at the recent ‘Black Hat’ computer security conference in Vegas. They tested over 300,000 free apps for both iPhone and Android and found that many of them pull off sensitive data and transmit it to third parties without your knowledge, and usually unencrypted. This included around 1/4 of iPhone apps and a staggering 1/2 of all Android apps! Data included can range from contact lists, pictures and messages to internet browsing histories and IMSI numbers (unique identifiers). The disparity between iPhone and Android figures is probably due to the fact that Google App Inventor has just been released, allowing anyone to make an app, whilst Apple claim they have a ‘vetting system’ for developers and ‘take security very seriously.’
These pieces of code are written by the third parties and inserted by the developers, usually for the purpose of running ads or similar, but force the phone to collect more info than even the developers may realise. John Hering, CEO of the San Francisco-based Lookout was quoted as saying
We found that not only users, but developers as well, don’t know what’s happening in their apps, even in their own apps, which is fascinating!
One major culprit here is a developer called “jackeey,wallpaperr”, whose free wallpaper apps required access to “phone state and identity”, but transmitted data to a server in California which was owned by someone in Shenzen Province, China. The extent and purpose of this data collection is still unknown, but many people suspect it is being sold to advertisers or marketing companies. This user has since had his account blocked, but could quite easily pop up under another moniker.
The main problem here is that, although warnings are shown, many people simply skip past and install apps without knowing what they are really doing. Let’s be honest, we’re all guilty of that. This whole area helps to highlight the privacy threat from not only wireless apps, but wireless internet as a whole. As technology becomes ever more complicated, the amount of people who actually know what it is doing decreases, therefore the chance to exploit it increases. However, Lookout Inc. have done a great job in bringing this to the attention of the mobile companies; lets hope they work a bit harder on security.