Report: 68% of iPhone Apps Do Not Secure Your Personal Information

The iPhone is heralded by its maker, Apple, as the greatest and grandest product on the market but this is one first place award Steve Jobs probably won’t put in the trophy case. A new report puts the iPhone ahead of the Android in insecurity, finding that 68 percent of the most popular free iPhone apps send data that can be used to identify users and transmit private information to third parties. That’s compared to the 50 percent of Android apps we reported last week that send users’ data to advertisers without their consent. The study revealed that the iPhone data breach goes even further, enabling some apps to send information as detailed as the user’s name.

The findings are the latest bombshell in the ongoing debate about what information can and should be released on mobile devices and what Internet giants like Facebook, Google and Apple are, and are not, doing to stem the tide of releasing users’ data. Public concern is at a peak but has not yet slowed demand for smartphones, making the market for advertising on the devices an even hotter commodity.

The iPhone study was led by Eric Smith, Assistant Director of Information Security and Networking at Bucknell University and blogger for His research found that 38 out of the 57 top iTunes apps he examined transmitted the device’s unique device identifier (UDIDs) each time the application was launched. A further 18 percent of the apps transmitted encrypted data, meaning there is no way to know exactly what data was released, and just 14 percent of the applications were “clean.”

The iPhone applications tested included user favorites such as Amazon, Chase Bank, Target, Sams Club, Best Buy, Barnes & Noble, eBay, PayPal, Bank of America, Wells Fargo, Fidelity and America Express.

UDIDs are a 40-digit sequence of letters and numbers assigned to each mobile phone that can be used to identify users and send sensitive information to third parties. UDIDs cannot be deleted by the user, allowing third parties and vendors to create user profiles.

Smith warned that the most popular apps like Amazon, Facebook and Twitter “inherently have the ability to tie a UDID to a real-world identity.”

Unlike the Android flap where users could take precautionary measures to protect themselves, Smith ominously warns iPhone users they are fairly helpless in safeguarding their data.

“Since Apple has not provided a tool for end-users to delete application cookies or to block the visibility of the UDID to applications, iPhone owners are helpless to prevent their phones from leaking this information,” Smith concludes.