Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

More than half of all iPhone apps collect and share a unique code that could be used to track users without their knowledge, according to a recent study.

Manuel Egele, a doctoral student at the Technical University of Vienna, and three other researchers examined how more than 1,400 iPhone apps handle user data. Only a small number blatantly compromised privacy: 36 accessed the device’s location without first informing the user; another five mined data from the user’s address book without permission. The research will be presented at the Network and Distributed System Security Symposium in early February.

However, more than half of the iPhone applications studied collected the device ID—a 40-digit hexadecimal number identifying a particular phone. More than 750 of the apps studied used some sort of tracking technology. In about 200 cases, the developer created a way to track a device’s identifier code; the other apps used this functionality from advertising or tracking software library. Egele’s research will be presented at the Network and Distributed System Security Symposium in early February.

“There is a potential for companies who are not too legit to build profiles of their users,” Egele says. “The identifier [code] is not tied to a username, but you could link it to a Facebook account, and that would give you a lot of information on the user, including—most of the time—their real name.”

Apple, which recently celebrated its 10 billionth App Store download, vets applications and requires developers to request authorization in order to access users’ data. However, little is known about how the company checks each app.

“You don’t know exactly what these apps do—they don’t come from big developers, they come from regular people,” says Charlie Miller, an iPhone security expert and principal analyst with Independent Security Evaluators. The iPhone automatically limits what programs can do using a so-called “sandbox,” but these restrictions are not very strict, meaning it isn’t difficult to collect personal data, Miller says. “They do run in a sandbox, but it’s a pretty lenient sandbox.”

The four researchers analyzed 825 apps available for free on Apple’s App Store and another 582 apps on the Cydia repository, a service that makes software available to users who have removed Apple’s security measures from their iPhones, a process known as “jailbreaking.”

2 comments. Share your thoughts »

Credit: Technology Review

Tagged: Computing, Apple, security, iPhone, privacy, apps, surveillance

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me