What information is your iPhone or other smartphones collecting and sharing about you ?
Some of you may have noticed recent articles concerning Federal inquiries (subpoenas) into user data collection and sharing practices of application developers and their apps that support Apple's iOS and Google's Android based systems. There is growing concern over the amount of information that various apps are collecting, how it can be correlated to actual people, and what policy's are in place to protect consumer's privacy. Here are several of those stories:
Pandora, other app makers subpoenaed over user data collection http://arstechnica.com/apple/news/2011/04/pandora-other-app-makers-subpoena ed-over-user-data-collection.ars
What the app privacy investigation means to you (FAQ)
However, if one wants to get to the start of this story you need to look at a Bucknell University study from October 2010 entitled "iPhone Applications & Privacy Issues: An Analysis of Application Transmission of iPhone Unique Device Identifiers (UDIDs)" that performed the initial collection and analysis of the information being exchanged by the application with remote servers. The report can be found at http://www.pskl.us/wp/wp-content/uploads/2010/09/iPhone-Applications-Privacy-Issues.pdf. Here is part of the paper's Executive Summary:
" ... we studied a number of iPhone apps from the "Most Popular" and "Top Free" categories in Apple's App Store. For these applications, we collected and analyzed the data being transmitted between installed applications and remote servers using several open source tools. We found that 68% of these applications were transmitting UDIDs to servers under the application vendor's control each time the application is launched. Furthermore, 18% of the applications tested encrypted their communications such that it was not clear what type of data was being shared. A scant 14% of the tested applications appear to be clean. We also confirmed that some applications are able to link the UDID to a real-world identity."
This is just the tip of the iceberg. For those interested in the security, or lack thereof, associated with the their smartphone apps I would recommend reading this report (19 pages). After reading the report, it is easy to understand why some people are raising privacy concerns over smartphone apps. Once again there is the thought out in the development (and user communities) that functionality trumps security. Unfortunately this is common with "new" technology.
Some of you may have noticed recent articles concerning Federal inquiries (subpoenas) into user data collection and sharing practices of application developers and their apps that support Apple's iOS and Google's Android based systems. There is growing concern over the amount of information that various apps are collecting, how it can be correlated to actual people, and what policy's are in place to protect consumer's privacy. Here are several of those stories:
Pandora, other app makers subpoenaed over user data collection http://arstechnica.com/apple/news/2011/04/pandora-other-app-makers-subpoena ed-over-user-data-collection.ars
What the app privacy investigation means to you (FAQ)
However, if one wants to get to the start of this story you need to look at a Bucknell University study from October 2010 entitled "iPhone Applications & Privacy Issues: An Analysis of Application Transmission of iPhone Unique Device Identifiers (UDIDs)" that performed the initial collection and analysis of the information being exchanged by the application with remote servers. The report can be found at http://www.pskl.us/wp/wp-content/uploads/2010/09/iPhone-Applications-Privacy-Issues.pdf. Here is part of the paper's Executive Summary:
" ... we studied a number of iPhone apps from the "Most Popular" and "Top Free" categories in Apple's App Store. For these applications, we collected and analyzed the data being transmitted between installed applications and remote servers using several open source tools. We found that 68% of these applications were transmitting UDIDs to servers under the application vendor's control each time the application is launched. Furthermore, 18% of the applications tested encrypted their communications such that it was not clear what type of data was being shared. A scant 14% of the tested applications appear to be clean. We also confirmed that some applications are able to link the UDID to a real-world identity."
This is just the tip of the iceberg. For those interested in the security, or lack thereof, associated with the their smartphone apps I would recommend reading this report (19 pages). After reading the report, it is easy to understand why some people are raising privacy concerns over smartphone apps. Once again there is the thought out in the development (and user communities) that functionality trumps security. Unfortunately this is common with "new" technology.
