In association with heise online

04 October 2010, 11:45

Study: Many free iPhone apps pass device ID to the app vendor

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

iPhone It's not just Android apps that transmit users' personal data to vendors – iPhone app developers also appear to gather user data. According to a study by blogger Eric Smith, a number of free iOS apps send private user data back to their application developers.

Smith examined a total of 57 free news, shopping, business and finance applications, including the top 25 free apps from the US iTunes App Store. He found that 68% of the applications tested transmitted the software-readable unique device identifier (UDID) each time the application was launched. The data was transmitted to servers controlled by the relevant application vendor. A further 18% of apps transmitted encrypted data, meaning that there is no easy way of knowing what data they are forwarding to the vendor. According to Smith's analysis, just 14% of applications are "clean".

Smith notes that, where the user name for a user account is also known, the UDID allows many applications to draw conclusions about the identity of the iPhone user. As an example, he cites the Amazon app, which stores the phone's serial number on mail order company Amazon's servers. The full text of the study, entitled "iPhone Applications & Privacy Issues: An Analysis of Application Transmission of iPhone Unique Device Identifiers (UDIDs)PDF", is available online. The list of apps tested can be found in Appendix A on page 16.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit