August 1, 2013
Free apps carry the most risk with 95 percent showing evidence of at least one risky behavior compared to 78 percent of paid apps, according to a study by Appthority, an application analysis company.
Apps for Apple devices appear to be worse than Android apps when it comes to privacy and security issues, although the majority of both were found to pose problems.
“iOS apps exhibited more risky behaviors than Android apps overall. Ninety-one percent of iOS apps exhibit at least one risky behavior, as compared to 80 percent of Android apps,” the study says.
Free iOS and Android apps are 31 percent more likely to track a user’s location than paid apps — 72 percent of the top free apps do so, compared to 41 percent of paid apps. Also, the majority — 78 percent — of the most-downloaded, free Android apps identify the user’s ID, compared to six percent of iOS apps, despite Apple’s rule forbidding developers from doing so.
Many of the privacy invasions are in the name of money, according to the report.
“Developers of paid and free apps are seeking new methods of generating revenue and unfortunately, it comes to the cost of the user’s privacy,” the report reads, adding that paid iOS apps are more likely to support in-app purchasing.
Despite generating revenue when downloaded, 59 percent of paid iOS and 24 percent of paid Android apps allow in-app purchasing.
And, while sharing user data with ad networks is not as common as in years past, 39 percent of paid iOS and 16 percent of paid Android apps still share user data.
Paid apps also trailed free apps in the following risky behaviors:
• Single sign-on — 37 percent;
• Sharing with ad networks and analytics companies — 28 percent;
• Accessing the address book or contact list — 21 percent;
• Accessing the calendar — eight percent.
Gaming apps, which made up the majority of the top 100 iOS and Android apps that were tested, come with the highest risk, the study indicates.
“Given that a large percentage of the top 100 apps for each category were games, Appthority decided to also test gaming apps against non-gaming apps,” the report reads. “The results show that gaming apps exhibited more risky behaviors across all categories, with the exception of accessing the address book or contact list.”
Sixty-eight percent of the tested gaming apps support in-app purchasing, compared to 31 percent of non-gaming apps but both app types tied for location tracking at 57 percent.
Gaming apps are 11 percent more likely to use single sign-on, 20 percent more likely to share data with analytics or ad networks, 13 percent more likely to identify the user and four percent more likely to access the user’s calendar. Gaming apps were eight percent less likely to access the user’s address book.
Overall, Appthority concludes that while paid apps are less risky than free apps, “users are by no means protected by only downloading paid apps.”
“It’s clear that developers have seen the value that may come from collecting user data (and in many cases, selling that data) regardless of whether users have paid for an app or not.”