Study: Popular iOS apps use 'background app refresh' to send your location and IP address

You're browsing a news app on your phone in bed, alone, late at night. Did you know your physical location and IP address are being shared with the app maker?

A new study reveals that many iOS apps, including the Washington Post's own very popular news app, use “background app refresh” to transmit highly sensitive information like user location and IP address.

Here's one of many examples of first-party tracking from Washington Post reporter Geoffrey Fowler's privacy experiment, detailed in the piece.

“Yelp was receiving a message from my iPhone *once every five minutes* that included my IP address,” Fowler tweeted. “It says I found a 'bug.' But now it has months of granular data about me.”

Excerpt:

You might assume you can count on Apple to sweat all the privacy details. After all, it touted in a recent ad, “What happens on your iPhone stays on your iPhone.” My investigation suggests otherwise.

IPhone apps I discovered tracking me by passing information to third parties — just while I was asleep — include Microsoft OneDrive, Intuit’s Mint, Nike, Spotify, The Washington Post and IBM’s the Weather Channel. One app, the crime-alert service Citizen, shared personally identifiable information in violation of its published privacy policy.

And your iPhone doesn’t only feed data trackers while you sleep. In a single week, I encountered over 5,400 trackers, mostly in apps, not including the incessant Yelp traffic. According to privacy firm Disconnect, which helped test my iPhone, those unwanted trackers would have spewed out 1.5 gigabytes of data over the span of a month. That’s half of an entire basic wireless service plan from AT&T.

Apple’s response is that the privacy policies for each of these apps are required to disclose with whom they share user data.

Adding a line like “we may share your data with 3rd parties” to the legalese does not provide protection that meets the claim implied by Apple’s marketing tagline: “What happens on your iPhone stays on your iPhone.”

It’s the middle of the night. Do you know who your iPhone is talking to? [washingtonpost.com]

[via techmeme]