What your phone app doesn't say: It's watching

Jul 28, 2010 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- Your smart phone applications are watching you - much more closely than you might like.

Lookout Inc., a mobile-phone , scanned nearly 300,000 free applications for Apple Inc.'s iPhone and phones built around Inc.'s Android software. It found that many of them secretly pull off users' phones and ship them off to third parties without notification.

That's a major concern that has been bubbling up in privacy and security circles.

The data can include full details about users' contacts, their pictures, text messages and Internet and search histories. The third parties can include advertisers and companies that analyze data on users.

The information is used by companies to target ads and learn more about their users. The danger, though, is that the data become vulnerable to hacking and use in identity theft if the third party isn't careful about securing the information.

Lookout reported its findings this week in conjunction with the computer security conference in Las Vegas.

Lookout found that nearly a quarter of the apps and almost half the Android apps contained software code that contained those capabilities.

The code had been written by the third parties and inserted into the applications by the developers, usually for a specific purpose, such as allowing the applications to run ads. But the code winds up forcing the application to collect more data on users than even the developers may realize, Lookout executives said.

"We found that not only users, but developers as well, don't know what's happening in their apps, even in their own apps, which is fascinating," said John Hering, CEO of the San Francisco-based Lookout.

Part of the problem is don't alert users to all the different types of data the applications running on them are collecting. IPhones only alert users when applications want to use their locations.

And while Android phones offer robust warnings when applications are first installed, many people breeze through them for the gratification of using the apps quickly.

Apple and Google didn't respond to requests for comment on Lookout's research.

Explore further: App teaches kindergartners basic computer coding

4.9 /5 (14 votes)
add to favorites email to friend print save as pdf

Related Stories

How Secure are iPhone and Android Apps

Apr 01, 2010

(PhysOrg.com) -- Today's smartphones are pocket size computers that can be customized by downloading applications. This is what makes a smartphone vulnerable to cybercriminals. In this article we will examine ...

Wireless carriers unite on mobile apps project

Feb 15, 2010

(AP) -- The world's largest mobile phone carriers say they're joining forces to make it easier for software developers to write apps that will run on as many phones as possible.

Apple says it's fixed iPhone SMS vulnerability

Jul 31, 2009

(AP) -- Apple Inc. says it has fixed an iPhone vulnerability that lets hackers knock people offline - and possibly take over the phones - by sending them specially crafted text messages.

Recommended for you

Microsoft skips Windows 9 to emphasize advances

Sep 30, 2014

The next version of Microsoft's flagship operating system will be called Windows 10, as the company skips version 9 to emphasize advances it is making toward a world centered on mobile devices and Internet ...

User comments : 11

Adjust slider to filter visible comments by rank

Display comments: newest first

mlange
5 / 5 (2) Jul 28, 2010
Well of course your private info is being sold. Read the phones SDK documentation. If the data can be accessed, it will and be sold 3rd parties.
Giablo
3 / 5 (2) Jul 28, 2010
I notice a lack of RIM(Blackberry), that makes me happy owning one.
CSharpner
5 / 5 (1) Jul 28, 2010
Malware in 3rd party libraries. I'm surprised it took this long. Very disapointed it happened at all. It would have been helpful if we'd been pointed to a list of known mallibs so if we happened to be using it in our own apps we're developing, WE COULD STOP!!
extropian58
1 / 5 (4) Jul 28, 2010
What is the big deal? You and your "private" data are not that important. At best you are a single data point among billions. Don't keep your "valuable" information on electronic devices and don't keep valuable items in your home. They steal them too. Don't like the risks of the computer age? Join the Amish, give up electricity and your "privacy" will be secure. Have at it. :)
Roj
1 / 5 (1) Jul 29, 2010
while Android phones offer robust warnings when applications are first installed, many people breeze through them
This is a selling point for Android phones, since users can re-install, pay attention, remove & replace offending apps.
Temple
1 / 5 (2) Jul 29, 2010
while Android phones offer robust warnings when applications are first installed, many people breeze through them
This is a selling point for Android phones, since users can re-install, pay attention, remove & replace offending apps.


Users had no way of knowing that their sensitive private information (including some passwords) were being sent to a third party website.

On a platform with *zero* malware protection, and which has access to lots of private data, one should expect there to be a lot of malware.

This is an extremely serious threat to Android as a viable platform.

Which apps are safe? Nobody can say.

Scary.
ngrai
5 / 5 (1) Jul 29, 2010
The big deal, extropian58, is that you--you infinitesimal little data point, you--become manipulable. This is not a risk caused by computers, but by human greed and lust for power and control. We have a right to freedom in the computer as in any other age. To be manipulated is not to be free.
BloodSpill
not rated yet Jul 29, 2010
The only logical course of action should have been that apps are submitted to these marketplaces as source code (human readable) only, and then reviewed on their content.

OOPS.
james11
not rated yet Jul 31, 2010
This is complete BS, some creepy dude is looking at my naked pics of my girlfriend. Can anyone on here convince me this power isnt being abused? No.
ScientistAmauterEnthusiast
not rated yet Aug 01, 2010
Never cared about my information being stolen.
I have nothing to hide, what is the big deal?
Also i like being directly marketed to as apposed to being offered random not applicable rubbish.
Just do not save bank details on your phone and you will be fine :)
CSharpner
not rated yet Aug 11, 2010
On a platform with *zero* malware protection, and which has access to lots of private data, one should expect there to be a lot of malware.

You've obviously never installed an app on an Android device, because if you did, you'd know that when you install an app, the OS tells you what types of data and hardware the app is coded to access. You have the opportunity to REFUSE the installation.

No security is perfect, but this is VERY GOOD. You don't have to worry about somebody else trying to test for you. The architecture itself knows ahead of time and notifies you.