A new report by Appthority looks at the security risks for popular mobile apps and came to a surprising conclusion for many, iPhone apps are actually riskier than Android apps. Apple devices have a reputation for being safer than competitors, but this study says 91% of iOS apps exhibit at least one risky behavior compared to 83% of Android apps. That’s still not a great showing for Android.
Appthority studied 400 recent apps and looked for things like location tracking, accessing the address book or contact list, single-step sign on, UDID (identifying the user), in-app purchasing and sharing your date with ad networks and analytics companies.
The study found that risky behaviors were more common in free apps. For example, 70% of free apps using location tracking compared to 44% of paid apps. While 95% of free apps exhibited at least one risky behavior, 80% of the top paid apps did as well.
Many developers generate income by selling their user data to companies. Often developers are paid based on the amount of data they can collect from users.
The report cites the example of an app that constantly runs in the background when not in use and says it’s possible the app is tracking your movements to share with outside parties for advertising purposes.
While apps do usually ask for permission upfront, the language is not always clear.
With more and more companies allowing workers to bring their own mobile devices, information from those companies is now part of the mix.
Besides location tracking, the report cites Unique Device Identifiers UDID and single sign-on support as big risks. UDID is a concern because it allows deveopers to track user behavior across multiple apps even with different user names and passwords and end up mixing business and personal data. Apple says it does not permit this behavior in apps, but this report says the rule is not being enforced.
Single-sign-on is where an app allow you to sign in with a social network login and Appthortiy says that convenience is also risky when people use their devices for both personal and professional uses.
Game apps were slightly riskier than non-game apps, but that was mostly due to the fact that they allow In App purchasing.
There are over a million apps in both the Apple App Store and Google Play Store. The study concluded that developers of apps are seeking new methods of revenue at the cost of user privacy.
However, the report did not suggest that companies prohibit users from playing games or accessing certain categories of apps on devices they bring to work, saying that smartphones have become integral parts of both work and play to most users lives and that restricting use would only cause hostility and make it more difficult to implement security measures.
The reports suggests that companies need to focus as much on risk management for apps as they do for traditional desktop and laptop computers and warns users to be cautious of the app permissions they are granting.