iPhone Apps Caught Secretly Collecting Private Data and Selling It to Other Companies

Apple requires us to use their iOS App Store to find, install, and purchase apps for our iPhones. They contend that it’s the only way we can be protected from apps that may be dangerous and compromise our security. But we learned this week that they are failing to properly vet many of the apps.

An organization, GuardianApp from the Sudo Security Group, discovered that a number of iOS apps are secretly collecting our private information, including location data, and then selling this information to other companies.

The information being shared includes data from Bluetooth, our GPS coordinates, our WiFi connection information, and even battery data. If apps are violating our privacy here, it’s not hard to imagine other apps that could collect other data such as our contacts, passwords, email, messages, and other personal information.

GuardianApp provided the names of 24 apps that are “confirmed to send data to a third-party data monetization firm.”

They include ASKfm:Ask Anonymous Questions, C25K 5K Trainer, Classifieds 2.0 Marketplace, Code Scanner by ScanLife, Coupon Sherpa, GasBuddy, Homes.com, Mobiletag, Moco, My Aurora Forecast, MyRadar NOAA Weather Radar, PayByPhone Parking, Perfect365, Photobucket, QuakeFeed Earthquake Alerts, Roadtrippers, ScoutLook Hunting, SnipSnap Coupon App, Tapatalk, The Coupons App, Tunity, Weather Live and YouMail.

What can you do? Turn on Apple’s built-in Limit Ad Tracking feature by going to Settings > Privacy > Advertising.

This is not the only reported security breach of Apple apps. Adware Doctor, a popular $4.99 app in the Mac App Store, was found to be capturing user information and sending it to China.

Security researcher Patrick Wardle discovered it and reported it to Apple a month ago, but that the $4.99 Adware Doctor app —from a developer named Yongming Zhang —was still available in the Mac App Store early Friday. The app has since been removed.

What all of this shows is that Apple’s claim to protect our security by the vetting the apps that go on our devices is insufficient and there is no assurance of our security. In fact, it may not even be possible to adequately test and retest the two million apps on the iOS store that are constantly being upgraded by their developers.