A controversial data leak involving a popular fitness app represents only the tip of the iceberg when it comes to privacy concerns involving mobile apps, the vice president of a mobile security firm says.
According to Dave Jevans, Proofpoint’s vice president of mobile security, many apps can share who you are, your email address, your physical location, and even your browser history – though for now he says the only app to fall under widespread scrutiny is Runkeeper. The smartphone-based tracking program was recently called out for having a bug that transferred personal data to a third-party advertiser without alerting users – even when the app was not in use.
“Because [Runkeeper is] such a popular app, it has come under fire,” says Jevans. “That does not mean that any less popular apps are any more secure, it just means they haven’t been examined in great detail.”
Runkeeper has claimed that they were unaware of the bug’s presence, while the Norwegian Consumer Council (NCC), a Norwegian watchdog agency, has lodged a formal complaint against advertising firm Kiip.me, and is advocating for the company to delete all of the data that it collected. In response, Runkeeper noted that it was primarily the Android version that was impacted, but promised to release an update for iOS as well.
However, Jevans says that Runkeeper, which was initially launched in 2008 and now has over 40 million users, has had a history of security problems. For example, in 2013 it was possible to access other user accounts without knowing their password on the app. The problem resurfaced again in 2014.
“The Services also enable third-party tracking mechanisms to collect your other information for use in online interest-based advertising.”