With smartphones and social media platforms becoming a major means of communication between friends, family and co-workers, we have come to appreciate the evolution of mobile applications. With over 500,000 apps on iPhone, 350,000 on Android and thousands more on other operating systems, there are many different apps out there that offer many different services and solutions to its users. In order for these apps to work, they require permissions to use certain features of your phone in order to function. Sometimes, these apps require permissions that ultimately the app doesn’t need.

Pandora App Redistribution of User Information

Pandora App Redistribution of User Information

For example, if you download an app from the Android Market, a screen will appear asking you to accept the permissions of this app having access to certain components and programs on your phone.

Apple takes a similar approach, except they approve permissions before they even put the app on their App Store.

Each of these methods has its pros and cons that may put users in jeopardy. Android puts more reliance on permissions of apps to its users while Apple takes that measure for you, but they are not perfect and some slip through the cracks.

Lookout, a U.S.-based security firm did a study in 2010 and found that over 300,000 apps on both iPhone and Android were stealing user data without user knowledge. Most of those privacy breaches were due to advertisement kits installed on the applications. These kits provide a little extra revenue to developers since information from the app is sent to third-party advertisers and used to target specific ads to its users.

They also pointed out that one specific Android wallpaper app,“Jackeey,” was stealing personal data from its users, including:

  • Location
  • Phone Number
  • Voicemail Passwords

This information was then sent to a website hosted in China. This particular app was downloaded somewhere between 1.1-4.6 million times.

Here are a couple of precautionary tips when it comes to downloading apps on your phone:

  • Make sure the app is created and distributed by a verified developer. Make your best judgment on what you download.
  • Review the permissions that the app is requesting from your phone – does this app really need access to my contacts, location or text messages?

There’s a great resource on Wall Street Journal’s website that has an interactive diagram in which you can see some of the most popular apps on your iPhone and Android (I’m sure there’s a good chance one of these apps is on your phone right now), and how they distribute your information.

For example, Pandora (seen in the photo above) shows that it requires your Phone ID (Red), Location (Purple), and Age/Gender (Blue), and then sends those resources to multiple advertising companies and groups.

Users need to be aware of what apps they are downloading to their phone. To users who are employed with companies that deal with compliance regulations such as HIPAA (PHI, EMR) and PCI (CHD), it’s even more important due to heavy fines and potential legal action if any of that information is accessed. You don’t want to be that person that costs your company thousands of dollars because you needed the latest wallpaper app, do you?

Sources:
Android Wallpaper App That Steals Your Data Was Downloaded By Millions
Mobile App Security: 5 Ways To Protect Your Smartphone
Mobile Apps Stealing Personal Data
WSJ Interactive Diagram