User information is shared everywhere by iOS and Android apps

[Scorpus]

Surprise, surprise: researchers have discovered that apps available in both the Google Play Store and the iOS App Store frequently send personal information to a multitude of sources, often without notifying the user.

The researchers tested 110 popular free apps, 55 from each app store, and looked specifically for how and where these apps shared personal information. It was discovered that, on average, Android apps send user information to 3.1 third-party domains, while iOS apps send data to 2.6 third-party domains.

The situation is a little bit worse on Android than it is on iOS. 73% of the Play Store apps tested send the user's email address to third-parties, 49% send the user's name, 33% send the handset's current GPS coordinates, 25% sent addresses, and 24% sent IMEI information.

On iOS, 47% of apps sent the user's current location, 18% sent the user's name, and 16% sent the user's email address. Of the domains that data was sent to, google.com was the most popular, with 36% of all apps sending data there, while googleapis.com was used by 18% of apps, and facebook.com by 14%.

The most concerning discovery was that some health-related apps were sending potentially sensitive user information to third-party domains. An app from Drugs.com, for example, sent some symptom information to five domains, including to advertisers like DoubleClick. Period Tracker Lite also transmitted symptom information to third parties.

It should be noted that this information is being sent to third parties with permission, as these apps require a user's permission to collect the data they are sending. However, the apps often don't inform users that the data they agree to share is being sent off to third-parties, and users will often blindly accept permission requests when they are presented.

The researchers suggest the only way to avoid having your data transmitted to various sources is to supply false data wherever possible. It's also a good idea to selectively disable permissions for apps if you don't think they require them, which is possible to do in some cases in iOS 9 and Android 6.0.

Permalink to story.

https://www.techspot.com/news/62675-user-information-shared-everywhere-ios-android-apps.html

 

[OutlawCecil]

Ugh I hate paranoia articles like this. NOBODY cares who you are. They tested "popular" apps, meaning there's probably hundreds of thousands of people using it. If it's leaking a bunch of information about you, that means somebody is getting a butt load of info and nobody has time to sort through all that crap. Do you really think they collect that much data only to have some nerd in thick glasses single out YOUR info to have a good laugh?

No, it's collected in bulk to gather general information about where the app is being used, how the app is being used, and pretty likely crash and bug information. This is not a problem for the everyday user nor is it anything new. Stop being paranoid!

 

[psycros]

Ugh I hate paranoia articles like this. NOBODY cares who you are. They tested "popular" apps, meaning there's probably hundreds of thousands of people using it. If it's leaking a bunch of information about you, that means somebody is getting a butt load of info and nobody has time to sort through all that crap. Do you really think they collect that much data only to have some nerd in thick glasses single out YOUR info to have a good laugh?

No, it's collected in bulk to gather general information about where the app is being used, how the app is being used, and pretty likely crash and bug information. This is not a problem for the everyday user nor is it anything new. Stop being paranoid!

How much do they pay shills like you? Or do you make a complete fool of yourself for free?

 

[OutlawCecil]

I'm a computer technician of about 18 years. I am also a software developer and have experience in this exact issue. It's funny how you proved my point further by assuming companies pay me to defend them.

Take a keyboard for example. Many Android keyboards are cloud based now, meaning they send things you type in. Is somebody reading those? No, they accumulate and allow the system to learn from all users so it can predict words better and so the developers can learn the commonly used words that their keyboard gets wrong.

 

[DelJo63]

Privacy & Security needs to operate on "The Need to Know", which says without that input, some task or process can not be performed. Looking at the other-way-around, such information allows WHAT to be done?? and that's the rub - - far too much is possible.
For example, Name, DoB and SSN gives access to credit reports AND the ability to get new credit.

Review your Apps for the permissions which are already enabled and remove/disable as many as possible.

 

[RustyTech]

Ugh I hate paranoia articles like this. NOBODY cares who you are. They tested "popular" apps, meaning there's probably hundreds of thousands of people using it. If it's leaking a bunch of information about you, that means somebody is getting a butt load of info and nobody has time to sort through all that crap. Do you really think they collect that much data only to have some nerd in thick glasses single out YOUR info to have a good laugh?

No, it's collected in bulk to gather general information about where the app is being used, how the app is being used, and pretty likely crash and bug information. This is not a problem for the everyday user nor is it anything new. Stop being paranoid!

How much do they pay shills like you? Or do you make a complete fool of yourself for free?

I would say he's getting paid...no way is he really that stup!d! but who knows...maybe?

 

[OutlawCecil]

Thanks RustyTech for again proving my point that people are overly paranoid.

jobeard, don't get me wrong, I do agree. People should have a way of seeing exactly what is being shared and have the option to disable it. There are many complications with doing that however. You can blame Android for not having control of that, but from outside the programming of the app itself, all you could really do is block any and all data, which you can already do with a simple firewall app. If you want to blame creators of the app, there's unfortunately no good way to force programmers to include a section in the app to explain data usage and give switches to disable some. How do you enforce that and ensure it really is turning off? In the end, the solution is to use a firewall to block communications where it isn't needed and to steer clear of apps you don't feel safe using. Simple as that.

 

[Evernessince]

See, this is why I have very little concerns for the needs of ad companies or data harvesters. Why should I disable ad block on websites that are going to bombard me with intrusive ads? Why should I share my location with google? The short term benefit of doing so is far outweighed by the negatives.

 

[RobertM]

Ugh I hate paranoia articles like this. NOBODY cares who you are. They tested "popular" apps, meaning there's probably hundreds of thousands of people using it. If it's leaking a bunch of information about you, that means somebody is getting a butt load of info and nobody has time to sort through all that crap. Do you really think they collect that much data only to have some nerd in thick glasses single out YOUR info to have a good laugh?

No, it's collected in bulk to gather general information about where the app is being used, how the app is being used, and pretty likely crash and bug information. This is not a problem for the everyday user nor is it anything new. Stop being paranoid!

I'm assuming you would like to apply this same principle to the NSA / GCHQ situation, correct?

 

[wiyosaya]

I'm a computer technician of about 18 years. I am also a software developer and have experience in this exact issue. It's funny how you proved my point further by assuming companies pay me to defend them.

Take a keyboard for example. Many Android keyboards are cloud based now, meaning they send things you type in. Is somebody reading those? No, they accumulate and allow the system to learn from all users so it can predict words better and so the developers can learn the commonly used words that their keyboard gets wrong.

Interesting that you pick the most benign example possible.

I'll give you the benefit of the doubt. Maybe you or the company that you work for does not do anything questionable with the data; however, I have found that measuring others by my experience does not always give the result that I would hope for. In other words, just because you do not do anything underhanded with the data does not mean that everyone else treats it likewise, and that, as I see it, is why people are suspicious of your post.

 

[OutlawCecil]

RobertM, pretty much, yep. Unless your a terrorist, doing something highly illegal, or your famous, why would anybody care about Joe Bob from Atlanta Georgia who's a nurse and just broke up with Karen because she's too clingy? There's only 321 million other people in the US but I'm sure somebody with the NSA is listening to every phone call and keeping updated on Mr. Joe. See my point?

wiyosaya, I agree there may be some bad companies out there that may abuse the information they collect. But help me out and tell me the worst possible scenario you can come up with where an app may collect info about you and terrorize your life? Lets at least assume your an average user and not dumb enough to download a random app and give it your social security number and credit card number. Oh and as a side note, I chose a keyboard app because collecting everything you type juuuuust might include credit card numbers or SS number if you use it for everything. So it *could* be a huge risk actually.