Sign up to our newsletter below.

First name
Last name
Email
Company
Job Title
Industry
We see you're using an obsolete browser. For a better experience when browsing The New Economy, and for a better web, please consider switching to a newer browser. For more information on popular browsers please see browsehappy.com.
Digital editions
Link to digital editions
Link to Digital Symphony
Link to Regenerative Healthcare
Link to Waste Management
Link to SAP
Link to IBM
Link to Ingenuity Lab
Link to Carnival Corporation
Link to The New Economy Awards 2016

  • Sustainable Innovation Forum 2016
  • Cloud Computing Forum 2015
  • World Pension Sumit 2015
  • Broadband World Forum 2015
  • Mobile World Congress

Insights

Nuclear waste will remain a deadly threat for hundreds of thousands of years. Despite having decades of hazardous waste in temporary storage, the world is only now finalising plans for long-term containment

Onkalo aims to solve the 100,000-year problem of nuclear waste storage

Nuclear waste will remain a deadly threat for hundreds of thousands of years. Despite having decades of hazardous waste in temporary storage, the world is only now finalising plans for long-term containment

Social network participation among Fortune 500 CEOs Positive trends point to a US embrace of solar power

Don’t expect Apple to keep your data secure

With many app developers relying on third-party, there's only so much Apple can do to stop iOS applications collecting personal information

With many app developers relying on third-party, there’s only so much Apple can do to stop iOS applications collecting personal information

App use has soared in recent years: data collected by Nielsen suggests people are spending more time on Tinder, WhatsApp et al than ever before. In 2014, the global information and measurement company found US Android and iPhone users aged 18 and over dedicated 65 percent more time each month to app use than they did two years before. Many predict this percentage will grow.

With the proliferation of apps, never has it been so important for developers to protect the security of their inventions. Unfortunately, as technology advances, it has become more difficult for them to do this, and, in October last year, one of the worst security flaws yet was exposed.

Nasty bit of kit
SourceDNA, a security analytics company, discovered major weaknesses in Apple’s App Store, which it had been investigating in order to test the legitimacy of the apps it offered. The investigation found 256 apps violated Apple’s privacy policy by secretly collecting data such as users’ email addresses and phone IDs. In total, the compromised apps had been downloaded one million times. This put a similar number of users at serious risk of fraud, as people often employ the same email address and password combinations on multiple accounts, including for online banking.

Data gathering has become so surreptitious that even individual developers can remain unaware their apps are being exploited

Interestingly, the apps’ developers were not the ones hijacking the data. Speaking about the investigation, Nate Lawson – founder of SourceDNA – said data gathering has become so surreptitious that even individual developers can remain unaware their apps are being exploited. Breaches of data can happen when developers use third-party technology to bring their creations to life. In the case of the App Store breach, SourceDNA found all the affected apps had used software development kits made by Chinese ad firm Youmi. It was actually the kit that was collecting the data and, as a result, all the apps using Youmi’s product had to be removed from the App Store.

Speaking to The New Economy, Lawson said: “This illustrates a big risk from third-party libraries. Developers put these widgets in their apps to do something useful, but the author of that code may have made a mistake (leading to a security hole) or added something extra. When the app is caught extracting this information, it gets removed from the App Store even though its developer wasn’t at fault.”

Look closer
Lawson believed it would become very difficult for Apple, or its rivals, to catch these sorts of apps in the future. “The methods used were relatively accessible, so it’s likely we’ll see it again”, he said, adding there will be new ways in which third parties can gain information, such as fingerprinting devices.

Apple is taking a vigilant approach in dealing with the data breach, but the onus is ultimately on developers to fight back against bad practices in the app world – not least because, so long as they exist, such violations compromise an app’s chances of survival in a saturated marketplace.

Lawson encouraged developers to adopt a process that automatically checks their app before it is published, as well as making sure to audit their software supply chain. They could also call upon specialist companies such as SourceDNA to help them do this, but they must never be complacent; even the safest of apps could come under attack from crafty third parties.