iOS Apps Packed with Location Data Monetization Code

Security researchers have made an aggravating discovery that concerns an increasing number of iOS apps, which have been used to silently and secretly collect location histories from tens of millions of Apple devices. To do so, the apps used packaged code provided by data monetization companies.

In some of the cases, the specially crafted tracking code could run at all times, which means that it can constantly send GPS coordinates and other sensitive details to its operators. This discovery puts a new perspective on iOS devices, stripping them from the privacy myth that typically surrounds Apple, thus bringing them closer to Android

Researchers from GuardianApp discovered that, for these apps to obtain access to GPS sensors data, they “present a plausible justification relevant to the app in the Location Services permission dialog, often with little or no mention of the fact that location data will be shared with third-party entities for purposes unrelated to app operation”.

What Type of iOS Information do Location Data Monetization Firms Collect?

– Bluetooth LE Beacon Data
– GPS Longitude and Latitude
– Wi-Fi SSID (Network Name) and BSSID (Network MAC Address)

However, according to the researchers, some firms tend to collect more less sensitive details such as:

Accelerometer Information (X-axis, Y-axis, Z-axis)
Advertising Identifier (IDFA)
Battery Charge Percentage and Status (Battery or USB Charger)
Cellular Network MCC/MNC
Cellular Network Name
GPS Altitude and/or Speed
Timestamps for departure/arrival to a location

The research team has disclosed 24 examples of applications that contain specific code taken from location data monetization services, 12 known location data monetization firms, and approximately 100 examples of regional and local news apps which have previously contained code from a specific location data monetization firm known as RevealMobile.

Some of the apps are ASKfm (a social networking app for iOS), (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: