What your phone app doesn't say: It's watching

[BasilofBakerStreet]

Figured I would share this. Interesting if nothing else.


The Associated Press: What your phone app doesn't say: It's watching

What your phone app doesn't say: It's watching
By JORDAN ROBERTSON (AP) – 32 minutes ago

LAS VEGAS — Your smart phone applications are watching you — much more closely than you might like.

Lookout Inc., a mobile-phone security firm, scanned nearly 300,000 free applications for Apple Inc.'s iPhone and phones built around Google Inc.'s Android software. It found that many of them secretly pull sensitive data off users' phones and ship them off to third parties without notification.
That's a major concern that has been bubbling up in privacy and security circles.

The data can include full details about users' contacts, their pictures, text messages and Internet and search histories. The third parties can include advertisers and companies that analyze data on users. The information is used by companies to target ads and learn more about their users. The danger, though, is that the data become vulnerable to hacking and use in identity theft if the third party isn't careful about securing the information.

Lookout reported its findings this week in conjunction with the Black Hat computer security conference in Las Vegas. Lookout found that nearly a quarter of the iPhone apps and almost half the Android apps contained software code that contained those capabilities.

The code had been written by the third parties and inserted into the applications by the developers, usually for a specific purpose, such as allowing the applications to run ads. But the code winds up forcing the application to collect more data on users than even the developers may realize, Lookout executives said. "We found that not only users, but developers as well, don't know what's happening in their apps, even in their own apps, which is fascinating," said John Hering, CEO of the San Francisco-based Lookout.

Part of the problem is smart phones don't alert users to all the different types of data the applications running on them are collecting. IPhones only alert users when applications want to use their locations.
And while Android phones offer robust warnings when applications are first installed, many people breeze through them for the gratification of using the apps quickly.

Apple and Google didn't respond to requests for comment on Lookout's research.

Copyright © 2010 The Associated Press. All rights reserved.

 

[Juicemane]

Figured I would share this. Interesting if nothing else.


The Associated Press: What your phone app doesn't say: It's watching

What your phone app doesn't say: It's watching
By JORDAN ROBERTSON (AP) – 32 minutes ago

LAS VEGAS — Your smart phone applications are watching you — much more closely than you might like.

Lookout Inc., a mobile-phone security firm, scanned nearly 300,000 free applications for Apple Inc.'s iPhone and phones built around Google Inc.'s Android software. It found that many of them secretly pull sensitive data off users' phones and ship them off to third parties without notification.
That's a major concern that has been bubbling up in privacy and security circles.

The data can include full details about users' contacts, their pictures, text messages and Internet and search histories. The third parties can include advertisers and companies that analyze data on users. The information is used by companies to target ads and learn more about their users. The danger, though, is that the data become vulnerable to hacking and use in identity theft if the third party isn't careful about securing the information.

Lookout reported its findings this week in conjunction with the Black Hat computer security conference in Las Vegas. Lookout found that nearly a quarter of the iPhone apps and almost half the Android apps contained software code that contained those capabilities.

The code had been written by the third parties and inserted into the applications by the developers, usually for a specific purpose, such as allowing the applications to run ads. But the code winds up forcing the application to collect more data on users than even the developers may realize, Lookout executives said. "We found that not only users, but developers as well, don't know what's happening in their apps, even in their own apps, which is fascinating," said John Hering, CEO of the San Francisco-based Lookout.

Part of the problem is smart phones don't alert users to all the different types of data the applications running on them are collecting. IPhones only alert users when applications want to use their locations.
And while Android phones offer robust warnings when applications are first installed, many people breeze through them for the gratification of using the apps quickly.

Apple and Google didn't respond to requests for comment on Lookout's research.

Copyright © 2010 The Associated Press. All rights reserved.

Im gonna go ahead and just call bs on this just like the last "Mobile Security Firm" that claimed the exact same thing. I also like how they did the study mostly on the iPhone but threw Android into the mix without specifying how many apps they actually tested on Android. Fear mongering. :icon_ banana:

 

[dolpns13]

Its simple really, regardless if this story is BS or not, if you dont want your privacy invaded, dont put sensitive material on your phone.

 

[aminaked]

I consider myself to be very picky when it comes to downloading apps. I don't like them running on startup or running in the background unless there is an obvious need. I check the permissions they're asking for when I download the app. If they're asking for too much, I don't install it. I read the reviews on the app. Finally, I keep basically no sensitive info on my phone.

 

[DF Smod]

if you dont want your privacy invaded, dont put sensitive material on your phone.

Why would you want a SmartPhone you couldn't put sensitive material on, it kind of defeats the purpose. That is what these phones are designed for to make things easier and to be a direct extension of you. If I still had to carry a pad around with all of my passwords on it and couldn't access my bank information from my phone I definately wouldn't be paying a Data charge for internet access, my Droid is more than just a socializing toy, it is one of the most important peices of electronics that I own, I understand if I lose my phone, shame on me, but in my own hands and being cautios of the security risks involved with the internet, my data should be safe.

 

[ntrddragn]

Its simple really, regardless if this story is BS or not, if you dont want your privacy invaded, dont put sensitive material on your phone.

That would be kind of hard since a major of the people out that live and die on their smart phones. Thats like saying dont do banking with the banking app or visit sites that require your user name and passwords. Might as well just get a jitter bug and carry a pen/pencil and papers with you all the time. just saying.

 

[dolpns13]

Its simple really, regardless if this story is BS or not, if you dont want your privacy invaded, dont put sensitive material on your phone.

