A new report has revealed that Apple and Android apps share information with third parties at high rates.
Testing 55 of the most popular Android and iOS free applications, researchers from the Massachusetts Institute of Technology, Harvard University, and Carnegie-Mellon University discovered that 73 percent of Android apps leaked user e-mail addresses, while 47 percent of iOS apps shared location data.
"We show that a significant proportion of apps share data from user inputs such as personal information or search terms with third parties without Android or iOS requiring a notification to the user," the researchers for the "Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps" report found.
To determine if data was being shared, the study looked for transmissions of personally identifiable information, search terms, and location data using a "man-in-the-middle" proxy to record HTTP and HTTPS traffic that occurred while the app was in use. On average, the Android apps sent potentially sensitive data to 3.1 third party domains; iOS apps had a slightly lower rate, with an average transmission to 2.6 third parties.
Comparing the two types of apps, the researchers said that Android apps were more likely to share personal information such as a user's name and e-mail address (73 percent), 16 percent of which passed along names and e-mail addresses. However, iOS apps shared geolocation data more often (at 47 percent) than Android apps (33 percent).
In the category of medical, health, and fitness apps, the study found that 3 out of 30 shared both search terms and other information supplied by users. For example, the Android app Drugs.com passed along searches for "herpes" to five third-party domains, the researchers found.
The most popular recipients of the data were Google.com (36 percent), Googleapis.com (18 percent), and Apple.com (17 percent). The study also found that 93 percent of the Android apps connected to a "mysterious domain" at safemovedm.com.
To read the report, click here.
Why it matters: The FTC has stressed that companies should adopt simplified privacy mechanisms that give consumers the option to decide what information is shared and that provide greater transparency into their products. In light of increasing federal, state and consumer scrutiny of the privacy and data sharing practices of mobile apps, the report underscores the need for companies to carefully consider how consumer data is shared.