Jailbreak apps leak less private user data than App Store apps

The recent Path scandal has once again put user privacy at the forefront of mobile news. The social network was caught secretly uploading entire address books from its users’ cell phones without their authorization.

This has prompted further research into other App Store apps, and yes even jailbreak ones, to see how many other developers are guilty of these actions. And what folks are finding is, jailbreak apps actually leak much less private data than Apple-approved ones…

From Forbes yesterday:

“As the scandal swirled this past week over news that the iPhone app Path uploads users’ entire contact lists without permission, I came upon a study (PDF here) released last year by a group of researchers at the University of California at Santa barbara and the International Security Systems Lab that aimed to analyze how and where iPhone apps transmit users’ private data.

Not only did the researchers find that one in five of the free apps in Apple’s app store upload private data back to the apps’ creators that could potentially identify users and allow profiles to be built of their activities. They also discovered that programs in Cydia, the most popular platform for unauthorized apps that run only on “jailbroken” iPhones, tend to leak private data far less frequently than Apple’s approved apps.”

The group tested 1,351 free applications, 825 from Apple’s app store and 526 from Cydia. It found that 21% of the App Store apps uploaded the user’s UDID (Unique Device Identifier), 4% uploaded the device’s location, and 0.5% uploaded the user’s contact list.

Out of the Cydia apps, however, only 4% leaked the user’s UDID, and only one app out of the 500+ tested leaked location or contact data. And that app, by the way, is called MobileSpy — a utility designed to help users spy on devices.

This wouldn’t be the first time that jailbreakers were holding the most secure Apple devices in the room. Last year when Comex discovered the PDF exploit used in JailbreakMe 3.0, there was a patch available in Cydia weeks before Apple released one.

[iClarified]