Report: iPhone Apps Pose Security Threat

Privacy advocates have long been concerned about whether personal data on smartphones is secure. After all, devices such as the iPhone carry a lot of information that could be used by others to cause problems. The inclusion of third-party apps makes securing that information even more difficult. Now Bucknell University network administrator Eric Smith has concluded that there is reason for concern. According to Smith, it is possible to link an iPhone’s UDID with personal details in plaintext that can be used by others. The UDID is the iPhone’s unique identifier. This number is often transmitted from your iPhone when you use an app. By itself it means very little. However when tied to someone’s personal information, this can become troublesome. Not only could this lead to your personal information being used by others, but others could learn where you are in real time by using your iPhone's GPS. According to Engadget:

Though UDIDs are routinely used by apps to store personal data and combat piracy, what Smith fears is that a database could be set up linking these UDIDs to GPS coordinates or GeoIP, giving nefarious individuals or organizations knowledge of where you are.

Smith studied 57 of the top apps in the iTunes App Store to see what kinds of information each sends out. Disturbingly, he discovered that most sent out both the iPhone’s UDID and personal details. These included apps by Amazon, Chase Bank, Target and Sam’s Club. However, Engadget is quick to note that the blame should not be directed at Apple:

It's a scary idea, but before you direct hate Apple's way, it's important to note that Cupertino's not necessarily the one to blame. iOS is arguably the best at requiring users to opt-in to apps that perform GPS tracking; transmitting the UDID and account information together publicly is strictly against the rules; and we'd like to think that if users provide their personal information to an application developer in the first place, they'd understand what they're doing. Of course, not all users monitor those things closely, and plaintext transmission of personal details is obviously a big no-no.

Smith believes that a fix to this problem is doable, and is certainly something that Apple should look into soon. In the meantime, we should all be aware that our comings and goings are not necessarily as secure as we’d like them to be. While I certainly don't have a problem with someone knowing that I am shopping at Target, I certainly can see how this information is no one's business. What do you think? Let us know using the comments below.

Related articles