Cydia Apps Leak Private Data Less Often Than App Store Applications
Posted February 15, 2012 at 4:17pm by iClarified
A study by researchers at the University of California at Santa Barbara and International Security Systems Lab found that Cydia apps leak private data less often than App Store applications, reports Forbes.
Researchers found that one in five free App Store applications upload private data back to the app's creators. To analyze privacy leaks, they built a tool called PiOS that analyzes data leaks and ran it on 1,407 free apps. 825 of those apps were from the App Store and 526 were from the Big Boss Cydia repository.
Of those tested apps, 21 percent of official App Store apps uploaded the user's Unique Device Identifier, (UDID) a series of user-specific digits that can be tracked between apps to assemble a profile of a specific person's behavior. Four percent uploaded the device's location, and half a percent uploaded the user's contact list. When the researchers analyzed the unauthorized Cydia apps, on the other hand, only four percent leaked the user's UDID, and only one app out of the 500 testeda program specifically designed for espionage called MobileSpyleaked location or contact data.
The table seen below shows how frequently authorized App Store and unauthorized Cydia iOS apps leak private information.
"Clearly this behavior hasn't changed over the last year. I'm not sure whether there's been any improvement from Apple's side," says Manuel Egele, a post-doctoral researcher at UCSB. "For easily accessible data, app store apps are much more frequently accessing and leaking that data. The app store is supposed to be a walled garden. Unless Apple gives approval, you can't put things there. But whatever job the company is doing isn't good enough."
Hypothesizing on why Cydia apps were more secure, Egele says, "The people who run Cydia seem very conscious of what information is available and can be accessed. The applications you get from Cydia are geared toward more privacy-aware people."
Saurik also commented on the privacy issues of late saying, "If you care about this kind of thing, you should jailbreak your phone," says Freeman. "Instead of Apple making decisions about what's good and bad, you decide. People think jailbreaking is about deciding that things Apple doesn't like are good. But it also allows you to decide that things Apple likes are bad. We provide you the tools to block the functionality you don't believe apps should have on your phone."
You can read the full study here.
Read More [via Andy]
Researchers found that one in five free App Store applications upload private data back to the app's creators. To analyze privacy leaks, they built a tool called PiOS that analyzes data leaks and ran it on 1,407 free apps. 825 of those apps were from the App Store and 526 were from the Big Boss Cydia repository.
Of those tested apps, 21 percent of official App Store apps uploaded the user's Unique Device Identifier, (UDID) a series of user-specific digits that can be tracked between apps to assemble a profile of a specific person's behavior. Four percent uploaded the device's location, and half a percent uploaded the user's contact list. When the researchers analyzed the unauthorized Cydia apps, on the other hand, only four percent leaked the user's UDID, and only one app out of the 500 testeda program specifically designed for espionage called MobileSpyleaked location or contact data.
The table seen below shows how frequently authorized App Store and unauthorized Cydia iOS apps leak private information.
"Clearly this behavior hasn't changed over the last year. I'm not sure whether there's been any improvement from Apple's side," says Manuel Egele, a post-doctoral researcher at UCSB. "For easily accessible data, app store apps are much more frequently accessing and leaking that data. The app store is supposed to be a walled garden. Unless Apple gives approval, you can't put things there. But whatever job the company is doing isn't good enough."
Hypothesizing on why Cydia apps were more secure, Egele says, "The people who run Cydia seem very conscious of what information is available and can be accessed. The applications you get from Cydia are geared toward more privacy-aware people."
Saurik also commented on the privacy issues of late saying, "If you care about this kind of thing, you should jailbreak your phone," says Freeman. "Instead of Apple making decisions about what's good and bad, you decide. People think jailbreaking is about deciding that things Apple doesn't like are good. But it also allows you to decide that things Apple likes are bad. We provide you the tools to block the functionality you don't believe apps should have on your phone."
You can read the full study here.
Read More [via Andy]