Computerworld - Smartphone apps can do more than provide you with entertainment, information or useful services -- they can also invade your privacy.
In addition, apps can gather the phone number and the unique ID number of each type of phone: the Unique Device Identifier (UDID) on the iPhone, the International Mobile Equipment Identity (IMEI) number on the BlackBerry, and (depending on the make) the IMEI or the Mobile Equipment Identifier (MEID) on an Android phone. Personal information that apps gather about you can be matched to these IDs. That means that ad networks can easily combine various pieces of information collected by multiple apps, build a sophisticated profile about you -- and then legally sell that data to other marketing companies.
It's not as if you weren't warned. Before you download an app, you often get to see the kinds of information that the app will collect about you. On Android, for example, when you tap Install to download and install an app, a screen displays the "permissions" you grant it when you install it. In order to download and install the app, you must tap OK underneath the "Accept permissions" button. BlackBerry phones also cite permissions and Apple monitors all App Store apps for safety.
Smartphone app privacy
In this article, we'll detail the kind of privacy threats you face when using mobile apps, offer advice on ways you can protect yourself, and take a look at possible legislation that may -- or may not -- help.
What information do apps gather?
Researchers warn that a surprisingly high percentage of smartphone apps may threaten your privacy. In October 2010, joint research by Intel Labs, Penn State and Duke University found that 15 out of 30 Android apps analyzed sent geographic information to remote ad servers without users' knowledge. Seven of them also sent the unique phone identifier; in some cases, the actual phone number and serial number were sent to app vendors. This can enable app vendors and/or advertisers to create comprehensive profiles about your likes and dislikes, the places you visit when you carry your phone, your Web surfing habits and more. They can then use those profiles however they want or sell them to others.
Meanwhile, in June 2010, security vendor SMobile Systems found that 20% of Android apps allowed third parties (that is, companies other than the app vendors themselves) to get access to private or sensitive information. In addition, the report warned, 5% of the apps could make phone calls by themselves without user intervention and 2% could send an SMS text message to a premium, for-pay number -- again without the user making the call.
Apple's iOS is not immune to such threats. In January, a class-action suit filed in San Jose charged Apple, the music-streaming service Pandora and others with "transmitting [users'] personal, identifying information to advertising networks without obtaining their consent." The suit also charged that "some apps are also selling additional information to ad networks, including users' location, age, gender, income, ethnicity, sexual orientation and political views." The case is still winding its way through the courts. More
