In the wake of the discovery that an iOS app was collecting and transmitting contact information without permission, Forbes magazine has put together an article on a University of California at Santa Barbara report (pdf) from last year. At the time researchers found that roughly one fifth of free apps available from the iOS App Store were collecting private information, while apps available through the Cydia market for jailbroken iOS devices were collecting the same information only 4% of the time.
What the researchers considered private information included the Unique Device Identifier (UDID), location information, address book, phone number, Safari history, and photos. Of the 825 free apps tested from the App Store, 170 (21%) collected the UDID, 35 (4%) collected location information, 4 (0.5%) accessed the address book, and only 1 (0.1%) grabbed the phone number. Of the 526 from the Cydia market though, only 25 (4%) took the UDID, 1 (0.2%) got the location, 1 got the address book, 1 got the Safari history, and 1 took photos. It is worth noting though that the one Cydia app that captured location information, and also contact information, was designed for this and is called MobileSpy.
Remember, every app available through the Apple App Store is first approved by Apple. The Cydia market however does not have such strict rules on what can be downloaded from them. However, they do have a clientele of privacy-ware people and developers. After the revelation that Path, an iOS app, was collecting and uploading contact information to the developer’s servers, a developer made and released ContactPrivacy to Cydia, which allows a user to deny apps from uploading contact information. Another app, PrivaCy, was developed to prevent any specific app from uploading usage statistics.
Apple will, of course, start taking longer looks at apps it is sent, in light of the Path scandal, but until then, consider carefully what you install. Also, jailbreaking is not necessarily a better way to stay secure, but it is likely worth remembering what it offers you.