[ad_1]
A team of security researchers behind a popular mobile firewall application said it has identified dozens of iOS apps that collect location data from iPhone users, which they later pass on to monetization companies.
In any case, the researchers claim that the collection is done through monetization companies packaged tracking codes that are provided to the developers to integrate into their respective applications.
The good news, as the researchers point out, is that data collection does not take place secretly. Instead, all applications ask users for permission to collect the data they make. Most of the applications that researchers have looked at seem to have a valid reason for asking for these permissions.
The problem, according to the Guardian application team, is that there is "little or no mention of the fact that location data will be shared with third-party entities for purposes unrelated to application enforcement."
Also: Google corrects the problem of Chrome which allowed the theft of WiFi connections
The researchers claim to have spotted dozens of iOS apps engaged in this model of access to user data – mostly location data – via a tracking code provided by the monetization companies.
In the vast majority of cases, applications have requested access to GPS coordinates, Bluetooth LE tag data, and SSID and BSSID identifiers for the WiFi network. All this data can be used to track the location of a user with great accuracy.
In addition, they also saw many applications asking for access to other personal data, such as GPS altitude and speed information, the battery charge status, cellular network data, accelerometer information, IDFA advertising IDs, etc.
Guardian researchers today released a report containing the names of 12 monetization companies that received data, the names of 24 applications containing code from localization monetization companies, and the names of 100 applications containing code. Monetization of the RevealMobile Data Monetization Company.
The latest monetization company, RevealMobile, is the same company where the AccuWeather iOS app was intercepted last year without user authorization.
Also: Thousands of 3D printers can present private product designs online
This type of questionable sales behavior is exactly what Apple is trying to prevent. Earlier this month, Apple informed app developers that any apps that do not add a detailed privacy policy describing how they manage users' data would be removed from the App Store after October 3rd.
Will Strafach, one of the researchers at Sudo Security behind the Guardian firewall application, also discovered in February 2017 that 76 iOS apps had not correctly implemented encryption TLS and exposed their users to MitM (Man-In-The-Middle) data interception attacks.
Source link