or Connect
AppleInsider › Forums › Mobile › iPhone › iOS apps leak more personal data than do Android apps - report
New Posts  All Forums:Forum Nav:

iOS apps leak more personal data than do Android apps - report

post #1 of 30
Thread Starter 
The most popular free apps on Apple's iOS platform are sharing significantly more user data than the most popular apps on Google's Android platform, according to a study recently released by Appthority.

iOS v Android


Appthority's App Report for February 2013 looked at the top performing free mobile apps across both iOS and Android, as free mobile apps are more likely to rely ad networks and analytics companies as a means of generating revenue. Despite Android's reputation as a less secure platform, Appthority found that it was iOS apps that are allowed to engage in more risky behaviors.

The study found that all 50 of the top free iOS apps ? and 92 percent of the top 50 free Android apps ? send and receive data without encryption. iOS apps get more access to user data, with 60 percent of the top apps tracking user location, 54 percent having access to a user's contact list, 60 percent sharing data with ad or analytics networks, and 14 percent accessing users' calendars.

Android v iOS


Fifty percent of Android apps shared data with ad networks, while 42 percent tracked user locations. Only 20 percent of Android apps, though, had access to users' contact lists, and none were found to access the calendar.

Entertainment apps were found to be the loosest with user data, with games and business apps close behind. Educational and finance apps were found to display the fewest risky behaviors.

A number of questionable policies and security concerns have painted Google's Android platform as inherently less secure than Apple's iOS. Android does appear to be more vulnerable to malware than iOS, but mobile malware affects only one percent of apps. The larger concern, the study concludes, should be over how mobile apps handle personal information and company data.
post #2 of 30
How do these apps access user data if you don't let such apps access it? Even google maps requires user explicit permission to access the current location. I've no idea what this article is about.
post #3 of 30
Uh oh
post #4 of 30

I guess I disagree with the assignment of risk, there is really no information on what the consequences of these items are, and if this was done w/o user interaction.

post #5 of 30

Quite a misleading title & article. Throughout most the article I was led to believe as the first poster said, "How do they do it w/o explicit permission"? Well there's one sentence in there that clarifies what this very misleading article and title is about.

 

The "leak more personal data" simply refers to the fact that what IS allowed, is simply less encrypted than the android counterpart. I just explained the whole article in one sentence. Go me.

post #6 of 30
Bull shit. Has anyone tried FaceBook app? On Android, it requires a shitload of permissions, including Contacts and GPS/Location.

On iOS, you can *TURN THAT OFF*

On Android, you get a list, and you can either use it, or delete the FaceBook app.
post #7 of 30
Leak? How many of these are using data without permission? And how easy is it to understand and control those permissions on iOS vs Android? (in other words, just because a given app CAN collect this info... is it actually doing so? Or have people successfully opted out? That would be a more interesting bar graph.)

I want contact-based apps to have my contacts, and location-based apps to have my location. How would I use them otherwise?

That is not a "leak" except when it's without permission. Obeying the user's choice, if clearly presented, is fine.

And despite the false AI doom-and-gloom headline, this study did NOT look at "apps" in general... but at free apps specifically. Right away that's a misleading skew against Apple, because so many devs have trouble getting anyone to pay for software on Android.

So if you look at ALL apps, those bars would be different.
post #8 of 30

This is not new info.

 

For instance, the App Genome Project pointed it out years ago.

 

However, as some are pointing out, it doesn't necessarily mean anything bad is going on.  It's just that the opportunity is there.

post #9 of 30
This is just to make Google's creepy Andriod look less so. I don't have a problem with access as long as it is with my permission and needed to use the app. How many battles has Apple had with developers who wanted more and can't have it. Google Voice was rejected initially because it was downloading user data to their servers. That is what I would object to.
post #10 of 30

I have to assume that when they say "leak" they mean the app releases or utilizes personal information in manner not described or expected based on the apps stated purpose and functionality.

 

Saying "yes" to an app that accesses my contact list is one thing, but quite another if it then takes that list and then makes it available to the developer or other third party entities I did not give permission to.

 

The question to ask here is why does iOS appear to be the larger violator, even though Apple has much stricter submission guidelines for any app sold through iTunes?

post #11 of 30

Why don't they just tell us which apps they are that are sharing the unencrypted data?

 

That way it would be clear why there is a difference between the two platforms. 

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #12 of 30

WAIT... so your telling me most popular free apps... what you mean like Calendar, Contacts, etc... which goes to iCloud.  Wow, they are sharing info??? Or did you not use those, and iCloud, or did and not stating that. 

 

Send/Receive without encryption is 100%???  wait, what?  I for one, and see few others, would like to know specifically what "apps" you used.  Were they the exact same "apps" on both systems?  Did you actually click the NO or YES button when iOS asked you about sharing/location/etc???  But 100% of the apps are sending data unencrypted and it's your personal data you don't know or give permission to send out?  Really.  That makes sense to whom?

