How secure is your personal info when using iPhone APP’s?- Not very says Bushnell University IS director in new report

Posted on October 6, 2010


The majority of the most popular applications available for iPhones use the devices’ serial numbers to track users, a professor at Bucknell University says in a new research paper.

For the report, assistant director of information security and networking Eric Smith examined 57 of the most popular iPhone apps and found that 68% of them transmitted the devices’ unique serial numbers to remote servers owned by either the developer or an advertiser. Furthermore, many applications — including Amazon, Facebook and Twitter — also collected users’ log-in data.

Smith states “The usage data that many companies collect such as their users’ IP addresses, browser types, referring domains, pages visited, search terms, length of visits, and so on is extremely valuable to advertisers and corporate marketing departments.  While users might not be concerned that Twitter, for example, stores this information, they may be less comfortable knowing that they have given Twitter permission to share this information with anyone whom Twitter considers to be a “trusted third party.”

Smith says in his paper that users have little control over the use of their devices’ serial numbers for tracking purposes. “There is no ability to block the visibility of the iPhone’s UDID (Unique Device ID) to any installed applications, nor is there a mechanism to prevent the transmission of the UDID to third parties in the current version of Apple’s IOS, the operating system,” he says in the paper, “iPhone Applications & Privacy Issues.”

He adds that while computer users can opt out of online tracking through their machines’ browsers, mobile users don’t have that ability. “Safari’s mobile version, the only web browser available, does not include any privacy features: no ‘Private Browsing’ functionality, no ability to block or clear application cookies, and no access to the local browser cache.”

Smith criticizes the developers’ practices in his report, saying that users “should be alarmed” by the possibility that their information might be shared by vendors with others. “Is there any reason why the developer of a video game should know your home address?” he asks.

Posted in: iPhone