Lately, there have been some serious privacy concerns about how apps are tracking user’s location and personal information. The Wall Street Journal performed a survey of multiple, various applications on both Android and iOS and discovered that many apps are sending information (like the device’s location) without explicit permission from the user.

In particular, an app called “Pumpkin Maker” traced the general location of a device without requesting any type of permission from its user. The Journal contacted the app’s develepor and gained some valuable knowledge on how, and why, the stealthy tracking of app users is taking place…

Pumpkin Maker is a free app that that allows you to virtually carve pumpkins and share them with friends. Sounds pretty harmless right? When the Journal conducted their survey of random, stealthy app behavior they found that Pumpkin Maker was sending the user’s location and general demographic information to an ad agency without any notice. The Journal says that,

“The app’s maker, Anthony Campiti, says he inserted a software “kit” from an advertising network, Greystripe Inc. That’s a common practice among app makers, who use these ready-made kits to place ads and generate revenue. Some apps use multiple kits; one of the 101 iPhone and Android apps tested by the Journal sent information to eight ad networks.”

These “kits” seem to be the main culprit in this privacy issue. In this instance, Greystripe Inc. tracked a phone by identifying its internet address. That’s a common practice among websites, but not so much with mobile devices. Most apps use Wi-Fi or GPS to determine a device’s location.

The Journal reports,

“Greystripe’s method wasn’t particularly precise. The app reported latitude and longitude coordinates about three miles from the Denver office of the Journal’s contractor. Other apps tested by the Journal located a phone within 25 feet.

Mr. Chang (Greystipe’s Chief Executive) says Greystripe’s method does not violate Apple’s rules because it doesn’t use the GPS system or other location information from the phone itself.”

It seems that this loophole is the reason that some apps don’t necessarily have to let the user in on the information that they’re sending to third parties. The Journal’s findings varied. Some apps only sent very general information, such as the city the device was in, while some got as exact as a 25 foot radius.

In the case of Pumpkin Maker, the app’s develepor pleaded ignorance to the Journal,

“Mr. Campiti, Pumpkin Maker’s developer, says he wasn’t aware of Apple’s policy requiring user permission for tapping the phone’s location “because we don’t do that.” Mr. Campiti says Greystripe’s technique is acceptable because “they need to be able to do that to effectively advertise.”

Hopefully, more light will continue to be shed on how apps are managing our personal data. Interestingly enough, Apple declined to comment on this issue when asked by the Journal.

Right now, the most important thing you can do is pay attention to the information that apps are requesting from you.

You can always go to your iPhone’s Settings > General > Location Services and manage what apps are allowed to know your GPS location. You can even turn Location Services off entirely.

What do you think about this issue? While it is true that a whole market makes its money off knowing as much about you as possible, where does the line need to be drawn?

[via The Wall Street Journal]

  • Good article, and very enlightening. Everyone should pay close attention to the issue of privacy.

  • Very Good articles this week, jeep the mix of reviews, spotlights, news and great articles going!

  • Burge

    There is a jailbreak app that let’s you turn off sending info out it’s called privacy..its was made by Jay freeman .. Go and have a look…it’s free

    • Z

      PrivaCy has never been updated to run on iOS 4. And I never got an email back from Jay regarding an update of PrivaCy.
      @Burge Have you tested it on 4.1?

  • Ben

    @ Burge

    It’s called privaCY. Also I suggest people to take a look at a few things such as UDID Faker and Location Spoof. I don’t use location for any apps period. I always turn it off because I don’t understand the need for location to be on an app, but yeah. I’d also advise some people to watch what info you put. Never give real info to any app. It’s not needed by law, so fake names, ages and genders are the best way to go.

    • Burge

      Sorry ,
      but if you type privacy or privaCY in Cydia you get the same result…

      • Z

        LOL @Burge and @Ben =)
        It’s neither the two. It is PrivaCy lol
        And you can search ‘priv’ and you’ll still get the same results, so the spelling doesn’t really matter, as @Burge said.

      • Burge

        Ok ok… Its PrivaCY but like you say priv gets the job I’ve got it on 4.1 don’t know if it works though ? I think send Jay a email aswell and see what happens !

    • Irha

      I used to do the same, but I enable location information for some apps such as for those that operate camera, as it embeds the geo location into the pictures and it is a lot of fun to navigate your pictures using this information. There are definitely apps designed to take better advantage of location information and avoid manually entering an address (e.g., a GPS routing software, duh)

  • Tracking your location without your permission? Doesn’t sound like anything new to me, unfortunately :/
    I’ve got privaCY at the moment and I can only assume it’s working, because lack of confirmation is granted.

    I only turn on location abilities for social networks (fb/twitter/foursquare), but turn off for most others. No point, really. I had an app for “how to survive the zombie apocalypse” (don’t ask), and it asked for location permissions…wtf? Why could you possibly need that info?!? (apart from ads)

  • Liz

    Hi There,
    This was a pretty informative post. I have to say the following:
    First: I think it is extremely important to read the fine print before downloading any apps. Usually in the comments from other users, as well as the in the app description you can determine how extensivly your information will be used.
    Second: One can protect his or her location by (thats right, its in the article) making the most of your settings. There you can control how you want your location to be determined, whether its GPS or nearest wifi tower.
    Third: If you are not one to utilize the settings button, you can easily manually control the task manager. Im not sure whether Iphone has this function or not but at least those who have Android based devices you can manually close functions (and applications) ensuring that your privacy is protected.
    Fourth: Although not the most practical advice, it still helps, dont be too application happy. Try to resist downloading all that can be downloaded if its a new application try to contact the makers of the app and see what information of yours will be going to whom.