Do you care what your apps are doing?

[Shakey]

There have been a couple different studies that have shown up over the last week about Android and Iphone apps, and what information they are using and sending.

The Android study showed apps sending information and GPS coordinates to advertising server.

They used TaintDroid to test 30 popular free Android applications selected at random from the Android market and found that half were sending private information to advertising servers, including the user's location and phone number. In some cases, they found that applications were relaying GPS coordinates to remote advertising network servers as frequently as every 30 seconds, even when not displaying advertisements. These findings raise concern about the extent to which mobile platforms can insulate users from unwanted invasions of privacy.

Users do have to acknowledge that an app has access to this type of information when they install the app, but is never told what it's used for and when. So an app that recommends restaurants based on your location may also be collecting your location, personal information, and eating preferences and sending it to advertisers.

The IPhone was found to have a device ID specific to your phone that is available to apps.

This in itself isn't much cause for alarm—it's likely that your own UDID has been bandied about a few times online already. However, Smith warned that many of the apps that collected UDID data also requested user credentials, and that personally identifiable information was often affiliated with their accounts. Apps that did so included ones from Amazon, Chase Bank, Target, and Sam's Club.
"For example, Amazon’s application communicates the logged-in user’s real name in plain text, along with the UDID, permitting both Amazon.com and network eavesdroppers to easily match a phone’s UDID with the name of the phone’s owner. The CBS News application transmits both the UDID and the iPhone device’s user-assigned name, which frequently contains the owner’s real name," notes the report.

Personally I don't really care if an advertiser gets some detailed information about me. The thing that bothers me the most is the potential for abuse. Stuff like this is going to lead to malware similar to what we see on PC's. Hopefully they do something about this. It's kinda creepy seeing what can be collected from just a phone.

 

[strawman]

Yes, I care. No, I'm not going to do anything about it.

 

[PatrThom]

Ibid. Except that I will of course do what I can.

--Patrick

 

[SpecialKO]

Personally I don't really care if an advertiser gets some detailed information about me. The thing that bothers me the most is the potential for abuse.

This. I'm far more concerned about an unscrupulous individual exploiting security holes to get private info than I am about the advertisers who couldn't give a shit about 99% of the data that they collect.

 

[strawman]

Well, the first time their database is hacked to gain real-time information on a political target, it'll all get screwed up to the point where app engineers won't even be able to use the information.