For roughly a year, we have been collecting applications from the Play Store and iTunes to analyze both statically and dynamically. For the Android version of Clueful, we’re aggregating 314,474 free applications, while the iOS version of Clueful holds references for 207,843 free apps. These applications are broken down into clues which give the user a transparent and comprehensive overview of what the application tries to access, what privileges it requires and how it is going to handle the data it has access to when sending it over the web.
Before digging further, we need to mention that application permissions differ from one operating system to another. For instance, while Android permissions are declared at install and cannot be altered later, iOS permissions are granted at runtime, when device owners have to allow or deny access to various resources, such as current location. Regardless, both applications for Android and iOS can perform a range of interactions with the user’s device, but also with third-party internet services.
Our analysis focuses on the most intrusive behaviors that the application developer may have included in their software products. We have also taken into account behaviors that are very similar in both Android and iOS:
1. Tracking location
Location tracking is a major concern for both Android and iOS platforms. Its implementation and use are similar in both platforms and is often requested by advertisers via framework APIs to track users’ habits. The Clueful test reveals that 45.41% of the iOS apps have location-tracking capabilities, even if they don’t explicitly do that, as opposed to only 34.55% of the Android applications.
Applications that track location:
- Android - Latest Nail Fashon Trends (v. 3.1) – com.nail.fashion.trends - with an estimated user base of between 100,000 and 500,000.
- iOS - PokerStars TV (v. 188.8.131.52) - uses geolocation to track users’ exact location
- iOS - Cheezburger (v. 1.2.2 ) - uses geolocation to track users’ exact location.
While only 7.69% of Android applications could read the contact list, iOS applications are much snoopier – 18.92% of applications designed for iOS are technically able to looking into the contact list.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.