In this modern era, the mobile apps are contributing many services to the various kinds of fields such as business, education, entertainment, utility and more. The advancement in mobile technology also reduces the difficulties in completing a task and it also provides a time saving method. Some of the customized apps are available to enhance the process and also to provide high efficiency. Mobile apps are user-friendly to the user and easily accessible from anywhere and at any time. Even many mobile apps are available for offline access that is highly beneficial for the users.
Few mobile applications are using the sensitive data of customers such as bank account details, personal identification number, credit or debit card numbers, users’ location, etc. For this type of applications, security is the crucial factor to obtain the trust of customers. Both the users and developers should concern more about the security of the provided data.
Since many of the recent researches revealed that significant count of mobile applications is sharing the users’ data with other third parties. Both the Android and iOS mobile apps are leaking the confidential information of the customer to any other unintended recipient.
Leakage of information from the mobile apps
According to the recent report, it observed that both iOS and Android apps have undergone data leakage without any knowledge of the user. It was estimated that about 110 free mobile apps of both Android and iOS are sharing the behavioral, personal and location of the user with the other unknown third parties. Around 73 percent of Android applications leaked the personal data such as email address and about 47 percent of Apple apps shared location data and other geo-coordinates with the third parties.
It was also revealed that 93 percent of Google Play apps connected to the concealed domain and it may be because of the background process in the Android devices. The study exposed that many mobile apps disclose the potentially sensitive data of the user with any third parties and they do not need any apparent permission request to use the information.
In an average, it was found that Android apps are sending potential details to the more third party domains than the iOS apps. It was estimated that about 3.1 third-party domains are getting data from the Android apps, whereas 2.6 third-party domains are connected to the Apple’s apps.
Android and iOS apps’ sharing sensitive data
The details of location that includes geo-coordinates are shared more by the iOS apps than the Android apps; it was about 47 percent of iOS apps sharing the location data whereas 33 percent of Android apps are also sharing the users’ location.
With regards to the potentially sensitive behavioral information, it was observed that three out of the thirty Medical and Health category apps are sharing the medical related terms and user inputs to a third party. Some of the mobile apps by which transfer most of the sensitive data to the third parties are Google.com, Googleapis.com, Apple.com and Facebook.com. The percentages of apps sharing the data are 36 percent of apps in Google.com, 18 percent from Googleapis.com, 17 percent from Apple.com and 14 percent from Facebook.com.
Tests on the security of mobile apps
A recent test on the security of Android apps estimated that 15 out of 30 free Android applications sent the users’ personal information to the advertising servers, without the permission of users and even the users are not aware of which information was sent and to whom it was sent. In some other cases, the customers’ location details are shared for every 30 seconds.
TaintDroid is the software tool that used to analyze the behavior of the mobile apps, which runs on the Android phones. It also helpful to uncover the ways how the mobile apps access the confidential data, that includes phone numbers, location, SIM card identifiers and other more data. The result of the above test showed that around two third of the mobile apps showed the misuse of users’ personal information and access sensitive data in a suspicious manner. This TaintDroid is an Information-Flow tracking system for the real time monitoring of the smartphones’ privacy. Fifteen of the thirty apps sent the user locations to the advertising servers and seven applications gathered the device identification and in some occasions, the SIM card serial numbers and the phone number also disclosed.
Ways the sensitive data disclosed to a third-party
Mobile apps have the ability to integrate the data from remote cloud services with the data obtained from the smartphones and its sensors like camera, GPS receiver, microphone and accelerometer. There are some valid reasons are available for the mobile apps to use the user confidential data. In today scenario, Android, Apple and other mobile operating systems are offered only fundamental controls. It permits the user to accept or reject a mobile app from accessing such information. The user was unable to control the way of data accessed by the application.
If the user permits the app to access the location information, it may send the location detail to any other location based service, to the hacker, to advertisers, or to any other source. The user was unaware about the leakage of data and trusts the application. This inadequacy in the transparency of the data makes the user trust the application blindly and also helps the third party to access the users’ sensitive data without their consent. The major reason for this issue is negligence of the companies to test their mobile applications for security vulnerabilities. Approximately, 40 percent of companies are not testing their apps and 50 percent of companies are not allocated money for vulnerability testing process. Only, 15 percent of companies are testing their mobile apps frequently for the security problems.
How the third party accesses the data?
Mobile application developers are allowing the in-app advertisements inside their app and ad networks get access from the app developers to display the ads and also to track the user activity like collecting device models, app lists, geolocations and more. This cumulative information helps the advertisers to select the place for displaying their advertisements. Advertisers advice an ad network to display their ads based on interest targeting, demographic targeting and topic targeting. The ad network shows the advertisements in an appropriate mobile app and receives payment for successful view by the recipient. These in-app ads are unencrypted and it can be accessed by the mobile app developer. This results in the access of users’ confidential data by another unknown source.
The outcome of the research shows that the major reason for the leakage of private data is the lack of confinement between the mobile apps and in-app ads. From the research, it was concluded that if the information is derived from the private information of the ad-networks, then it will require securing the hosting mobile app from reading the data from ad library. It was also suggested that ad providers must develop some defense mechanisms in their services to prevent the privacy data of their users.
Author Bio : Thomas Edward is the content & social editor by profession. He is currently working with Dectar.com, a best PHP script development company that offers mobile app development services with cloning scripts. He has also written many technical articles related to mobile app development applications.
Related News https://wisepoint.org/node/158