Just yesterday we were speculating about the safety of app stores and the potential for a few very bad apples (no pun intended) to be hidden among the general goodness of the thousands upon thousands of useful mobile-sized utilities out there.
Well, here's a potential whopper: a new study has found that more than half of all iPhone apps are capable of tracking user data via you're phone's unique device ID number.
The Technical University of Vienna study looked at a total of 1,400 apps and found that 750 of them collected the unique 40-digit iPhone identifier when activated. The study also revealed that 36 accessed location information without asking first – a big security no-no in app etiquette – while five were found to have plundered address book information without consent.
Of course, when talking about the 40-digit identifier, the operative word is “capable” – the fact that they collect the number doesn't mean anything in itself. But the risk is still there.
"There is a potential for companies who are not too legit to build profiles of their users," commented Manuel Egele, a doctoral student at the Technical University of Vienna who headed up the study. "The identifier is not tied to a username, but you could link it to a Facebook account, and that would give you a lot of information on the user, including – most of the time – their real name."
And whether that threat exists or not, the study does bring into relief two of the greatest issues that very much are threats to the ordinary mobile user's security. Firstly, the sheer volume of apps in particularly Apple's App Store means potentially malicious apps can lurk away in the safety of numbers and often go unnoticed, no matter how stringent the vetting process is for new apps.
And secondly, the app-downloading public continues to be too trusting when it comes to the add-ons they download to their phones. As the results of the study shows, downloading pre-checked apps from an official app store straight to your mobile phone isn't in itself a guarantee of safety, no matter which platform you're using.