After analyzing a number of highly-rated free applications designed to run on iOS devices, Bitdefender experts have determined that many of them utterly fail to protect sensitive pieces of information such as passwords.
For instance, Wi-Fi Finder by JiWire – an iPhone app which searches for free and paid Wi-Fi hotspots – has been found to broadcast passwords without encrypting them, giving anyone with the proper know-how the opportunity to intercept them.
Another iOS app that doesn’t really care about user security is auto accident assistant iWrecked. It also sends passwords without ensuring that they’re properly encrypted.
Passwords aren’t the only information collected by applications in such a manner. Apps such as Glitter Draw Free, Squeak My Voice, Walkie Talkie Standard, Free Sound Effects, and Tic Tac Glow, all developed by Indigo Penguin Limited, collect UDIDs and send them to a remote server.
Phone numbers and contact names are harvested and transmitted via unsecure channels by apps such as OLJ by L’Orient-Le Jour, Melodis Voice Dialer by SoundHound, and Aloha: Hang with friends! developed by VodkaCran.
iPhones are said to be the most secure mobile phones in the world because it’s very difficult for them to get infected with malware. However, they’re just as insecure as Android devices - which are said to be much more dangerous
– if flawed apps are installed on them.
Unfortunately, in cases as the ones presented here, there’s nothing much users can do to protect their information, except for not installing the apps in the first place.
Studies such as the one performed by Bitdefender should act as a wake-up call for iOS app developers. Before creating a piece of software, they should think about the privacy and security implications and the risks they expose their customers to.