While Apple has long been popular for offering privacy to its users, The Washington Post has just discovered that third party apps are abusing “Background App Refresh” feature to send personal and sensitive info to private companies. It is common for apps to track usage for analytics purposes and benchmarking but apparently, these particular apps had been sending data at an alarming frequency.
Background App Refresh feature allows apps to update their content while they are running in the background. This feature can essentially be disabled but your apps will then not search for new content updates and be as they are when you left the app. The apps can’t refresh their content all the time, this frequency depends on upon the iPhone or iPad battery available and how strong the connection is. Essentially apps queue to refresh content if there is WiFi connection or when the device is being charged.
The Washington Post tried the Disconnect Privacy Pro app to visualize the communications between the apps and the backend servers, This app allowed them to see the type of data being sent and at what frequency. Given below are the observations:
On a recent Monday night, a dozen marketing companies, research firms and other personal data guzzlers got reports from my iPhone. At 11:43 p.m., a company called Amplitude learned my phone number, email and exact location. At 3:58 a.m., another called Appboy got a digital fingerprint of my phone. At 6:25 a.m., a tracker called Demdex received a way to identify my phone and sent back a list of other trackers to pair up with.
What’s alarming are the apps where they found this data leakage. From Microsoft OneDrive to Nike, Spotify, Yelp, The Weather Channel and The Washington Post’s own app were involved. In the week-long testing, around 5,400 trackers were encountered.
Are you alarmed by this discovery? Do you have Background App Refresh feature enabled on your iOS device? Sign off in the comments!
Source: The Washington Post