Saturday, October 19, 2013

Prevent Apps from accessing private user-data on your iPhone

Regardless of Apples strict Advice for iOS App developers to stop logging the unique id of user’s devices (unique device ID), Many iPhone Apps Defy Apple’s Privacy Advice. The logging of unique device ID is a practice that can be exploited to build up profiles for ‘Targeted Advertisements‘ purposes. For example the app could build a profile for you by accessing your current location and show you nearby deals & offers.
At the MobiSys conference that is currently going on in Taiwan, The researchers (led by Yuvraj Agarwal) presented the data gathered from 225,000 apps installed on over 90 thousand ordinary iPhones. Their analysis shows that, 48% of those apps accessed the unique device ID or UDID, of the phone they were installed on.
Usually iOS doesn’t allow apps to monitor each other, so the above presented information was gathered from users of jailbroken iPhone’s. The researchers say their results are relevant to all other iPhone users, because the majority of apps used on jailbroken devices are the same as those used on unmodified phones. The app that collected this whole data is called Protect My Privacy.

Prevent Apps from access private user-data

The iOS app Protect My Privacy helps protect personal information on your iPhone by providing a layer of security between apps and the operating system, thereby giving the control back to the user. When it detects that an app attempts to access any protected user-data like contacts or location, an alert is shown and you have the option to “Protect” or “Allow” the app from executing.
Naturally when you block any app for that matter, it will either not Work or it could even crash since you prevented its access to your personal data. But ‘Protect My Privacy’ is unique, rather than merely blocking access to the information, It supplies fake replacement information, such as fake contacts, or a random location or you can specify your own fake details. Currently it works only on jailbroken phones and awaits Apples approval to make it a must have privacy feature.

Security Researchers revealed that, even if app makers follow Apple’s guidelines about UDIDs privacy, they have other ways to track their users. Like they can build profile on you by using the unique code assigned to a device’s WiFi chip, called a MAC address, “could be used to track a device across different ad networks and analytic services and there would be “no way to opt out.”
Right now even Android is facing similar issue, where in almost every android app that is coming up has a mechanism to fetch users personal details to serve advertisements. Yes Majority apps are legitimate and you can trust on them but at the same time you cannot deny that your privacy is in the hands of these apps.

0 comments:

Post a Comment