Romania-based security software vendor, Bitdefender, discovered that one in five iOS apps can access the Address Book, and around 41 percent can track location. More than one in three store data without encrypting it, the company says.
Bitdefender analyzed no less than 65,000 apps (from a total of 650,000 titles available in the iOS App Store), to offer a good perspective of where the iPhone user is situated from a security standpoint.
They found that only 57.54% encrypt stored data, calling it “a fair percent.” But fair isn’t good, says the company: “We recognize not all apps justify data encryption. However we were surprised that so many don’t,” Bitdefender tells Softpedia.
The analysis further found that 41.41% were location-tracking apps, “meaning users are likely to broadcast their position at any time without knowing it.”
The security company explains that location tracking is used in contextual ads that display content based on your geographical position.
“This type of information can easily be sold to companies so effective marketing campaigns can reach the appropriate demographic,” says Bitdefender. “The importance of such statistics is undeniable and location tracking should not be treated lightly.”
More alarming, Bitdefender suggests, 18.59% of the surveyed apps can access the iOS Address Book, complete with all contact details.
“The only reason an app should access the Address Book would be to transfer contacts or possibly merging social media contact details with your on-device phone numbers,” says Bitdefender.
The company adds: “It’s unlikely that almost one in five apps needs your Address Book info, so the most likely scenario is that Address Book access is not always with user’s knowledge. We feel this is a practice many users will not accept if informed of and presented with choice.”
Bitdefender finds it “worrying” that stored data encryption is low on iOS apps, and location tracking so prevalent.
“Without notification of what an app accesses, it’s difficult to control what information users give up. Our conclusion depicts a worrying landscape of poor user data encryption, prevalent location tracking and silent, unjustified, address book access.”
The firm also appropriately points out that there is no publicly accessible database to make users fully aware of these issues.