Smartphone apps: Is your privacy protected?

Are your apps putting your privacy at risk? We look at the dangers and solutions for Android, BlackBerry and iOS mobile platforms.

1 2 3 4 5 6 Page 5
Page 5 of 6

iOS: Taking control

The iPhone recently came to the attention of privacy activists when three bugs were discovered relating to the location information on iOS devices. Those bugs have been squashed, but they did bring privacy issues into sharp relief for many iPhone and iPad users.

While Android apps specifically alert you to which permissions they need before and during installation, iOS apps tend not to be so upfront about what they're up to. This is largely because Apple doesn't require developers to alert users about such things (though some apps may still include those details in their descriptions). Knowing exactly what an iPhone or iPad app is accessing and what it's doing with the information it collects requires a bit of investigation and understanding of how Apple designed iOS.

Apple's philosophy -- that specific details concerning permission don't have to be presented to users -- seems to reflect the fact that the company reviews each app before it gets listed in its App Store. When Apple reviews an app, it tries to verify several things, including these: Does the app do what it says it does? Does it function reliably? And does it respect the limitations that Apple has put on developers?

This process does weed out some security threats, like apps that carry malware, but it doesn't mean that every app is an equally good citizen when it comes to your personal data. For example, an investigation by the Wall Street Journal in April found that an app called Pumpkin Maker "transmits location to an ad network without asking permission." The Journal also reported that the creator of Pumpkin Maker received a subpoena in a federal privacy probe about mobile apps.

(Note: Jailbreaking an iOS device to install unapproved apps -- most of which are distributed by the unofficial Cydia app store -- removes any protections that Apple does provide.)

Apps that access your personal data

In general, Apple tries to prevent developers from having full-scale access to all of the data and hardware on an iOS device. This improves overall security; however, Apple does grant developers access to a number of system components. This means that apps can pull data from most of the Apple-provided apps and features (like the Camera, Photos, Music/iPod and Contacts apps).

That gives apps access to a lot of your personal details and other data. So how do you know what an app can access?

Generally, the app's description is the place to get this information, even if it isn't explicitly spelled out. Apple's review process requires that an app must do what it says it does and ensures that apps access only the parts of the iOS system that Apple allows. That doesn't mean an app will explicitly list everything it may access, but you can get a pretty good idea from the description.

Privacy using iOS
The Location Services option in iOS Settings allows you to allow/disallow location data for specific apps.

The Skype app, for example, can import your contacts so they can be used in placing VOIP calls, something that isn't explicitly stated in its description. But you can easily infer that the app will have some level of access to your contacts by both what the app is designed to do and from this sentence in the app's description: "Plus call or text your Contacts (or any other number) at Skype's low rates." Network access, which is implied by the nature of the app, is also explicitly stated as part of the description because Skype can function over both Wi-Fi and 3G connections.

While learning all of that involves a bit of detective work, it isn't particularly onerous to figure out what data or device features an app will use based on the description alone.

It's also worth noting that, with very few exceptions (location data being the biggest), iOS apps don't access external information unless you do something to trigger that access. Examples of actions that could trigger such access include selecting a photo to post on Facebook, picking a song or playlist to listen to during a gaming session, or choosing one or more contacts to use for VoIP calls or messaging.

1 2 3 4 5 6 Page 5
Page 5 of 6
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon