Depending on how you look at it, your smartphone is either egregiously violating your privacy or just trying to improve your user experience in a not-so-transparent way. Either way, it turns out, some apps are leaking personal data, like your address book.
The controversy erupted when a hacker discovered that mobile social network Path was uploading users' entire address books to their servers. As many have pointed out, Path isn't alone. Twitter does it too. Our own Jon Mitchell points out that these kinds of privacy issues may just be the cost of using a free app. Still, not everybody is willing to pay that price.
For users looking for tighter privacy and greater transparency, the answer might be found in the Cydia app store. The unauthorized apps contained there, which only work on jailbroken iOS devices, are on average less likely to leak personal data without users' consent, according to a study (PDF).
Using a tool called PiOS, researchers at the University of California at Santa Barbara and the International Security Systems Lab analyzed how iOS apps leaked data. The type of information that apps transmit include contacts, UDID numbers, location, Web browsing history, photos and one's phone number. Mobile apps may need to send any of these pieces of information off to a remote server for any number of legitimate reasons.
Using a sample of 1,407 total apps, the researchers found that those created for jailbroken devices transmitted private data much less frequently than official apps from the iTunes App Store. The most commonly-shared data point overall was the device's UDID number. Nearly a quarter of App Store apps transmitted the UDID back to a remote server, while only 4% of Cydia apps did so.
Other pieces of information, such as location and address book contents, are generally transmitted much less frequently. It's only when such data is needed for app functionality, like a "find my friends" feature in a social app like Path or Twitter.
Why is this? As one expert pointed out to Forbes, one key reason may be the heightened awareness about privacy and security that exists among developers in the jailbreak community. Because Cydia and other unauthorized app stores circumvent Apple's regulations, many of which deal with security and user privacy, developers are especially sensitive to these issues.
Jailbreaking already carries a stigma among some users, who are nervous about the risks that may be involved in breaking their devices free of Apple's control. A major privacy exploit could damage the credibility of the entire jailbreak community.