GuardianApp, from the Sudo Security Group, finds that a number of iOS apps are secretly collecting and sending location histories and other sensitive user information to third-party data monetization firms.
According to a new report from GuardianApp, "a growing number of iOS apps have been used to covertly collect precise location histories from tens of millions of mobile devices, using packaged code provided by data monetization firms. In many cases, the packaged tracking code may run at all times, constantly sending user GPS coordinates and other information."
The information being collected includes Bluetooth LE Beacon Data, GPS Longitude and Latitude, Wi-Fi SSD and BSSID, and also such information as accelerometer data, battery charge performance and status, and even timestamps for departure/arrival to a location.
GuardianApp lists 24 apps that are "confirmed to send data to a third-party data monetization firm," including ASKfm: Ask Anonymous Questions, C25K 5K Trainer, Classifieds 2.0 Marketplace, Code Scanner by ScanLife, Coupon Sherpa, GasBuddy, Homes.com, Mobiletag, Moco, My Aurora Forecast, MyRadar NOAA Weather Radar, PayByPhone Parking, Perfect365, Photobucket, QuakeFeed Earthquake Alerts, Roadtrippers, ScoutLook Hunting, SnipSnap Coupon App, Tapatalk, The Coupons App, Tunity, Weather Live and YouMail.
GuardianApp has also found code from the monetization firm, RevealMobile, on the apps of several local TV stations owned by the Sinclair Broadcast Group, Tribune Broadcasting Company, LIN Television Corp., Gray Television Group and other broadcasters.
GuardianApp suggests using Apple's built-in Limit Ad Tracking feature to mitigate potential location sharing. The tool can be enabled by navigating to Settings > Privacy > Advertising. Further, vigilant users can select "Don't Allow" when iOS Location Services popup windows instructs them to "See privacy policy" or take similar action. The firm also suggests using a generic name for the SSID of a home Wi-Fi router and switching Bluetooth off when not in use.
Earlier on Friday, two major news stories broke about user data. Adware Doctor, formerly the top paid app in the Mac App Store, was pulled after a security researcher revealed it was exfiltrating user information to China, while a separate investigation revealed other malicious apps in the Mac App Store.