With sites and services like Facebook and Google constantly in the news regarding concerns about privacy and user data—an increasing number of apps and resources continue to pop up around the web to help combat the problem.
A new iOS app, Guardian Firewall, is seeking to stop a little less-known privacy concern: apps that collect data on you without your knowledge or permission. From the software site’s website:
We conducted an intensive review of code found within hundreds of thousands of apps (and the trackers embedded in them) in order to build the dataset which powers our firewall software. Throughout this ongoing process, at various points, we determined it best to publicly disclose particularly egregious issues that were likely to be of public interest in hopes of enacting positive change.
Examples of public disclosures include the following:
AccuWeather, a popular weather app for iOS, was sharing user location information with a third-party location tracking service even if users declined to grant the app Location Services access. An inadequate public response was issued, and the tracking code in question was quickly removed from AccuWeather’s iOS app.
Uber was granted exclusive access to powerful capabilities in iOS which could allow it to access raw user screen data, allegedly in order to improve performance in their Apple Watch app. This capability was quickly removed after public disclosure.
Onavo Protect, a Facebook-owned VPN app, abused the Packet Tunnel Provider functionality in iOS to continuously send analytics while running in the background. The app was removed from the App Store months later by Facebook at the request of Apple, due to Facebook’s inability to produce a variant of the app which was compliant with the App Store Guidelines. Onavo Protect was later available on iOS once again using a disguised “research” app targeted at teenagers, until disclosure of this fact, causing Apple to swiftly revoke Facebook’s code signing certificate. On May 6, Facebook shut down Onavo entirely.
Many popular iOS applications such as GasBuddy, PayByPhone Parking, Perfect365, Tapatalk, Tunity, and YouMail were found to use code from various data monetization companies to track the daily whereabouts of users. Location Services permissions were granted to the apps by users under more a more innocuous premise, such as the ability to “provide local gas prices” or similar functions relevant to the host app.
Learn more, here.