Report that 'many of the iPhone applications are sending user information to third parties'


Youssef Sarhan

Apple has often emphasized its focus on privacy, saying that ' what happened on the iPhone stays on the iPhone ' does not mean that information is collected from user terminals and violates privacy. . However, when The Washington Post conducted its own research, there are several iOS apps that have tracking functions that transmit user information in secret, and these transmit personal information to the outside at night. It is said that

Apple promises privacy, but iPhone apps share your data with trackers, ad companies and research firms-The Washington Post

The technical columnist Joffrey A. Fowler of The Washington Post conducted a survey and found that it was confirmed that personal information was sent from an iPhone to an external marketing company or research company. When Fowler conducted a survey using his own iPhone, Amplitude's company called his phone number, email address, and location information, and another company called Appboy used his terminal name, advertisement identifier, memory size, etc. The data, and also the tracker Demdex, has been shown to secretly obtain information to identify his device from the iPhone.

Astonishingly, the information was sent from the iPhone in just one night, and Demdex seemed to share the device identification information with another tracker. In addition to this, the world-famous ' Payment ' app as a local business review site has been receiving messages every 5 minutes, including Fowler's IP address. In other words, the Yelp app received tracking information from marketing companies and tracking companies that handle “information that can track users” such as Amplitude, Appboy and Demdex.

According to Fowler, in the iPhone app, the data was secretly sent to an external third party and 'user trackable' was ' Microsoft OneDrive ' ' Mint ' ' Nike ' ' Spotify ', The Washington Apps such as 'Weather Channel' developed by Post and IBM. However, it seems that these apps provided information to third parties within the scope of their own privacy policy. However, it seems that ' Citizen ' of the crime warning app was 'sharing personally identifiable information' that violates the privacy policy.


Przemyslaw Marczynski

Fowler worked with privacy company Disconnect to investigate data tracking for iPhone apps, and he says there are more than 5400 apps sending information to the user that can only track users. is. And, according to Disconnect's estimate, the user information that these apps transmit secretly will be 1.5GB per terminal and a month.

Patrick Jackson, who is CTO of Disconnect and a former researcher at the National Security Agency (NSA), says, '(your app is sending you data. Why are those data on your smartphone? 'I have to leave the'? ', I fear that the user information will be sent secretly.

Mr. Jackson has developed an app called 'Privacy Pro' that identifies and blocks the information sent from these apps, so it is also a feared entity in the data broker world. 'If you have a little technical knowledge and are concerned that the iPhone is sending data in secret, Fowler notes that we recommend you try the free iOS version of Privacy Pro.' You

Privacy Pro SmartVPN on the App Store

There are many apps that have such tracking functionality on iOS as well as Android. However, in the case of Google Play, which is an app store for Android, apps that block tracking information such as Disconnect's Privacy Pro are not permitted to deliver in the first place. This is because the act of blocking tracking information violates Google's 'interfering with another app that displays advertisements'.

Mr. Jackson points out that the problem is that the 'user-trackable information' used for marketing and targeting ads does not know where it is flowing from. In addition, the tracking function for transmitting user information slows down the operation of the original application, wasting the battery of the terminal, and pointing out that it causes the display of a creepy targeting advertisement. It should be noted that the reason why many tracking functions are activated at midnight is that 'App background update' is turned on by default on iOS.

Mr. Fowler is querying the distribution source of the app that has user tracking function, and it is said that '(tracking function) is an unintended problem' from Yelp. In addition, Yelp said that only 1% of users are affected by the tracking functionality of Yelp found by Fowler et al. However, Fowler notes, 'Even when the Yelp app did not use the app, it stored a dataset that could map where people went to travel.'

Besides, it is confirmed that the food delivery service 'DoorDash' app has been sending user data to nine third party tracking vendors when launching the app. In the case of DoorDash, Sift Science tracks the user's terminal name, ad identifier, memory size, operation data of the accelerometer, etc. to another three tracking companies, including the user's address, name, and email address. To send information including DoorDash is also streaming user information to Facebook, Google Ad Services, etc.

According to Fowler, Microsoft, Nike and Weather Channel commented that they put tracking into their apps to improve their performance. Mint uses Adobe's marketing tracking feature to comment on advertising for app users. Spotify only said that they are operating data in accordance with the privacy policy.

The above-mentioned crime warning app · Citizen 'does not share the user's name or other personal information' in the privacy policy , but in the test of Fowler et al. Phone number · email address · accurate many times The data, including GPS coordinates, was being sent to the tracker's Amplitude. Also, when Fowler contacted Citizen, the app update was immediately distributed and the tracking function was removed.

by dhe haivan

'The problem is that the more people we send personal information to, the harder it is to blame a malicious company (a company that misuses personal information),' Fowler noted. .

Also, Fowler wrote, 'I was disappointed that all these actions I found were happening on the iPhone. Was Apple not supposed to be good in terms of privacy?' It is pointed out that the result has not been obtained while appealing the approach on the privacy side. Of course, Apple boasts a high degree of privacy in some elements, such as data encryption, and in recent years, in the case where the app accesses cameras, microphones, location information, health information, photos, contacts, etc. It can be seen that we are focusing on 'the privacy aspect of the app', such as enforcing the app side to notify. But Fowler criticizes that 'Apple is blind about what the app is doing or generating using the data we provide.'

'Apple has asked app developers to clearly state in their privacy policy how to use their own data and services that they create in their own App Store guidelines. And apps comply with the guidelines. If it becomes clear that the app has not been revealed, the app will be forced to change or be removed from the App Store, 'said Fowler,' We found it in the app. The tracking feature does not reveal how they protect user data, etc. ' App developers are responsible for clearly explaining that this information has fallen out of the privacy policy.

in Mobile,   Software,   Security, Posted by logu_ii