 

This is just another iOS "scare" about leaked info to drive people to android.  You know because Apple software is SOOOO unsecure and prone to viruses, trojans, etc that actually steal your personal info (oh, wait that's android).

You don't want to make me curmudgeon, you would not like me when I am curmudgeon.  I go all caps, bold, with a 72PT font and green lettering.  

Reply

You don't want to make me curmudgeon, you would not like me when I am curmudgeon.  I go all caps, bold, with a 72PT font and green lettering.  

Reply
post #13 of 30
Quote:
Originally Posted by HawkBlade View Post

Send/Receive without encryption is 100%???  wait, what?

 

Yeah, Facebook, Twitter, Path, LinkedIn are all free and they send data with encryption.

post #14 of 30
You mean to tell me my information is not Private??? That's a joke - once a person had posted their name somewhere on the internet; Facebook, property taxes, recipe website, website, blog, twitter, Zillow, or even AppleInsider - is it really all that bad that your info is not secure on any phone?
I'm not worried about it and if someone is so bored with nothing better to do than to watch where I go all day and who I talk to; then have a blast!! Go for it!
post #15 of 30
Quote:
Originally Posted by KDarling View Post
 
It's just that the opportunity is there.

Really? What is the 'opportunity'? 

 

Why do your posts somehow seem like they're apologia for the moron brigade? 

post #16 of 30
Quote:
Originally Posted by HawkBlade View Post

Send/Receive without encryption is 100%???  wait, what?  I for one, and see few others, would like to know specifically what "apps" you used.  Were they the exact same "apps" on both systems?  Did you actually click the NO or YES button when iOS asked you about sharing/location/etc???  But 100% of the apps are sending data unencrypted and it's your personal data you don't know or give permission to send out?  Really.  That makes sense to whom?

 

Man, I couldn't agree more!  No mention what app, what was shared, the testing criteria, etc. 

 

I'm quite comfortable with the privacy settings in iOS.  I have a couple free apps (like Flashlight) that tries to use my GPS information, but my phone very obviously prompted for permission (which I denied).  And other apps have requested access to contacts (like Skype).  It's all trivially managed, which makes me wonder what they heck they were doing.

post #17 of 30
I thought that all google apps: "The information that Google shared, which included customers' full names, email and some postal code information, was not the result of a glitch with its software." provides this to all developers.
post #18 of 30
post #19 of 30
Quote:
Originally Posted by anantksundaram View Post

Really? What is the 'opportunity'? 

 

"Appthority found that it was iOS apps that are allowed to engage in more risky behaviors."

 

" iOS apps get more access to user data,"

 

It doesn't mean they actually do those things.

 

Why do your posts somehow seem like they're apologia for the moron brigade? 

 

Even when someone tries to defend iOS. it goes right over your head.

 

Reading comprehension is a lost art with some people.

post #20 of 30
hmm
Edited by eksodos - 8/28/13 at 5:17pm
post #21 of 30
Quote:
Originally Posted by eksodos View Post

Android does do a pretty good job telling you exactly what data an app is requesting from you before you install them from the Play Store. iOS doesn't tell you a thing really. You just have to hope nothing bad is going on in the background.

I refuse to install apps on my phone that requests access to stuff they just can't justify needing. i.e. why should a flashlight app need access to my phone number, my gps location, etc.? Android tells me the author is going to take this data so I can move onto looking for an alternative application before I ever install it.

Of course most people don't give a crap about this stuff and install these apps on their phone anyway. It's frightening how many apps that are gathering all this data get 5 star reviews on the play store.

It's shocking how much information is being given away willingly by people who obviously don't care about their privacy. Google and the ad networks make billions from this information yet people give it up for free.

 

Encryption is a red herring. Did you make a secure https connection to AppleInsider? Of course not. Most of what everyone does on the web every day is not encrypted so why should data going to/from a free app be?

 

Like most others I wonder how they came up with these results when most Android apps can't even be installed unless you grant permission to do pretty much anything. Don't like the data it's asking for? You can't install the app.

 

On Android any app can monitor the phone and see who you call and who calls you. I brought up the issue with some experienced Android devs I know and they confirmed that there's no way to prevent an app from accessing that data if it wants to.

 

On the release of purchase data:

To Google you're buying a product from a developer who is therefore entitled to know who you are. A fair viewpoint.

To Apple you're buying a product from them so your real name, address, credit card, etc. is not sent to app developers. Also a fair viewpoint.

 

At the end of the day even if Android apps were prevented from leaking any data, absolutely everything you do on an Android device is still being tracked by Google, a company that makes its money selling information. Apple, on the other hand, makes its money selling hardware. I know which company I'd rather have tracking my every move.

post #22 of 30
Quote:
Originally Posted by Bregalad View Post

At the end of the day even if Android apps were prevented from leaking any data, absolutely everything you do on an Android device is still being tracked by Google, a company that makes its money selling information. Apple, on the other hand, makes its money selling hardware. I know which company I'd rather have tracking my every move.