That would be kind of hard since a major of the people out that live and die on their smart phones. Thats like saying dont do banking with the banking app or visit sites that require your user name and passwords. Might as well just get a jitter bug and carry a pen/pencil and papers with you all the time. just saying.

I understand this.. Im just saying, anyone can get anything nowadays, and people need to understand this. When downloading an app, they tell you what the app does - read messages, browser access, phone access, etc... That being said, dont be surprised if all the sudden your identity is stolen because an app that records browser history recorded all the passwords to your bank accounts.

Personally I work in front of a computer screen all day, so my smartphone is basically ony for recreational purposes. I keep all my personal information off it.

 

[BasilofBakerStreet]

Its simple really, regardless if this story is BS or not, if you dont want your privacy invaded, dont put sensitive material on your phone.

That would be kind of hard since a major of the people out that live and die on their smart phones. Thats like saying dont do banking with the banking app or visit sites that require your user name and passwords. Might as well just get a jitter bug and carry a pen/pencil and papers with you all the time. just saying.

I understand this.. Im just saying, anyone can get anything nowadays, and people need to understand this. When downloading an app, they tell you what the app does - read messages, browser access, phone access, etc... That being said, dont be surprised if all the sudden your identity is stolen because an app that records browser history recorded all the passwords to your bank accounts.

Personally I work in front of a computer screen all day, so my smartphone is basically ony for recreational purposes. I keep all my personal information off it.

Not everyone has that luxury. A mutual freind of mine only has internet/world access because of her Eris. She needs to see how much money she has, she goes to her phone.
I may be speaking for myself but you shouldn't buy an electronic device and then have to look over your shoulder or worry about what's running in the background. Granted the world isn't perfect so we have to be cautious to some degree. But to keep all personal info off the phone seems irrational.

 

[Corinacakes]

I consider myself to be very picky when it comes to downloading apps. I don't like them running on startup or running in the background unless there is an obvious need. I check the permissions they're asking for when I download the app. If they're asking for too much, I don't install it. I read the reviews on the app. Finally, I keep basically no sensitive info on my phone.

:rofl3: OMFG i love yur sig!!

 

[RW-1]

I call BS as well, hype for that firm.

 

[aminaked]

:rofl3: OMFG i love yur sig!!

Thank you sweetie.

 

[dolpns13]

That would be kind of hard since a major of the people out that live and die on their smart phones. Thats like saying dont do banking with the banking app or visit sites that require your user name and passwords. Might as well just get a jitter bug and carry a pen/pencil and papers with you all the time. just saying.

I understand this.. Im just saying, anyone can get anything nowadays, and people need to understand this. When downloading an app, they tell you what the app does - read messages, browser access, phone access, etc... That being said, dont be surprised if all the sudden your identity is stolen because an app that records browser history recorded all the passwords to your bank accounts.

Personally I work in front of a computer screen all day, so my smartphone is basically ony for recreational purposes. I keep all my personal information off it.

Not everyone has that luxury. A mutual freind of mine only has internet/world access because of her Eris. She needs to see how much money she has, she goes to her phone.
I may be speaking for myself but you shouldn't buy an electronic device and then have to look over your shoulder or worry about what's running in the background. Granted the world isn't perfect so we have to be cautious to some degree. But to keep all personal info off the phone seems irrational.

Im not saying keep all tyour personal info off your phone. We all have to do what we have to do, and unfortunately some poeple are scumbags - all Im saying is to be aware.

 

[killabyte]

hell if people want to use their phone as an extension of themself and store everything under the sun on it, let 'em. when their info gets out there they can blame nobody but the man in the mirror. the market is open and every line of code isn't scrutinized by google right now.

call it fear mongering or whatever you want, i look at it as common sense. i won't ever do any banking or typing of any personal info into my phone. honestly if you were in an emergency situation, and couldn't use your own pc or laptop, then pick up the phone and CALL the bank, or credit union, or loan agency, or wherever instead of logging in on your phone and typing in passwords, ssn's, etc. simple stuff really.

 

[aminaked]

hell if people want to use their phone as an extension of themself and store everything under the sun on it, let 'em. when their info gets out there they can blame nobody but the man in the mirror. the market is open and every line of code isn't scrutinized by google right now.

call it fear mongering or whatever you want, i look at it as common sense. i won't ever do any banking or typing of any personal info into my phone. honestly if you were in an emergency situation, and couldn't use your own pc or laptop, then pick up the phone and CALL the bank, or credit union, or loan agency, or wherever instead of logging in on your phone and typing in passwords, ssn's, etc. simple stuff really.

I totally feel what you're saying, and I do not do much "sensitive" stuff on my phone, HOWEVER:

WINDOWS (and even Apple to some extent): known security holes, known viruses

ANDROID (and even Linux to some extent): no known security holes, no known viruses

Really, we should be using our phones for sensitive stuff and the heck with PCs. I'm generalizing and I don't even follow my own "advice", but something to think about.

 

[kodiak799]

It appears that the study didn't actually focus on apps collecting sensitive information, but scanned apps that request the POTENTIAL to collect sensitive info.

So a SMS app can access my contacts list. Big deal.

As for banking, I would only do it on my phone as a last resort. Heck, ATM's are all over the place to do the same thing. I'm not comfortable having that info on my Droid, mostly in case I lose it not because I'm worried about an app hacking my password.

The article does make me think I should pay a little more attention to what I give a program access to.