Clueful, an app created by Bitdefender to "address the lack of insight into iOS app privacy," scanned other programs installed on a device for required permissions to effectively keep track of how a user's data was being handled, reports PC Mag. The software company failed to say why Apple pulled its app.
"iPhone owners need to know which apps they have installed may be using their personal data in ways that are not expected," Bitdefender said.
During the two months that Clueful was on iOS an analysis of over 65,000 apps yielded troubling results pertaining to encryption of personal data. For example, Bitdefender found that 42.5 percent of apps don't encrypt personal data when sending to off-site servers while 41.4 percent track users' locations without their knowledge or consent. Apple attempted to fix the latter by instituting an indicator on both the iOS home screen and in the settings menu that shows if location services are currently being used or have been used within the last 24 hours.
About 20 percent of apps surveilled had the ability access and upload the entire address book of an iOS device without user interaction. The harvesting and uploading of contact data, including purportedly anonymous systems, gained negative media attention in February when the popular social networking app Path was found to do so without first asking a user's permission. Apple CEO Tim Cook reportedly "grilled" Path co-founder Dave Morin over the alleged privacy breach though the issue was rectified in a later update to the app.
Clueful app screenshot. | Source: Clueful
Apple on Wednesday reportedly began attaching unique identifiers to in-app purchase receipts sent to developers in an attempt to patch a purported hack which allowed free downloads of for-pay content.
It is unclear whether the newly-implemented identifiers contain unique device identifier (UDID) data, though Apple has taken steps to curb the use of such information by third-party app makers. Reports from March claimed the iPhone maker was rejecting app submissions that leveraged UDID data.
Mobile ad agencies have argued against the removal of UDID access, saying it would hurt business as the companies use the data to accurately track demographic metrics to monetize advertisements. Various consumer groups have come out in protest, however, and even high-powered government officials have voiced concern over the issue.