Mobile apps have long been under scrutiny for sharing user data apart from hiding malware as well as adware. Now, a new study has claimed that on an average an Android app sends sensitive data to 3.1 third-party domains while iOS app connects to 2.6 third-party domains.
The study titled "Who knows what about me? A survey of behind the scenes personal data sharing to third parties by mobile apps" also points out that apps on Android and iOS today "do not need to have permission request notifications" for user data like PII and behavioural data.
According to the findings, Android apps are more likely to share personal data such as name and email address than iOS apps. The iOS apps, on the other hand, are more likely to share location data such as geo-coordinates than Android apps.
The study chose 110 popular free apps (as of June-July 2014) from the Google Play and App Store across 9 categories including job listings, medical, and location apps. "For each app, we used a man-in-the-middle proxy to record HTTP and HTTPS traffic that occurred while using the app and looked for transmissions that include personally identifiable information (PII), behaviour data such as search terms, and location data, including geo-coordinates. An app that collects these data types may not need to notify the user in current permissions systems," explains the study.
"The third-party domains that receive sensitive data from the most apps are Google.com (36 percent of apps), Googleapis.com (18 percent), Apple.com (17 percent), and Facebook.com (14 percent)," notes the report.
Out of the selected apps, the study found 3 out of 30 apps medical-related apps sharing medical search terms and user inputs with third parties.
It also showed that 93 percent of Android apps connected to a mysterious domain, safemovedm.com. The study claimed that it could be due to a "background process of the Android phone." One of the most important findings showed that the majority of mobile apps sharing data with third parties no longer required permission to access the data. This particular problem can be expected to be resolved thanks to Android 6.0 Marshmallow's all-new App Permissions feature that offers users greater control of app permissions in the latest Android build.
Last month, Apple removed hundreds of apps from its App Store that collected personal data.