Every now and then we hear about the shady way some app handles our private data, just like Dragon Dictation, for example, uploads your address book to improve its service or MogoRoad used to gather phone numbers for marketing purposes.
When you think about it, we are tens of millions of users from all around the world running almost 140,000 apps on our phones along with our most private information; a paradise for hackers and identity thieves of all kinds.
Nicolas Seriot, a Swiss software engineer did some research about apps and privacy. He just presented his results at the Black hat conference, and we might have some reasons to be concerned.
What he discovered is that the iPhone doesn't protect us as well as we might think. Apple authorizes applications to gather all kinds of information about their users without their knowledge.
Not only can apps gather information, but they can even modify them. Here is a basic set of data any app can access:
Email accounts
Wireless networks
The entire address book
Recent calls
The Sim card serial number
The device UUID
Stuff like timezone, weather settings...
Safari searches
YouTube searches & history
Pictures
Keyboard cache
Seriot has actually put together an app of his own to demonstrate how this works. Its code can be found here.
If intentionally misused, those rogue apps can be dreadful, for example :
They can gather people's email to spam/scam them
Change all the iPhone's email addresses (or just the ones that look related to a bank, for example @ubs.com) to myownrogueapp@gmail.com
