View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Leadership
  2. Strategy
November 5, 2015

Android and Apple iOS apps leaking end-user private data

News: Data being leaked to un-authorised third parties.

By Alexander Sword

Popular apps running on both Android and iOS have been found to be leaking data including names and email addresses to at least two third parties.

An MIT report, testing 55 of the most popular apps from both iOS and Android, researchers found that names were shared with a third party by 73 percent of Android apps and 16 percent of iOS apps, with the same figures for email addresses.

For location data, iOS was leakier, with 47 percent sharing data compared to 33 percent on Android.

Android also leaked to more parties, with potentially sensitive data going to 3.1 third-party domains, compared to iOS at 2.6.

The domains that the data was leaked to included Google.com and Googleapis.com, with 36 percent and 18 percent of apps respectively. Apple.com received data from 17 percent and Facebook.com from 14 percent.

93 percent of Android apps leaked to the domain safemovedm.com, which the researchers claimed was "likely due to a background process" on the OS.

For example, Facebook leaked data to 2 third parties, Facebook Messenger and eBay to 1, and health app WebMD leaked data to 3 third parties. Glide leaked to 8 third parties, Map My Walk to 9 and Text Free to 11.

Content from our partners
Infosecurity Europe 2024: Rethink the power of infosecurity
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond

Some apps, however, such as Amazon and FitBit only sent data to the correct domain.

Crucially, these mobile apps do not require any permissions to leak this data.

The report said that "the current permissions systems on iOS and Android are limited in how comprehensively they inform users about the degree of data sharing that occurs".

It concluded by suggesting three possible techniques for improving transparency around and limiting unintended data sharing; one was to send false data in response to app requests, two to allow users to opt out of data collection and three to include information about third parties that might receive data within the app store.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU