The Wall Street Journal conducted an investigation which found that of 101 popular smartphone apps surveyed, 56 transmitted the handset ID to third parties without customers being aware or consenting, while 47 transmitted the handset location and five sent “age, gender or other personal details to outsiders.” The paper noted that contrary to what may be expected, iPhone apps transmitted more data than Android titles, although it also noted that it is not clear if the same picture would be found across the thousands of apps available for the two platforms. One app highlighted was TextPlus 4, which sent phone ID to eight advertising networks, and the handset’s location, user age and gender to two of these.
With advertising becoming an increasingly popular of way of funding titles which can then be offered free to the consumer, the ability of ad networks to deliver personalised marketing material to subscribers will be a key to their success in attracting brands. However, it is not clear if users have made the link between free apps, advertising, and sharing personal information yet. The fact that iPhone apps were found to be transmitting user data without permission is perhaps surprising, as these apps would have had to have passed through Apple’s approvals process before being made available via the vendor’s App Store. It was noted that the company says that apps “cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used.”
According to the WSJ, both Apple and Google say that they protect users by requiring apps to obtain permission before sending certain kinds of information. But it also noted that there is effectively no way for users to opt-out of being tracked, and that 45 of the 101 apps do not even provide privacy policies on the developer’s website.
The report follows a similar, earlier Android-focused study, which found that two-thirds of Android apps transmit personal information for purposes that are not explicitly clear to end-users.