Downed Clueful app reveals encryption woes

Powered by SC Magazine
 

Clueful app finds 41 per cent of apps able to access user location.

Bitdefender's Clueful security app pulled last month from the Apple App Store has found 41 per cent of iOS applications are able to access a user's location and a third store unencrypted data.

A study of more than 65,000 applications on the Apple App Store revealed tens of thousands tap contact information and access data without explicit user permission. The research also found that 18 per cent of the apps can access a user's address book.

The research was derived from analysis of the company's Clueful app, which was taken down by Apple from its App Store on 30 June. The app determined what information applications had sought and compiled its database from user-submitted apps.

Bitdefender chief security researcher Catalin Cosoi said while many apps use these privileges to function, others have no obvious use for the data they may be collecting.

"It is worrying that stored data encryption on iOS apps is low and location tracking is so prevalent," he said.

"Without notification of what an app accesses, it is difficult to control what information users give up. We see a worrying landscape of poor user data encryption, prevalent location tracking and silent unjustified address book access."

Apple did not say why the app was taken down and gagged Bitdefender under a non-disclosure agreement from doing the same, Security Week reported.

BitDefender's Clueful analysis service was still active for users and the security vendor was working on getting the application back online.

SC has found duplicates of the app mirrored online which can be installed on jailbroken Apple devices, however the security of those files cannot be verified and users are warned they could be laced with malicious code.

- With Darren Pauli

Copyright © SC Magazine, Australia


Downed Clueful app reveals encryption woes
 
 
 
Top Stories
Change is the only constant at iiNet
iiNet's Matthew Toohey is trialling IBM's Watson - between preparing for an acquisition and making sure Netflix doesn't swamp the network.
 
Why straight-through processing is the holy grail for banks
Big benefits from stripping away human intervention and digitising processes.
 
CBA sued over frozen millions in IT bribery scandal
Eric Pulier's not-for profit lodges lawsuit in US.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
New features are coming to Outlook.com
May 27, 2015
Outlook.com, thanks to its predecessor Hotmail.com, is one of the world's major webmail services ...
Windows 10 to feature integrated apps for Android and iOS
May 27, 2015
Microsoft reveals multi-platform Cortana connectivity for Windows 10. What the heck is that, and ...
Microsoft launches Office for Android preview
May 22, 2015
Microsoft has launched a preview of Office for Android smartphones. Pre-release versions of ...
Microsoft is working on an iOS email chat feature called Flow
May 22, 2015
Microsoft is working on a new chat app, but at the moment we know more about what we DON'T know, ...
Windows 10 free upgrade: Microsoft details who gets what
May 22, 2015
Microsoft was meant to be streamlining its OS with Windows 10, so why is upgrading so confusing? ...
Latest Comments
Polls
Should Optus make a bid for iiNet?

   |   View results
Yes
  44%
 
No
  56%
TOTAL VOTES: 670

Vote