 

Good post up until this last paragraph, with "everything you do on an Android device is still being tracked by Google".

 

Android itself has no tracking built into it.

 

Google tags interests for advertising when you're using their apps, whether they're running on Android or iOS or a Mac or a PC.  And as constantly pointed out, they do not sell information.  They sell ad placements based on the info.

 

Likewise, Apple tags interests for advertising when we use iTunes or the App Store, and likewise sells ad placements.

post #23 of 30
Quote:
Originally Posted by KDarling View Post

Quote:
Originally Posted by anantksundaram View Post

Really? What is the 'opportunity'? 

 

"Appthority found that it was iOS apps that are allowed to engage in more risky behaviors."

 

" iOS apps get more access to user data,"

 

.....Reading comprehension is a lost art with some people.

Yeah, talk about a lost art. Let me break it down for you.

 

"What is the 'opportunity'" ⇒ 'Opportunity to do what'? 

 

So, let me ask again, opportunity to do what? On whose part? Apple's? Or on the part of the user who makes the choice? If the former, are you implying Apple is being devious/evil here? If the latter, wouldn't it be moronic on their part to not take into account the fact that the information they (willingly) agree to provide could be used for other purposes?

post #24 of 30
Quote:
Originally Posted by anantksundaram View Post

So, let me ask again, opportunity to do what? On whose part? Apple's? Or on the part of the user who makes the choice? If the former, are you implying Apple is being devious/evil here? If the latter, wouldn't it be moronic on their part to not take into account the fact that the information they (willingly) agree to provide could be used for other purposes?

 

Okay, for example:

 

One of the things that the report talked about (I assume you read the report, right?) is the number of apps which accessed the user's calendar.

 

That was reported as risky behavior (aka an opportunity to misuse the info), even if  the app didn't actually do anything bad with it.

 

That's why I pointed out that:

 

"... it doesn't necessarily mean anything bad is going on.  It's just that the opportunity is there."

post #25 of 30
Quote:
Originally Posted by KDarling View Post

"Appthority found that it was iOS apps that are allowed to engage in more risky behaviors."


"
 iOS apps get more access to user data,"


It doesn't mean they actually do those things.



Even when someone tries to defend iOS. it goes right over your head.


Reading comprehension is a lost art with some people.
Really? Insulting people again, you are good at that. What educational qualifications do you have? What makes you better than all others. You are pathetic and come across as a smarmy know it all.
I think my educational qualifications exceed yours.
post #26 of 30
Bullshit
Quote:
Originally Posted by KDarling View Post

Good post up until this last paragraph, with "
everything you do on an Android device is still being tracked by Google".


Android itself has no tracking built into it.
 
Google tags interests for advertising when you're using their apps, whether they're running on Android or iOS or a Mac or a PC.  And as constantly pointed out, they do not sell information.  They sell ad placements based on the info.


Likewise, Apple tags interests for advertising when we use iTunes or the App Store, and likewise sells ad placements.
Bullshit
Gmail scans your personal emails is this not a form of tracking?
Man U are full of shit today
Didn't you get a duck last night?
post #27 of 30
Quote:
Originally Posted by hfts View Post

Quote:
Originally Posted by KDarling View Post

"Appthority found that it was iOS apps that are allowed to engage in more risky behaviors."


"
 iOS apps get more access to user data,"


It doesn't mean they actually do those things.



Even when someone tries to defend iOS. it goes right over your head.


Reading comprehension is a lost art with some people.
Really? Insulting people again, you are good at that. What educational qualifications do you have? What makes you better than all others. You are pathetic and come across as a smarmy know it all.
I think my educational qualifications exceed yours.


An educated idiot is still an idiot. Is an idiot with a certificate (for something) a certified idiot ?

post #28 of 30

Not brilliant, but surely it should mainly be the apps that are named and shamed, not Apple/Google?

 

 

Would be good if Apple instituted a new rule for apps that they need to encrypt any of personal data that already requires permission to access.

censored

Reply

censored

Reply
post #29 of 30
Originally Posted by Crowley View Post
Would be good if Apple instituted a new rule for apps that they need to encrypt any of personal data that already requires permission to access.

 

As long as Apple had an API built up for developers to do that before they made it a requirement, I don't see a problem.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #30 of 30
This is all very interesting but where is the detail? Looking at the actual report they mention that the majority is from Entertainment Apps, here the blur starts between what you are going to allow in work time and breaks etc.. The more that BYOD becomes a reality in the workplace, the greater the need for scrutiny on what you allow these devices to access in the workplace. Any company that goes down the BYOD route has to be prepared to give up control over access to secure data unless you have appropriate sandboxing in place on your workplace apps. No matter which platform you use, if you are running a business, policies need to be in place for what you allow to exist on on a BYOD device that may store confidential data. From a outside of work point of view, lots of people now do online banking using their phones / apps. I would love to know which apps are putting my data at risk, lets be given the facts please!
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › iOS apps leak more personal data than do Android apps - report