Most Mobile Apps 'Leak' User Data, Report Says

A newly-published report says that more than four in five of the most popular smartphone and tablet applications put users' personal data at risk. The problem: these apps send critical user information to app developers.

The study comes to us from Appthority, a company that specializes in monitoring mobile applications. It looked at 400 apps, including 100 of the most-purchased and 100 of the most-downloaded apps for iOS and Android. (Source: appthority.com)

Overall, the firm found that 83 per cent of apps (including 93 per cent of free apps and 78 per cent of paid apps) displayed "risky behavior". By system, the problems affected 91 per cent of iOS apps compared with 80 per cent of Android apps. (Source: eweek.com)

One limitation to these figures is that they cover seven different types of risk, which vary in severity.

The two least-common risks were among the most potentially harmful, including a) the app accessing the user's calendar (done by 8 per cent of paid apps and 15 per cent of free apps), and b) the app accessing the user's address book or contact list (21 per cent paid / 42 per cent free).

Most Paid Apps Track User Location

The most common problem involved an app tracking and sharing a user's personal details. For example, 41 per cent of free apps and 77 per cent of paid apps tracked a user's physical location.

Other data-sharing problems involved an app passing on personal details to advertising networks (28 per cent paid / 51 per cent free).

"Single Sign On" Feature Could Increase Dangers

The other two problems involved very different types of risk. For example, 37 per cent of paid apps and 61 per cent of free apps allowed a user to sign in to a service on a computer and then automatically access the same service through a mobile app without signing in again -- something that could be risky if somebody hacked or stole the device.

Meanwhile, 42 per cent of free apps and 50 per cent of paid apps used some form of in-app purchasing. Appthority didn't clearly explain why this was a security risk.

Whether such data sharing is a problem depends on three specific factors: 1) Whether the user is aware the data is being shared; 2) Whether the app developer can be trusted with the data; and 3) Whether both the app and the phone system are secure enough to prevent the data from being stolen or hijacked by a third party.