iOS apps leak more personal data than do Android apps - report
The most popular free apps on Apple's iOS platform are sharing significantly more user data than the most popular apps on Google's Android platform, according to a study recently released by Appthority.
Appthority's App Report for February 2013 looked at the top performing free mobile apps across both iOS and Android, as free mobile apps are more likely to rely ad networks and analytics companies as a means of generating revenue. Despite Android's reputation as a less secure platform, Appthority found that it was iOS apps that are allowed to engage in more risky behaviors.
The study found that all 50 of the top free iOS apps ? and 92 percent of the top 50 free Android apps ? send and receive data without encryption. iOS apps get more access to user data, with 60 percent of the top apps tracking user location, 54 percent having access to a user's contact list, 60 percent sharing data with ad or analytics networks, and 14 percent accessing users' calendars.
Fifty percent of Android apps shared data with ad networks, while 42 percent tracked user locations. Only 20 percent of Android apps, though, had access to users' contact lists, and none were found to access the calendar.
Entertainment apps were found to be the loosest with user data, with games and business apps close behind. Educational and finance apps were found to display the fewest risky behaviors.
A number of questionable policies and security concerns have painted Google's Android platform as inherently less secure than Apple's iOS. Android does appear to be more vulnerable to malware than iOS, but mobile malware affects only one percent of apps. The larger concern, the study concludes, should be over how mobile apps handle personal information and company data.
Appthority's App Report for February 2013 looked at the top performing free mobile apps across both iOS and Android, as free mobile apps are more likely to rely ad networks and analytics companies as a means of generating revenue. Despite Android's reputation as a less secure platform, Appthority found that it was iOS apps that are allowed to engage in more risky behaviors.
The study found that all 50 of the top free iOS apps ? and 92 percent of the top 50 free Android apps ? send and receive data without encryption. iOS apps get more access to user data, with 60 percent of the top apps tracking user location, 54 percent having access to a user's contact list, 60 percent sharing data with ad or analytics networks, and 14 percent accessing users' calendars.
Fifty percent of Android apps shared data with ad networks, while 42 percent tracked user locations. Only 20 percent of Android apps, though, had access to users' contact lists, and none were found to access the calendar.
Entertainment apps were found to be the loosest with user data, with games and business apps close behind. Educational and finance apps were found to display the fewest risky behaviors.
A number of questionable policies and security concerns have painted Google's Android platform as inherently less secure than Apple's iOS. Android does appear to be more vulnerable to malware than iOS, but mobile malware affects only one percent of apps. The larger concern, the study concludes, should be over how mobile apps handle personal information and company data.
Comments
I guess I disagree with the assignment of risk, there is really no information on what the consequences of these items are, and if this was done w/o user interaction.
Quite a misleading title & article. Throughout most the article I was led to believe as the first poster said, "How do they do it w/o explicit permission"? Well there's one sentence in there that clarifies what this very misleading article and title is about.
The "leak more personal data" simply refers to the fact that what IS allowed, is simply less encrypted than the android counterpart. I just explained the whole article in one sentence. Go me.
On iOS, you can *TURN THAT OFF*
On Android, you get a list, and you can either use it, or delete the FaceBook app.
I want contact-based apps to have my contacts, and location-based apps to have my location. How would I use them otherwise?
That is not a "leak" except when it's without permission. Obeying the user's choice, if clearly presented, is fine.
And despite the false AI doom-and-gloom headline, this study did NOT look at "apps" in general... but at free apps specifically. Right away that's a misleading skew against Apple, because so many devs have trouble getting anyone to pay for software on Android.
So if you look at ALL apps, those bars would be different.
This is not new info.
For instance, the App Genome Project pointed it out years ago.
However, as some are pointing out, it doesn't necessarily mean anything bad is going on. It's just that the opportunity is there.
I have to assume that when they say "leak" they mean the app releases or utilizes personal information in manner not described or expected based on the apps stated purpose and functionality.
Saying "yes" to an app that accesses my contact list is one thing, but quite another if it then takes that list and then makes it available to the developer or other third party entities I did not give permission to.
The question to ask here is why does iOS appear to be the larger violator, even though Apple has much stricter submission guidelines for any app sold through iTunes?
Why don't they just tell us which apps they are that are sharing the unencrypted data?
That way it would be clear why there is a difference between the two platforms.
WAIT... so your telling me most popular free apps... what you mean like Calendar, Contacts, etc... which goes to iCloud. Wow, they are sharing info??? Or did you not use those, and iCloud, or did and not stating that.
Send/Receive without encryption is 100%??? wait, what? I for one, and see few others, would like to know specifically what "apps" you used. Were they the exact same "apps" on both systems? Did you actually click the NO or YES button when iOS asked you about sharing/location/etc??? But 100% of the apps are sending data unencrypted and it's your personal data you don't know or give permission to send out? Really. That makes sense to whom?
This is just another iOS "scare" about leaked info to drive people to android. You know because Apple software is SOOOO unsecure and prone to viruses, trojans, etc that actually steal your personal info (oh, wait that's android).
do you work for them? because, like this article, your comment makes no sense without clarification.
Quote:
Originally Posted by HawkBlade
Send/Receive without encryption is 100%??? wait, what?
Yeah, Facebook, Twitter, Path, LinkedIn are all free and they send data with encryption.
I'm not worried about it and if someone is so bored with nothing better to do than to watch where I go all day and who I talk to; then have a blast!! Go for it!
Quote:
Originally Posted by forangels
Apple Insider sucks...
7 posts since 2011? Why bother coming, then?
Bye....thanks for playing.
Quote:
Originally Posted by KDarling
It's just that the opportunity is there.
Really? What is the 'opportunity'?
Why do your posts somehow seem like they're apologia for the moron brigade?
Quote:
Originally Posted by HawkBlade
Send/Receive without encryption is 100%??? wait, what? I for one, and see few others, would like to know specifically what "apps" you used. Were they the exact same "apps" on both systems? Did you actually click the NO or YES button when iOS asked you about sharing/location/etc??? But 100% of the apps are sending data unencrypted and it's your personal data you don't know or give permission to send out? Really. That makes sense to whom?
Man, I couldn't agree more! No mention what app, what was shared, the testing criteria, etc.
I'm quite comfortable with the privacy settings in iOS. I have a couple free apps (like Flashlight) that tries to use my GPS information, but my phone very obviously prompted for permission (which I denied). And other apps have requested access to contacts (like Skype). It's all trivially managed, which makes me wonder what they heck they were doing.
This happened before or after this - http://forums.appleinsider.com/t/156021/google-asks-journalists-to-tone-down-story-of-massive-google-play-security-flaw