According to a study performed by security firm Bitdefender, 19% of apps surveyed access users’ iPhone and iPad’s address book without their knowledge or approval. Bitdefender looked at over 65,000 apps and found that there are tens of thousands of apps that are designed specifically to take all the data from a users’ address book and upload the data. Over 40% of the apps that access the user data don’t encrypt the data and send the data over Wifi and over cellular networks in plain text, which is really not good at all and makes it easier for the information to be intercepted.
“It is worrying stored data encryption on iOS apps is low and location tracking is so prevalent,” said Catalin Cosoi, Bitdefender’s chief security researcher. “Without notification of what an app accesses, it is difficult to control what information users give up”. Not only is the address book being raided and uploaded but 41% of apps tested use the location detection in iOS to track the users every move. “We see a worrying landscape of poor user data encryption, prevalent location tracking and silent, unjustified, Address Book access”.
“While most app developers use this information for legitimate purposes, others might not,” said Cosoi. Bitdefender had an application that was recently pulled from the App Store called ‘Clueful’ which is an app privacy tool. There is no explanation as to why Clueful was pulled from the App Store yet. “Clueful was the best way for iPhone owners to know what data apps are actually accessing. While Clueful remains off the App Store, we are working toward building data privacy awareness and will continue to develop products that help consumers remain secure regardless of platform”.