Your favorite iPhone apps are trading your location info for cash, according to a new report.
Rogue app developers have been slammed for allegedly selling real-world data about where you are, or where you've been.
Security researchers found more than two dozen apps – including ASKfm, which has 215 million registered users – that may be flogging your data onto outsider firms.
These third-party companies pay the app creators for information about your location, raising privacy concerns.
The team added: "In many cases, the packaged tracking code may run at all times, constantly sending user GPS coordinates and other information."
Even popular apps like ASKfm have been caught up in the scandal
Lots of smartphone apps collect information about your location.
For instance, apps like Google Maps wouldn't work correctly without knowing where you are.
And other apps – like TripAdvisor – don't necessarily need your location, but can offer a better experience (like finding restaurants near you) by tracking where you are.
But security researchers say some developers are using your location to make a profit, rather than to simply improve their apps.
iOS apps accused of tracking your location data
These apps are allegedly selling your location info...
- C25K 5K Trainer
- Classifieds 2.0 Marketplace
- Code Scanner by ScanLife
- Coupon Sherpa
- My Aurora Forecast
- MyRadar NOAA Weather Radar
- NOAA Weather Radar
- PayByPhone Parking
- QuakeFeed Earthquake Alerts
- ScoutLook Hunting
- SnipSnap Coupon App
- The Coupons App
- Weather Live – Local Forecast
- YouMail Voicemail Upgrade
So how did the researchers discover these potentially dodgy dealings?
When an app wants to sell your data to a data-harvesting company, the easiest way to do it is through an automatic process.
It involves simply taking a chunk of computer code from the "data monetization" firms, and then sticking it in the app.
That way, the app can simply scoop up data and flog it on with minimal effort.
Researchers dug into a number of apps in search of these chunks of code, making it possible to identify who may be selling your data on.
According to the report, all of these apps were selling one or more of the following types of data:
- Bluetooth LE Beacon Data – information about which real-world Bluetooth beacons you connect to
- GPS Longitude and Latitude – giving a precise pinpoint of your location
- Wi-Fi SSD and BSSID – showing your name and address of your current Wi-Fi network
This is very sensitive data, but that's not all that was being scooped up.
The report says less sensitive info was also being nabbed, including info from your accelerometer (revealing the angle and position of your device), battery charge percentage, cellular network name, GPS altitude and speed, and time-stamps for your departure from and arrival at locations.
All 24 apps named in the report contained code from known location data monetisation firms. These firms are named as:
- Mobiquity Networks
- Sense 360
- Wireless Registrey
It's worth noting some of the apps named in this report may no longer feature the allegedly rogue data-sale code.