Jailbreak apps leak less private user data than App Store apps

By , Feb 15, 2012

The recent Path scandal has once again put user privacy at the forefront of mobile news. The social network was caught secretly uploading entire address books from its users’ cell phones without their authorization.

This has prompted further research into other App Store apps, and yes even jailbreak ones, to see how many other developers are guilty of these actions. And what folks are finding is, jailbreak apps actually leak much less private data than Apple-approved ones…

From Forbes yesterday:

“As the scandal swirled this past week over news that the iPhone app Path uploads users’ entire contact lists without permission, I came upon a study (PDF here) released last year by a group of researchers at the University of California at Santa barbara and the International Security Systems Lab that aimed to analyze how and where iPhone apps transmit users’ private data.

Not only did the researchers find that one in five of the free apps in Apple’s app store upload private data back to the apps’ creators that could potentially identify users and allow profiles to be built of their activities. They also discovered that programs in Cydia, the most popular platform for unauthorized apps that run only on “jailbroken” iPhones, tend to leak private data far less frequently than Apple’s approved apps.”

The group tested 1,351 free applications, 825 from Apple’s app store and 526 from Cydia. It found that 21% of the App Store apps uploaded the user’s UDID (Unique Device Identifier), 4% uploaded the device’s location, and 0.5% uploaded the user’s contact list.

Out of the Cydia apps, however, only 4% leaked the user’s UDID, and only one app out of the 500+ tested leaked location or contact data. And that app, by the way, is called MobileSpy — a utility designed to help users spy on devices.

This wouldn’t be the first time that jailbreakers were holding the most secure Apple devices in the room. Last year when Comex discovered the PDF exploit used in JailbreakMe 3.0, there was a patch available in Cydia weeks before Apple released one.

[iClarified]

  • Share:
  • Follow:
  • http://www.flickr.com/photos/jaredstrugala/ geetarspaz

    unless you’re using pirated apps and tweaks, i feel like you should be just as fine.

    although having a smartphone itself i feel is pretty much impossible not to get your personal stuff leaked. especially if you have a lot of tweaks, apps, cydia apps and etc, something is going to get something either way. not thinking about it is the best cure personally, unless the personal stuff is found marketing out elsewhere.

    • http://www.facebook.com/hughcharris Hugh Harris

      So that’s why they targeted pirated apps only is this study right? I think I recall nothing about the apps being pirated ones. It talked about the apps coming from Apple’s store and Cydia. So the cracked app remark was pointless.

  • Anonymous

    What was the name of the tweak that asks you if the app can go through your contact book?

    • Anonymous

      Nvm, it’s called “ContactPrivacy”.

  • http://twitter.com/ChavoDeBrea Joseph Martinez

    and they say Jailbreaking is a really bad thing lol

  • http://www.alexheath.me Alex Heath

    That’s one handsome head of hair in that Path profile.