NET RESULTS:Depending on what app you download, your smartphone might send off your Facebook ID, e-mail or phone number
HOW MUCH does your mobile phone know about you? It would seem quite a bit if, like so many of us these days, you are using a smart phone (472 million of them are going to be shipped this year, according to analyst IDC).
And the disloyal little devices are often more than happy to send that information off on the sly to all sorts of places you might not suspect – especially if you indulge in the addictive habit of downloading apps, and more particularly, free apps.
A new report by Dublin-based mobile security company AdaptiveMobile, which takes a look at 40 different free apps – 20 each for android and iPhone – takes a close look at what exactly is going on, and it’s a real eye-opener.
To start with, the report notes that “significant volumes of data are collected by these applications and games”, which include some of the most popular on the market: Angry Birds, Fruit Ninja Free, Twitter, Facebook, the eBay Android app, Mouse Maze, Zombie Life – even Tiny Flashlight and MP3 Music Download Pro.
That data includes information that can individually identify your handset, your country, your location city, your GPS co-ordinates, even in one case (the game Paper Toss), your location to within 200 metres. Depending on what app you download, your handset might also send off your Facebook ID, your e-mail or phone number.
And where does all this data go? Over 146 different domains – meaning advertisers and analytics firms – were supplied with such information from just those 40 apps, with one app alone contacting eight different advertising domains.
Although, as the saying goes, “if you’re not paying for the product, you are the product”, the report notes that users are unlikely to be aware that their information is going to such places as such recipients are rarely identified within the terms and conditions.
“More specific data collection raised cause for concern upon analysis,” the report notes. “Few of the apps that we found collecting location data had a legitimate reason to do so, even less so those that tracked that data to a specific city or co-ordinate.” Again, they note that this is almost certainly for targeted advertising, but users generally are not told.
Half of the 40 apps also gathered the unique user ID (UDID) for the owner's handset "and with it the potential that they could be identified on an individual basis". After the Wall Street Journalbroke a story last year that more than half of the 101 most popular iPhone applications were sending UDID information to third parties without the app user's knowledge, the practice came under public criticism but, as this report notes, developers still seem to be building in this controversial ability.
Gaming apps also had some specific causes for concern: “The social factor means that users are frequently asked to share their Facebook IDs with these social gaming networks, yet some of the networks are not adequately protecting these Facebook IDs. In fact one network sent back a leaderboard that included unencrypted Facebook IDs.”
The report also surveyed 1,000 smartphone users across all ages in Britain and Northern Ireland, giving an interesting context for these findings. About 9 in 10 said they would be either “very” or “quite” concerned about personal information being collected from their phone, and 69 per cent said that it was completely unacceptable for apps to take information from users without permission.
Yet when asked to rank the factors that were important to them in making a decision about whether to download an app, “price” was most important. And according to the survey, free apps made up 84 per cent of the apps of iPhone users, and 89 per cent of Android users’ apps.
That’s a lot of free apps. As the report says: “Free apps are on the march. Between January and December 2010, the percentage of free apps available in the marketplace grew by 174 per cent on the iPhone, 274 per cent on Blackberry and 587 per cent on Android.”
Yet some 55 per cent of those surveyed said they didn’t know that there might be privacy risks in downloading free apps. Still, asked whether they would choose a free app that might collect personal information over a paid for app that definitely didn’t, a quarter of the sample said they would take a risk on the free app.
But that leaves three-quarters of smartphone users who might find a literal selling point in the prospect of an explicit promise from apps developers not to gather and use personal data.
The study raises serious concerns about the unwitting trade-off smartphone users are making, given that so few seem to be aware that apps collect and distribute personal data in this way. And, as the report wryly notes, offering users 27-page terms and conditions documents is not the answer, either.
Full survey results at www.irishtimes.com/indepth