A variety of apps for iOS and Android are secretly collecting and sharing user data with outside companies, according to a Wall Street Journal investigation. The investigation looked at 101 popular apps for both platforms, and found that 56 transmitted the phone’s UDID number to third parties without users’ awareness or consent, while 47 transmitted the phone’s location, and five sent age, gender, and other personal details. The iPhone apps TextPlus 4, Paper Toss, Grindr, Pumpkin Maker, and Pandora are all named in the investigation for sending out varying amounts of data; popular music streaming app Pandora was also named for sending age, gender, location, and phone identifiers to multiple ad networks; the company claims the information is voluntarily offered by users, and isn’t linked to an individual name.
For its part, Apple claims that app makers must notify the user before requesting or transmitting such information. “We have created strong privacy protections for our customers, especially regarding location-based data,” says Apple spokesman Tom Neumayr. “Privacy and trust are vitally important.” Ideally, any app transmitting information without the users’ knowledge or consent would be caught during the company’s App Store review process and rejected, but the WSJ’s report claims that at least one app transmites location to an ad network without asking permission. To carry out the investigation, the publication designed a system to intercept and record the data being transmitted by the apps, then decode the data stream. 50 iPhone and 50 Android apps were tested, along with the WSJ’s own iPhone app; although the iPhone apps transmitted more data than the Android apps, the article does note that Google doesn’t review apps, saying the developers “bear the responsibility for how they handle user information.”