This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

Wednesday, 01 April 2015

First Android, now iPhone apps have sprung a data leak

US— iPhone apps have been discovered sharing unique device identifiers (UDIDs) with remote servers, sometimes with an iPhone user’s name attached in breach of Apple’s developer rules.

An evaluation of 57 of the most popular free apps found 67% were transmitting UDIDs between applications and remote servers owned either by application developers or their advertising partners, while “a substantial number” were found to collect both UDID and “some form of user login data which ties to a stored user account”.

Study author Eric Smith, assistant director of information security and networking at Bucknell University, Pennsylvania, tracked an exchange between’s iPhone app and the company’s servers, in which the UDID was transmitted and a reply made which contained his real name.

Apple warns app developers they “must not publicly associate a device’s unique identifier with a user account”. The most recent version of the company’s developer rules states that user and device data can be collected “to provide a service or function that is directly relevant to the use of the application, or to serve advertising” but not without obtaining prior user consent.

But according to Smith, “there is no ability to block visibility of the iPhone’s UDID to any installed applications, nor is there a mechanism to prevent the transmission of the UDID to third parties”.

He adds: “iPhone users are helpless to prevent their phones from leaking this information”. Download Smith’s paper here.

Last week, a study of 30 popular Google Android apps also uncovered instances where potentially sensitive device information and location data was being leaked by applications without user permission.

Follow us on
Follow us on Twitter

Have your say

Please add your comment. You can include links, but HTML is not permitted.
Your email address will not be displayed on the site. All comments are moderated.

Mandatory What are the first and fourth letters of the word: majority