Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

A study of iPhone and Android apps has revealed that many of these programs secretly collect and transmit users’ personal information.

The App Genome Project, launched by the mobile security company Lookout, analyzed every app available through Apple’s App Store and Google’s Android Market. Developers must disclose an app’s functionality when they submit an app to either store. Apple performs its own review before making an app downloadable.

Lookout researchers scanned more than 300,000 mobile applications and performed a deeper analysis of about a third of them. The project revealed that many developers do not disclose an app’s data-harvesting behavior in their descriptions. But this may not be deliberate–developers often include third-party software components in their apps without vetting that component’s behavior, the researchers say.

A significant number of the applications studied were found to do something that the developer hadn’t disclosed. For example, a third of all free iPhone apps attempted to access the user’s geographic location. For the Android platform, about 29 percent of free apps tried to access location data. At least 8 percent of all free Android apps and 14 percent of all free iPhone apps tried to access a user’s list of contacts as well. Both the iPhone OS and Android issue warnings to users when an application wants to access sensitive information. But the warning doesn’t tell the phone’s owner what data the app wants to collect, or where it might send it.

The researchers found that one Android app that lets users change the background on their phone also sends the device’s phone number and other user-specific information to a server in China.

“Mobile apps are doing a lot of things that people would not expect,” says Lookout CEO John Hering. He adds that third-party software components often collect information without warning developers. “End users and developers have very little idea what is happening in the applications they are using and writing.”

3 comments. Share your thoughts »

Credit: Technology Review

Tagged: Computing, security, software, iPhone, privacy, Android, mobile phones, hackers, app store

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me