Following the Path debacle which led the world to realize that many apps indeed upload some of your private data to their servers, much ink has been spilled about the subject. To the point that Congress sent Apple a letter to express their concern, but also to ask for more details about the situation. Apple later commented on the matter saying that apps will now need explicit user permission to access contacts.

In the meantime, a year-old study by a group of researchers at the University of California at Santa Barbara showing that jailbreak apps leak less data than App Store apps was uncovered. For a site like us, and for many jailbreakers alike, this study was a blessing as we could once again claim that jailbreaking can actually make your device more secure.

The problem is that this study is flawed and proves nothing…

Using a tool they developed (PiOS), the researchers analysed 825 free applications available in the App Store, and 582 jailbreak apps available on the BigBoss repo.

Their findings?

Our results demonstrate that a majority of applications leak the device ID. However, with a few notable exceptions, applications do respect personal identifiable information. This is even true for applications that are not vetted by Apple.

One might think that numbers speak for themselves. Although marginal, Cydia apps indeed leak less private data than App Store apps. But the major flaw in this study is that most Cydia apps actually aren’t apps. They are tweaks, mods, add-ons, or plugins. Call them whatever you want, but 99% of jailbreak packages available in Cydia on the BigBoss repo aren’t applications per say.

A quick or thorough look at packages available on the BigBoss repo show that a vast majority of them are tweaks, meaning that they don’t come as a standalone application, but they just improve on bits and pieces of the operating system (ie. Mail Enhancer, AnyAttach, BadgeClear, etc…). Furthermore, many packages from the BigBoss repo aren’t anything more than ringtones, soundboards, and SMS alert tones.

This being said, very few of these tweaks actually need to get access to any of your private data to work. They offer completely different functionalities that don’t rely on any data. They just build on top of what’s already there. And because they don’t get access to your data, well, that makes it much harder for them to leak that data.

As a jailbreak advocate, I’d love to be able to claim that this study by UCSB researcher proves that Cydia apps are actually safer than App Store apps, but it’s just not the case. The nature of packages available on Cydia, and more specifically on the BigBoss repo, is a major flaw to the study, rendering it erroneous and irrelevant.

  • Ok what about biteSMS?

  • Anonymous

    Excellent article. Makes total sense. You’d think the researchers would know the difference between tweaks/themes etc on Cydia vs full blown apps. A totally flawed study indeed.

  • If that were the case, were the packages are only tweaks, then we really have an advantage to our community. It is a clever way and for me it’s actually a good point if the only things there are on the jailbreak community are tweaks.. but….

    The reason why it’s flawed is NOT why it was described in this article. How many apps are in the Appstore vs how many apps are in Cydia? That is the reason why the research is flawed.

    If you have 300,000 apps vs 20,000 TWEAKS, its a bit obvious who is going to have the most leeches. But what percentage of apps vs what percentage of tweaks in their own ecosystems is the real comparison.

    • Anonymous

      They did do it by percentages. You should’ve read the article and the study more thoroughly. However, the article is definitely correct. To use a cliche, it’s like comparing oranges to Apple. To say an orange is a better orange than an apple doesn’t make much sense.

  • Damn, they went on studying this for a year until they realized this?

  • Anonymous

    Sebastien,

    Thanks for keeping it real & honest!!!

    – Eric

  • Remember what saurik says: there are only about four apps in Cydia.

    Ad@m

  • Ugh , this is nitpicking to the extreme. Fine, not apps. 3rd party “things” that you download to use on your iPhone.

    • Anonymous

      It isn’t nitpicking. A tweak relies on current code. It alters or adds to it, but usually doesn’t require external communication for functionality. So of course, tweaks will leak less private data, because they typically do not require communication with a server. Since the stock iOS doesn’t allow alteration of the code, developers on the App store are required to make apps only, whose functionality often depends on communication with external servers. Leaks can only occur where there are holes. Since tweaks rarely use servers, and apps tend to use them quite a bit more, the data is severely skewed. The data might look different is it was simply Cydia Apps vs Apple Apps, as i would think (though I’m not positive) that Cydia Apps would be more reliant on external servers than Cydia Tweaks, similar to the App Store Apps.

  • Anonymous

    Appreciate the honesty.

    1 up for you against the liars out there. Keep it up and will always remember you for your honesty. Even the don’t be evil one now turned out to be evil, dishonest and liars to the bones.

  • It’s per se not per say.