Apple approved apps leak more private data than their jailbroken counterparts

Apple has always been known to heavily curate their App Store, like Walmart, while the jailbroken alternative, Cydia, has always been looked at as more open, like a market. It turns out, however, official App Store apps may leak your data far more than their unapproved, jailbreak counterparts.

An on-going study by the International Security Systems Lab and the University of California at Santa Barbara reveals some startling information about apps that leak your private data to their developers. The most surprising part of this survey for many may be the fact that jailbroken apps actually leak your personal data far less often than their Apple-approved counterparts.

Using a tool named PiOS, USCB took a sample of 825 free apps from the official App Store and 526 free apps from the Cydia repository, Big Boss, the largest and most popular of all the repositories available. What they discovered may make people rethink their bad connotation about jailbreaking.

Jailbreak apps leak data less than App Store apps

  • 21% of official App Store apps leaked some kind of personal data to their developers
  • Only 4% of jailbroken apps sent personal data to developers

The most common form of data leaked was the user's device UDID. This is not something I'd say users should be specifically concerned with. Your UDID number identifies your individual device. It's most likely what Apple uses to build user profiles and gauge your interests in order to offer you more relevant iAd information or App Store recommendations.

Further, official apps leaked location and address book information more often. One official app also revealed your actual phone number to the developer. No jailbreak apps gave developers access to your phone number and only one gave access to your address book and location data.

In the past jailbreak developers have developed patches for security exploits before Apple addressed the issue. Cydia also plays host to several apps that actually provide jailbreakers more control and protection over their private data than what iOS offers stock.

Jailbreak apps such as PrivaCY, developed by Cydia creator Jay Freeman, actually gives user a toggle that will block apps from uploading private data and usage statistics to remote servers. After it was discovered that Path was transmitting user's address books, Ryan Petrich created a jailbreak apps called ContactPrivacy which warns users when an app is trying to access data.

Jay Freeman thinks jailbreakers are concerned with their data and privacy even more so than stock users (that's probably true) -

“If you care about this kind of thing, you should jailbreak your phone,"

"Instead of Apple making decisions about what’s good and bad, you decide. People think jailbreaking is about deciding that things Apple doesn’t like are good. But it also allows you to decide that things Apple likes are bad. We provide you the tools to block the functionality you don’t believe apps should have on your phone.”

The difference may simply lie in the user base. Anyone who decides to jailbreak is pretty much classifying themselves as a power user. These users don't want Apple to make decisions for them. Beyond that, they greatly care about their data and security.

Over 10 million users are currently running jailbroken iOS devices. They have more options when it comes to protecting their privacy and user data than the millions of devices that aren't jailbroken. Many users have a negative connotation when it comes to jailbreak. Yes a jailbreak uses an exploit in the device to inject code that Apple doesn't let you run by default. But keep in mind these security holes are already present, stock or not.

What you decide to download from unofficial sources like Cydia after jailbreaking lies strictly with you. Could jailbreak leave your device open to malware attacks? Sure. But only if you're downloading packages that contain malware. Reading release notes and making sure you know what you're downloading eliminates 99% of these problems.

And again, most users that seek jailbreak are a bit more technologically inclined. They know what they're downloading and what they should stay away from.

Whether you are #TeamJailbreak or #TeamPure, does it surprise you that official apps leak more data than their unauthorized counterparts? Has any of it made you rethink any negative opinions you have about jailbreaking?

Source: Forbes via UCSB

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Allyson Kazmucha

Senior editor for iMore. I can take apart an iPhone in less than 6 minutes. I also like coffee and Harry Potter more than anyone really should.

More Posts



← Previously

Fair Labor Association says China iPad and iPhone factory conditions are more acceptable than most

Next up →

Fooducate review: Best food rating app for iPhone

Reader comments

Apple approved apps leak more private data than their jailbroken counterparts


While this maybe true it doesn't mean much to the average user who doesn't jailbreak. All things considered, it doesn't surprise me much seeing how many app submissions they must go through. In any case Apple does need to be a little more thorough when checking apps and developers need to request permission before uploading users contact information.
BTW where can I get that space invaders wallpaper in the pic.

leaking data as in unwanted or unintentional transfer of data?
or google maps needs my location and sends it wherever and i should know that because thats what it really does and it is supposed to do that...
if that makes any sense, what I'm saying is stock apps could send more information to become more useful and then seem like they are doing something they shouldn't, was this taken into account?
if this has been accounted for and say the STOCKS app is sending my phone number to some server (something I personally don't think the STOCKS app should have to do) then Apple obviously has some explaining to do.
In summary I guess what I'm trying to say is LEAK means absolutely unintentional stealing of information from my phone versus someone using an app and then wondering why it knows where you are or that you're on an iPhone and using safari mobile, etc

I dont find this study very thrustful, i mean, after default cydia repos like bigboss; i can believe, but for all of the other repos that gets manually added, with tons of packages, who monitor that? 1 virus app is enough to crash the statistics