WSJ Investigation on iPhone and Android App Privacy

The WSJ:

An examination of 101 popular smartphone “apps” — games and other software applications for iPhone and Android phones — showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders.

This includes at least one iOS app, “Pumpkin Maker”, that shared location data without the prompt asking the user for permission to use their location.

Among all apps tested, the most widely shared detail was the unique ID number assigned to every phone. It is effectively a “supercookie,” says Vishal Gurbuxani, co-founder of Mobclix Inc., an exchange for mobile advertisers.

On iPhones, this number is the “UDID,” or Unique Device Identifier. Android IDs go by other names. These IDs are set by phone makers, carriers or makers of the operating system, and typically can’t be blocked or deleted.

“The great thing about mobile is you can’t clear a UDID like you can a cookie,” says Meghan O’Holleran of Traffic Marketplace, an Internet ad network that is expanding into mobile apps. “That’s how we track everything.”

Yeah, that’s just great. The bottom line: with free ad-driven apps, you’re what’s being sold.

Tuesday, 21 December 2010