Popular iPhone Apps Sending Sensitive User Location Data to Monetisation Firms

Security researchers from the GuardianApp project claim that dozens of popular iPhone apps are quietly sending location data of their users to third-party data monetization firms. 

All such app require access to their user’s location to work properly but they make no mention of sharing that data with third-party firms for monetization purposes. The researchers claim that the data sent can contain precise user location and other sensitive data which can help track down a user. In most cases, the apps in question constantly monitored the location of their user and other such information.

All the apps involved in this scam collected the Bluetooth LE Beacon data, GPS coordinates, Wi-Fi SSID name.  Some other apps also collected data from the Accelerometer, battery percentage GPS altitude, timestamps to/from a particular location, cellular network name and MCC, and more.

Below is a list of apps caught stealing their user’s location data:

  • C25K 5K trainer
  • Code Scanner
  • Coupon Sherpa
  • ASKfm
  • GasBuddy
  • Homes.com
  • Moco
  • Mobiletag
  • Photobucket
  • Tapatalk
  • YouMail
  • Weather Live
  • Tunity
  • The Coupons App
  • SnipSnap Coupon

If you use any of the above-mentioned apps, there’s not much that you can do or wait hoping Apple will do something. At the very best, users can head over to Settings -> Privacy -> Advertising and enable the Limit Ad Tracking feature. You can also disable location services to the above apps, though that might affect their functionality negatively.

Apple is making it mandatory for app developers to have a link to their privacy policy page in their app metadata from next month. However, this change is unlikely to make an impact on how these apps work.

[Via GuardianApp]