Technology Review
Many apps collect and share sensitive data, and the developers may not even realize it.
A study of iPhone and Android apps has revealed that many of these programs secretly collect and transmit users' personal information.
The App Genome Project, launched by the mobile security company Lookout, analyzed every app available through Apple's App Store and Google's Android Market. Developers must disclose an app's functionality when they submit an app to either store. Apple performs its own review before making an app downloadable.
Lookout researchers scanned more than 300,000 mobile applications and performed a deeper analysis of about a third of them. The project revealed that many developers do not disclose an app's data-harvesting behavior in their descriptions. But this may not be deliberate--developers often include third-party software components in their apps without vetting that component's behavior, the researchers say.
A significant number of the applications studied were found to do something that the developer hadn't disclosed. For example, a third of all free iPhone apps attempted to access the user's geographic location. For the Android platform, about 29 percent of free apps tried to access location data. At least 8 percent of all free Android apps and 14 percent of all free iPhone apps tried to access a user's list of contacts as well. Both the iPhone OS and Android issue warnings to users when an application wants to access sensitive information. But the warning doesn't tell the phone's owner what data the app wants to collect, or where it might send it.
The researchers found that one Android app that lets users change the background on their phone also sends the device's phone number and other user-specific information to a server in China.
"Mobile apps are doing a lot of things that people would not expect," says Lookout CEO John Hering. He adds that third-party software components often collect information without warning developers. "End users and developers have very little idea what is happening in the applications they are using and writing."
A contest could help make Boston's pothole-spotting smart-phone app more accurate.
A chip maker is offering a software platform that seeks to integrate apps and devices.
Allowing a phone to flip between two modes could help keep company data safe.
The favorite "excuse" in the food industry is to sneak in chemicals in a list of seemingly pristine ingredients, i.e. "Fructose blend (includes fructose and other natural sweeteners)." When it turns out the "other natural sweeteners" are chemicals that have caused cancer in lab rats, the food company claims they were told the sweetener was natural, thus, they assumed it was safe. When in fact they knew EXACTLY the product would not sell if they listed the chemical (in fact, it might be pulled off the shelf by regulators).
That is the perfect analogy here. Developers of apps that wish to sell iPhone contacts lists for a bundle on the black market, hire third parties in China or other countries to create software they use in their app. It would take a private investigator or concerted FBI effort to discover these third parties are consultants hired to do the dirty work.
I know for a fact that apps on my unlisted iPhone are stealing information, because I'm getting calls from telemarketers (even though I'm on the donotcall.gov registry). Everyday I go the the donotcall.gov site and report half a dozen telemariketers. Supposedly they're supposed to be fined and should be driven out of business, but they keep polluting my iPhone like cockroaches. They just don't get that I will willfully refuse to purchase products hocked by telemarketers in this way, out of principle, even at the cost of refusing to buy products I might otherwise have purchased. Why reward criminal activity when you can buy from a legit competitor of the crooks, is my reasoning.
> (even though I'm on the donotcall.gov registry)
I've always thought that registry would make a nice list of targets for telemarketers. A phone call is so cheap relative to the profit from one sale, and I doubt that many telemarketers are successfully fined for illegal calls.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
Goldwind Science and Technology
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
Viv
61 Comments
Walled garden?
Reading this it does look like the next playground for phishers, but it seems Apple was on the right track to limit third party programming tools and limit developers to only use approved tools and languages, will Google now start to follow suit as this story develops? was this the real reason for the Adobe hate too?
Reply